Secure Boot in Battlefield 6: All you need to know

icon Battlefield 6 introduces the most advanced version of EA Anti-Cheat (EAAC) to date, moving beyond simple software monitoring to hardware-based enforcement. To ensure a fair playing field and prevent kernel-level cheats (such as DMA hardware cheats) from loading before the operating system, the game now strictly enforces Secure Boot and TPM 2.0 on Windows 11 systems. If you are receiving the critical error “Secure Boot is not enabled on this machine” when launching the game via the EA App or Steam, you cannot play until this BIOS setting is configured correctly. This guide provides a comprehensive technical breakdown of what Secure Boot is, why EA requires it, and how to navigate complex BIOS menus to enable it safely.

Why Does Battlefield 6 Require Secure Boot?

Many players are frustrated by this requirement, especially those on older hardware, but it is becoming the absolute industry standard for competitive shooters in 2026 to combat the rise of “undetectable” cheats.

icon The Security Chain Explained: Secure Boot is a protocol developed by the PC industry (UEFI Forum) that functions as a security gatekeeper during the startup process.

  • Preventing Rootkits & Bootkits: Sophisticated cheats often try to load malicious drivers during the Windows boot sequence, milliseconds before the Anti-Cheat software starts. By enforcing Secure Boot, EA ensures that the OS only loads drivers signed with a Microsoft certificate, effectively blocking these unauthorized “injections” before they can hide themselves.
  • Windows 11 Enforcement: While Windows 10 supports Secure Boot, Windows 11 treats it as a mandatory core security pillar. Battlefield 6 utilizes Windows 11’s Virtualization-based Security (VBS) to create a “Trusted Environment.” If Secure Boot is off, this environment cannot be established, and the game refuses to launch to protect the integrity of the match.
  • TPM 2.0 & HWID Bans: Secure Boot works in tandem with the Trusted Platform Module (TPM). BF6 uses the cryptographic keys stored in your TPM to generate a unique Hardware ID (HWID). This makes bans “sticky”—cheaters cannot simply create a new account; they would need to physically replace motherboard components to bypass a ban.

How to Check Your Secure Boot Status

Before you restart your computer and attempt to modify BIOS settings, it is crucial to verify your current status within Windows to avoid unnecessary risks.

icon Using System Information (msinfo32):
1. Press Windows Key + R on your keyboard to open the Run dialog.
2. Type msinfo32 and press Enter.
3. In the “System Summary” list, scroll down to find “Secure Boot State” and “BIOS Mode”.

  • Secure Boot State: On: The feature is active. If the game still fails with an error, the issue is likely a corrupted game file or a bug in the EA App, not your BIOS. Try repairing the game or clearing the EA App cache.
  • Secure Boot State: Off: The feature is supported by your hardware but is currently disabled in BIOS. This is the most common status for custom-built PCs. You must enter BIOS to enable it.
  • BIOS Mode: Legacy: This is a major issue. It means your Windows is installed in old CSM mode. You cannot enable Secure Boot without converting your drive to GPT or reinstalling Windows.
  • Secure Boot State: Unsupported: Your motherboard is likely too old (pre-2016) and does not have UEFI capability. You cannot play Battlefield 6 on this hardware without an upgrade.

How to Enable Secure Boot (The CSM Issue)

The most common obstacle players face is the CSM (Compatibility Support Module). This is a legacy emulation mode that allows modern motherboards to behave like old BIOS systems, but it is mutually exclusive with Secure Boot.

icon Crucial Warning – Read Before Proceeding: Secure Boot requires your Windows drive to be formatted as GPT (GUID Partition Table). If your drive is formatted as MBR (Master Boot Record), disabling CSM will cause your PC to lose the ability to find Windows. It will boot directly to the BIOS every time. Check your disk partition style in Disk Management (Right-click Start -> Disk Management -> Right-click Disk 0 -> Properties -> Volumes). If it says “Master Boot Record (MBR),” do not disable CSM yet. You must use the MBR2GPT tool to convert your drive first.

icon General BIOS Steps (Standard Procedure):
1. Restart your PC and repeatedly press the BIOS key. Common keys are Del (ASUS, MSI, Gigabyte), F2 (Dell, Acer), or F12.
2. Once in BIOS, switch to “Advanced Mode” (usually F7) if you are in a simplified “Easy Mode” interface.
3. Navigate to the Boot tab. Look for an option named CSM Support, Legacy Support, or CSM Compatibility.
4. Set CSM to Disabled. The screen might flicker or the menu might refresh.
5. Navigate to the Security or Boot / Secure Boot submenu.
6. Toggle Secure Boot to Enabled.
7. Important: If “Secure Boot Mode” is an option, ensure it is set to Standard, not “Custom”.
8. Press F10 to Save Changes and Exit.

