Several blockbuster multiplayer shooters have started refusing to launch on Windows 10 unless Secure Boot and TPM 2.0 are enabled, abruptly ending an era where PC players could ignore platform security settings. Electronic Arts’ Battlefield 6 and Activision’s Call of Duty: Black Ops 7 are the latest to enforce hardware-backed attestation, leaving thousands of gamers on legacy BIOS/MBR configurations locked out until they convert to UEFI with GPT disks.

The shift is driven by kernel-level cheats that bypass software-only defenses. EA’s Javelin and Activision’s RICOCHET anti-cheat stacks now demand proof of a trusted boot path—cryptographic verification through TPM and firmware signatures via Secure Boot. Without them, the game launcher won’t even load. This isn’t a glitch; it’s a deliberate move by publishers to raise the technical bar for cheat developers.

For Windows 11 users, this is a non-issue: UEFI, Secure Boot, and TPM 2.0 are installation requirements. But the Windows 10 ecosystem is a mixed bag. Many older desktops and gaming rigs still rely on legacy BIOS and MBR partition tables, which lack the modern security prerequisites. The fix is a multi-step conversion that touches the disk, firmware, and OS configuration—doable, but not without risk.

Why Secure Boot, TPM 2.0, and GPT Suddenly Matter

To understand the enforcement, you need to know what each component does:

  • Secure Boot: A UEFI feature that only allows digitally signed bootloaders and kernel modules to run during startup. It blocks rootkits and bootkits that can tamper with anti-cheat software before Windows loads.
  • TPM 2.0 (Trusted Platform Module): A chip or firmware-based vault that stores encryption keys and performs attestation. Anti-cheat systems use it to cryptographically verify that the PC booted with expected firmware and components.
  • GPT (GUID Partition Table): Required for UEFI boot on Windows. GPT supports larger disks, more partitions, and better redundancy than the aging MBR scheme.
  • UEFI vs. Legacy BIOS: UEFI is the modern firmware interface that natively handles Secure Boot and GPT. Legacy BIOS, still common on pre-2018 systems, cannot provide these capabilities.

When publishers demand all three, they are essentially requiring a hardware root of trust. Software-only anti-cheat had become a cat-and-mouse game; hardware-backed attestation makes it exponentially harder to hide kernel-level exploits. EA laid out its reasoning publicly for Battlefield 6, and Activision’s RICOCHET team rolled out a phased plan to test and then mandate TPM 2.0 + Secure Boot ahead of larger title launches.

Are You Affected? Check Your Current Configuration

Before you touch anything, confirm where your system stands. Open System Information (msinfo32) and look at two fields:
- BIOS Mode: Legacy = BIOS; UEFI = already compliant.
- Secure Boot State: If Off but BIOS Mode is UEFI, you may only need to enable the feature.

Next, open Disk Management, right-click your system drive, select Properties → Volumes, and check Partition style. Master Boot Record (MBR) means you must convert to GPT. GUID Partition Table (GPT) means your disk is ready, but you may still need to enable TPM and Secure Boot in firmware.

Finally, open tpm.msc. Status should read “The TPM is ready for use” and Specification Version 2.0. If it’s missing or version 1.2, you’ll need to activate the firmware TPM (fTPM) or install a discrete module.

Converting MBR to GPT Without Reinstalling Windows

Microsoft’s MBR2GPT tool, introduced in Windows 10 version 1703, can convert a disk in-place. The process is non-destructive, but a full system backup is mandatory—power failure or a misstep can leave you unbootable.

Prerequisites

  • Windows 10 version 1703 or later (check in Settings → System → About).
  • The motherboard must support UEFI (consult manufacturer documentation).
  • BitLocker or other full-disk encryption must be suspended or disabled.
  • You should have no more than three primary partitions on the system disk (the tool enforces this limit).

If you’re dual-booting Linux with unsigned kernels or custom Secure Boot keys, prepare for additional complexity—enabling Secure Boot may block those installations unless you sign the bootloader or switch to a signed shim.

