Starting with high-profile releases like Battlefield 6, a growing number of Windows 10 multiplayer games are refusing to launch unless Secure Boot and TPM 2.0 are both active. This hardware-enforced anti-cheat strategy means millions of gamers still running legacy BIOS and MBR disks must now convert their drives to GPT and flip firmware to UEFI – or get locked out of the latest titles.
The new anti-cheat reality: why your firmware matters
The arms race between game developers and cheat creators has moved beyond software. Kernel-level cheats that load before the operating system can bypass traditional anti-cheat measures. By requiring Secure Boot, which ensures only signed, trusted bootloaders and kernel components run, and TPM 2.0, a hardware security module used for device attestation and tamper evidence, publishers like EA are closing the door on an entire class of sophisticated attacks. Battlefield 6’s public documentation explicitly states that Secure Boot and TPM 2.0 are mandatory, and other titles with kernel-level anti-cheat systems are expected to follow suit.
For Windows 10 users, this creates a stark requirement: the PC must be running UEFI firmware with the disk partitioned as GPT, not the older BIOS/MBR combination. While Windows 11 made UEFI and TPM 2.0 mandatory from the start, Windows 10 never enforced these features. Many desktops and laptops from the 2010s still boot via legacy BIOS, and their system drives use the Master Boot Record format. To play the latest games, those systems need a firmware makeover.
What you’ll need before you begin: the prerequisites
Before touching any settings, confirm that your hardware can support the required configuration. The motherboard must have UEFI capabilities – most systems manufactured after 2012 do, but very old boards may lack it entirely. You should be running a 64-bit version of Windows 10, version 1703 or later, with administrative privileges. BitLocker encryption must be suspended or turned off; otherwise, partition or firmware changes will prompt for a recovery key. Most critically, back up all important data. The MBR2GPT tool is designed to be non-destructive, but disk-level operations always carry a risk.
Check your current state: open Disk Management (right-click Start → Disk Management), right-click the system drive, select Properties → Volumes, and look at “Partition style.” If it says GUID Partition Table (GPT), you don’t need conversion. If it says Master Boot Record (MBR), keep reading. Next, run msinfo32 (Windows key + R, type msinfo32) and note the “BIOS Mode.” If it already shows UEFI, you can skip the firmware mode switch later.
Step 1: Validate your current configuration
A quick sanity check prevents wasted effort. In tpm.msc, see if a TPM is present and its specification version. If it’s already 2.0, great. If not, you’ll enable it later. Also, ensure the disk layout meets MBR2GPT’s requirements: a maximum of three primary partitions plus an extended partition, and no special configurations that the tool cannot handle. The tool’s /validate flag will tell you definitively.
Step 2: Convert MBR to GPT safely with MBR2GPT
Microsoft’s built-in MBR2GPT utility is the recommended path. It can run either offline from the Windows Recovery Environment (safe, recommended) or online from a running Windows session (riskier, but often works). Both methods require the /validate step first.
Option A – Offline conversion (recommended):
- Go to Settings → Update & Security → Recovery, under Advanced startup click Restart now.
- Navigate to Troubleshoot → Advanced options → Command Prompt.
- At the command prompt, type:
mbr2gpt /validate
- If validation passes, run:
mbr2gpt /convert
- When the conversion completes, do not boot into Windows. Instead, close the command prompt and power off the PC. The disk is now GPT, but the firmware is still in legacy mode – you must switch to UEFI next.
Option B – Online conversion:
- Open an elevated Command Prompt (run as administrator).
- Validate:
mbr2gpt /validate /allowFullOS
- If okay, convert:
mbr2gpt /convert /allowFullOS
- After success, shut down immediately. Do not attempt to restart until the firmware is changed.
Both methods can leave the Windows Recovery Environment in a misconfigured state. Once you’re back on the desktop after the full process, run reagentc /disable and reagentc /enable in an admin Command Prompt to repair it.
Step 3: Switch firmware from legacy BIOS to UEFI
Now enter the motherboard’s UEFI (BIOS) settings. Typically you press F1, F2, F10, F12, Del, or Esc during startup – check your PC or motherboard manual. Find the boot options page and change the firmware type from Legacy/CSM to UEFI. Some firmware labels this as “Windows UEFI mode” or simply “UEFI.” Save the changes and exit. If the system doesn’t boot to Windows, don’t panic: revert to legacy boot temporarily, verify the GPT conversion succeeded, and ensure an EFI System Partition exists with valid boot entries. You can rebuild them using a Windows installation USB and the bcdboot command.
