Considering i have 2 SSD disks - both encrypted FDE with different apps/passwords/encryptions and differenty systems (win/linux). If i install bf6 on ssd(1) - does it see things on ssd(2)? For example when i boot from ssd(1) and other is plugged/when i boot from ssd(1) and other is unplugged/when i boot from ssd(2) and first is plugged/ when boot from ssd(2) and first is unplugged?
Nope. It does see everything it wants on your Windows install though since it’s a kernel-level anti-cheat. It operates in the highest privilege level that an OS can have. It could in theory replace the Linux bootloader to eavesdrop on your Linux FDE pwd if the disk is connected, but I highly doubt the company would enjoy the resulting felony charges.
They’re not interested in your personal data. They’re interested in what code you’re running while the game is running.
6 Likes
Enable LUKS2 full disk encryption and don’t try to boot into the Linux system while the Windows system is still running
You can’t do that anyway
1 Like
Yes, therefore it shouldn’t be tried
FBI: “We’ve found out that your kernel-level anticheat has been gathering user information, including FDE passphrases!”
EA: “Well duh, you’re the ones who told us to do it!”
Booting into Linux while Windows is running both isn’t possible and isn’t the concern. They don’t have to be running simultaneously, a kernel-level malicious actor could just replace the Linux bootloader/kernel if you don’t have secure boot set up in a way to prevent that (most Linux users probably don’t). LUKS doesn’t protect against this on its own either.
Well, Microsoft is the oldest NSA partner after maybe AT&T so why go the extra mile with some anti cheat software? 
I mean plausible deniability maybe but if the machine is already running a screen logger and you can blame “too much telemetry” on a bug, I’m not sure if they’d bother.
1 Like
As your mentioned correctly the solution is to use secure boot, and I think most people are using it because its the default on 90% of devices released on the last years and their is no good reason to change that if your running a normal distro.
Normal secure boot doesn’t help though, as I mentioned it needs to be set up specifically to prevent these kinds of attacks using UKIs which are less widespread. If you don’t use signed UKIs the attacker can just replace the initramfs instead.