  1. Create a full system image backup.
  2. Boot into Windows Recovery Environment: Settings → Update & Security → Recovery → Restart now under “Advanced startup”. Navigate to Troubleshoot → Advanced options → Command Prompt.
  3. Validate the disk: mbr2gpt /validate
  4. If validation passes, run the conversion: mbr2gpt /convert
  5. Close the command prompt and select “Turn off your PC”.

Online Conversion (Fallback)

If WinRE is unavailable, you can run the tool from a full Windows desktop:
- Open Command Prompt as administrator.
- Run mbr2gpt /validate /allowFullOS
- Then mbr2gpt /convert /allowFullOS

Online conversion carries a higher risk of interference from running processes; Microsoft recommends the offline route whenever possible.

Important: Do not restart into Windows immediately after conversion. The disk is now GPT, but the firmware is still set to legacy BIOS—boot will fail.

Switching Firmware from BIOS to UEFI

After the conversion, power off completely. Turn on the PC and immediately press the key to enter firmware setup (usually Delete, F2, F10, or Esc—check your manual). Navigate to the Boot section and:
- Change Boot Mode from Legacy/CSM to UEFI.
- Disable Compatibility Support Module (CSM) if present.
- Save changes and exit.

Now the system should boot normally into Windows 10 on the GPT disk.

Enabling Secure Boot and TPM 2.0

Secure Boot

In the UEFI firmware, find Secure Boot under the Security or Boot tab. Set it to Enabled. On some OEM systems, you may need to choose “Standard” mode rather than “Custom”. If the option is grayed out, ensure you’re in UEFI mode and that CSM is off.

TPM 2.0

TPM naming varies by manufacturer. Use this table to locate the setting:

Platform Firmware TPM Setting Name Common UEFI Location
Intel Intel Platform Trust Technology (PTT) Advanced → PCH-FW Configuration or Security
AMD AMD fTPM or AMD fTPM Switch Advanced → CPU Configuration or Security
ASUS boards Intel PTT / AMD fTPM (or TPM-SPI for discrete modules) Advanced → PCH-FW Configuration or Trusted Computing
Gigabyte boards Intel Trusted Technology (PTT) / AMD CPU fTPM Peripherals → Trusted Computing
MSI boards Security Device Support → PTT or fTPM Settings → Security → Trusted Computing

Enable the appropriate firmware TPM. If your motherboard lacks fTPM and has no TPM header for a discrete module, you cannot meet the requirement and will need a hardware upgrade.

Save firmware changes and boot into Windows.

Verifying Success

After booting, check:
- msinfo32 → BIOS Mode: UEFI; Secure Boot State: On.
- tpm.msc → Specification Version: 2.0.
- Disk Management → System disk shows GUID Partition Table (GPT).
- PowerShell: Confirm-SecureBootUEFI should return True.

If any check fails, revisit the firmware settings. Common fix: if Secure Boot state shows “Off” despite being enabled, your firmware might be in “Setup Mode” instead of “User Mode”. Look for an option to “Install factory default keys” or “Reset to Setup Mode” and enroll the platform keys.

Once verified, re-enable BitLocker if you use it (the TPM will now reseal automatically). Then launch your game—the anti-cheat should now pass attestation.