Step 4: Enable TPM 2.0 in the firmware
Reboot into UEFI settings again. Navigate to the security or advanced tab. The TPM option name varies wildly by manufacturer:
- Intel platforms: Look for “PTT” (Platform Trust Technology).
- AMD platforms: Look for “fTPM” or “AMD CPU fTPM.”
- ASUS, Gigabyte, MSI, etc.: Often under a “Trusted Computing” submenu, you’ll find “Security Device Support” and a “TPM Device Selection” where you pick “PTT” or “fTPM.”
Enable the appropriate setting and save. You do not need a discrete TPM chip; the firmware-based version (fTPM) is sufficient.
Step 5: Turn on Secure Boot
In the same UEFI settings, find the Secure Boot option – often under the Boot or Security tab. Enable it. If the option is greyed out, look for a “Restore Factory Keys” or “Reset to Setup Mode” option and execute it. This populates the platform key (PK) store. After saving and exiting, the system should boot normally.
Step 6: Verify everything works
Once back in Windows, run msinfo32 again: BIOS Mode should now say “UEFI,” and Secure Boot State should read “On.” Open tpm.msc: the Status must show “The TPM is ready for use,” and the Specification Version must be “2.0.” If all checks pass, your machine is now ready for the latest anti-cheat-protected games.
What can go wrong – and how to fix it
Real-world forum reports highlight several recurring snags:
- BitLocker recovery prompt: If BitLocker was active and not properly suspended, the firmware or disk changes will demand the recovery key. Always store your key before starting.
- Dual-boot breakage: Secure Boot rejects unsigned bootloaders. Linux users must use signed shims (like the one from Ubuntu) or enroll custom keys. Without preparation, your Linux installation may vanish from the boot menu.
- Greyed-out Secure Boot: If disabling CSM/legacy mode alone doesn’t unlock Secure Boot, check that the supervisor/admin password is not set (or that you know it). Some OEMs lock firmware settings behind a password.
- MBR2GPT validation fails: The tool complains if you have more than three primary partitions or unsupported dynamic volumes. Clean up unused partitions and try again, or be prepared to do a full backup and clean install.
- Windows won’t boot after conversion: Re-enter firmware and switch back to Legacy/CSM temporarily. From a Windows Recovery USB, run bootrec /rebuildbcd and bcdboot C:\Windows (adjust the drive letter as needed) to rebuild the boot configuration data.
The gamer and community response
Enforcement of these platform security features has stirred intense debate. On forums, users with older rigs or custom setups express frustration that a $60 game effectively demands a PC overhaul. Dual-boot and modding enthusiasts feel particularly penalized. Yet many acknowledge that kernel cheats are a persistent plague, and drastic measures may be the only effective counter. EA’s public stance – that Secure Boot and TPM 2.0 are required to “protect the integrity of the multiplayer experience” – echoes a growing industry sentiment. As kernel-level anti-cheat becomes the norm, these firmware gates are likely to become standard across AAA multiplayer titles.
When MBR2GPT isn’t enough: considering a hardware upgrade
Conversion is feasible for most PCs made in the last decade. However, if your motherboard lacks UEFI support entirely, or an OEM has locked out the ability to enable TPM/Secure Boot, no software tool will save you. Similarly, if you’re on a laptop that never received firmware updates to expose fTPM settings, you’re stuck. In these cases, the only path to play new games is new hardware. The good news: virtually all modern motherboards and laptops ship with UEFI, fTPM 2.0, and Secure Boot ready to go, so an upgrade brings you up to the new baseline.
Final thoughts: a new security baseline for PC gaming
Secure Boot and TPM 2.0 have moved from option to requirement for a growing slice of Windows 10 gaming. The MBR2GPT tool provides a supported, relatively safe migration path, but it demands careful preparation. Back up your data, understand your firmware’s quirks, and follow each step in order. With the conversion complete, you’ll not only unlock today’s anti-cheat-protected titles but also fortify your system against future low-level attacks. For Windows 10 diehards who want to keep their rigs relevant through the next wave of multiplayer blockbusters, now is the time to make the switch.