Motherboard Specific Instructions

Every manufacturer organizes their UEFI menus differently. Below are detailed paths for the most popular gaming motherboard brands.

icon ASUS (ROG, TUF, Prime):

  • Enter Advanced Mode (F7). Go to the Boot tab.
  • Locate CSM (Compatibility Support Module). Open it and set “Launch CSM” to Disabled.
  • Go back to the Boot tab and find the Secure Boot submenu.
  • OS Type: Change from “Other OS” to Windows UEFI Mode. This is the actual “On” switch for ASUS boards.
  • Key Management: If Secure Boot status still says “System” or “Setup,” click Key Management and select “Install Default Secure Boot Keys.”

icon MSI (Click BIOS 5):

  • Go to Settings -> Advanced -> Windows OS Configuration.
  • Change BIOS UEFI/CSM Mode strictly to UEFI.
  • Within the same menu, look for the Secure Boot option at the bottom.
  • Set “Secure Boot” to Enabled.
  • If you get a warning message, change “Secure Boot Mode” from Custom to Standard. If “Standard” is not available, go to “Key Management” and select “Enroll All Factory Default Keys.”

icon Gigabyte / AORUS:

  • Go to the BIOS tab (sometimes called “Boot”).
  • Find CSM Support and set it to Disabled.
  • Critical Step: On many Gigabyte boards, the Secure Boot menu stays hidden until you save and restart. If you don’t see it, press F10, save, reboot, and re-enter BIOS.
  • Navigate to Boot -> Secure Boot. Toggle it to Enabled.
  • If it says “Mode: Setup”, simply click “Restore Factory Keys” to switch it to “User Mode” (Active).

Troubleshooting Errors

Even with the correct settings, things can go wrong. Here are the solutions to the most complex Secure Boot errors.

icon “Platform is in Setup Mode” / “Binding Not Possible”:
If `msinfo32` shows Secure Boot as “Off” but your BIOS says “Enabled,” check the “Platform Key (PK)” state.

  • The Fix: This means your motherboard has the feature turned on, but no security keys are installed to verify Windows. Go back to BIOS -> Secure Boot -> Key Management.
  • Select the option that says Restore Factory Keys, Install Default Keys, or Enroll Platform Key.
  • Confirm the prompt. The status should change from “Setup Mode” to “User Mode.” Save and Exit.

icon Black Screen or Boot Loop After BIOS Change:
This panic-inducing error usually happens because the GPU is not UEFI compatible (very rare now) or the boot drive is MBR.

  • Emergency Fix (CMOS Reset): Unplug the power cord from the wall. Open your PC case. Locate the silver, coin-sized battery (CR2032) on the motherboard. Remove it carefully. Hold the power button on the case for 30 seconds to drain remaining power. Wait 5 minutes. Reinsert the battery and plug the PC back in. This will reset all BIOS settings to factory defaults, re-enabling CSM and allowing you to boot back into Windows.

Battlefield 6 vs. Valorant Anti-Cheat

icon Players transitioning from Valorant will find these requirements familiar, but there are key architectural differences. Riot Games’ Vanguard and EA’s EAAC both demand a “Trusted Boot” chain. If your PC is already successfully running Valorant, Battlefield 6 is guaranteed to work without further BIOS modifications.

  • Runtime Differences: Vanguard uses a boot-start driver that runs from the moment you turn on your PC until you turn it off. EA Anti-Cheat is slightly less intrusive; it loads its kernel driver only when you launch Battlefield 6 and unloads it when you close the game.
  • Shared Requirements: You cannot toggle Secure Boot “on” just for gaming and “off” for other tasks. Once you convert your system to UEFI/Secure Boot for Battlefield, it becomes the permanent state of your PC. This actually improves your general system security against real-world malware and ransomware, not just game cheats.

By Zaaid el-Greiss

Meet Zaaid el-Greiss, a top-rated author and avid gamer with deep insights into WoW, Destiny 2, and more, known for his engaging guides and articles.

Leave a comment

Your email address will not be published. Required fields are marked *