Common Pitfalls and How to Avoid Them

  • Unbootable system after conversion: Usually because firmware wasn’t switched to UEFI or CSM remains enabled. Re-enter firmware, force UEFI mode, and try booting. If still failing, use a Windows 10 installation USB to run Startup Repair.
  • MBR2GPT validation errors: The tool’s output is explicit—it will say “Validation completed successfully” or list what’s wrong. Common blockers: too many primary partitions, an active partition not marked correctly, or a hidden recovery partition lacking space. Microsoft’s documentation provides a full precondition checklist.
  • BitLocker complications: Conversion can corrupt BitLocker metadata. Always suspend protection first via Suspend-BitLocker or the Control Panel. After conversion, resume and let the TPM key reseal.
  • Dual-boot with Linux: Enabling Secure Boot may block your Linux kernel. Most mainstream distributions now support signed shims, but you may need to install the shim-signed package and enroll your distribution’s key. Alternatively, you can place Secure Boot in “Custom” mode and manually enroll the Linux bootloader’s hash, but this weakens security.
  • Privacy concerns: Some users worry that TPM attestation amounts to tracking. In reality, the TPM provides a signed statement about the boot chain—it does not transmit personal data or browsing habits. Anti-cheat companies use it to ensure the system is in a trusted state, not to monitor user activity.
  • Missing TPM 2.0 header: If your motherboard lacks an on‑chip fTPM and has no header for a discrete module, your only path is a newer motherboard/CPU.

Clean Install vs. Upgrade: When to Start Fresh

If MBR2GPT validation fails repeatedly or you have a highly customized boot setup, a clean Windows 10 installation may be simpler:
1. Back up all personal files.
2. Create a Windows 10 installation USB using Microsoft’s Media Creation Tool.
3. Boot from the USB and during install, press Shift + F10 to open Command Prompt. Run diskpart, select the disk, and run clean to wipe all partitions (this destroys data). Then convert gpt, exit, and proceed with installation. This guarantees a proper UEFI/GPT layout.

Hardware upgrades are necessary if your system lacks TPM 2.0 or UEFI Secure Boot support altogether—common on pre-2013 motherboards or budget office PCs.

Industry Impact and the Fairness Debate

This hardware requirement wave is more than a temporary nuisance; it reshapes the PC gaming landscape.

Hardware turnover: Gamers on dated rigs are now forced to upgrade motherboards, CPUs, or full systems to remain competitive. This benefits hardware manufacturers but creates a new paywall beyond the game’s price.

Effectiveness of attestation: Early data from closed betas of Battlefield 6 and Call of Duty titles indicates a significant reduction in undetected kernel cheats. However, false positives have surfaced—players with legitimately customized but unsigned drivers have been blocked. Rollout communication from publishers is improving but still inconsistent.

Accessibility vs. competitive integrity: The gaming community is split. Competitive players generally welcome stronger anti-cheat, while modders, dual-boot enthusiasts, and those with older hardware feel excluded. Publishers must provide clear, step-by-step support documentation and automated detection tools that explain to users exactly why they can’t play and how to fix it.

Long-term significance: This is the first time mainstream games have required specific motherboard security features. It signals a future where hardware root of trust is baseline for online play—potentially extending to other genres and even anti-piracy measures.

Final Pre-Launch Checklist

Before firing up that new shooter, confirm:
- [ ] Full system backup completed.
- [ ] Windows 10 is version 1703 or later.
- [ ] BitLocker suspended or turned off during conversion.
- [ ] Disk converted to GPT via MBR2GPT (validate → convert).
- [ ] Firmware changed to UEFI, CSM disabled.
- [ ] TPM 2.0 enabled (PTT/fTPM) in firmware.
- [ ] Secure Boot enabled in firmware.
- [ ] msinfo32 shows BIOS Mode = UEFI; Secure Boot State = On.
- [ ] tpm.msc shows Specification Version 2.0.
- [ ] Game launcher no longer reports a security error.

What’s Next for PC Gaming Security

The requirement for Secure Boot and TPM 2.0 on Windows 10 marks a turning point. Microsoft’s Windows 11 push laid the groundwork, but publishers are now independently enforcing these standards to protect their ecosystems. For the majority of gamers on modern hardware, the transition is a few firmware toggle switches. For those on older rigs, it’s a weekend project—or a signal that it’s time to build a new PC.

Publishers must continue to refine detection, minimize false positives, and provide transparent support paths. The days of ignoring UEFI and TPM are over for competitive online play; the guide above ensures you’re ready for the new reality.