- secure kernel WILL get hijacked and be completely invisible to anti cheats. Which would be funny.
- Microsoft won't port back the attestation process to win 10 (although secure kernel exists there too), forcing all gamers, where the AC adopts this attestation, to install win11
- trying to lock out Linux for sure, which is a funny coincidence given that Valve is partnering with anti cheat developers (eg EAC and Battleye) to support Linux
Linux is and has for years been capable of supporting all of this at any time, and when-not-if Valve enables attestation of a clean sealed-booted Steam Linux environment for their hardware, AAA multiplayer games will begin allowing only sealed-attested Steam Linux players to join multiplayer games from Linux.
Microsoft isn’t doing this to screw Linux. Microsoft is doing this to avoid losing the secured PC gaming market to Valve. They already lost the (secured) console gaming market, after all.
last month
valve are not the company you think they are
They may be partnering with them but support for competitve titles is rather limited. For example, the most prominent Battleye title (iirc), Rainbow Six Siege, is not support on Linux via Steam due to Battleye blocking it. Valorant, LoL, BF6 or CoD also don't work ime.
For many of these games it's a choice. They choose not to support linux. Perhaps one day that will change.
I've been playing online multiplayer games, including competitive FPS and more, for nearly 3 decades. Cheating has never been such a problem that it made me quit a game. So much of this is way overplayed by wannabe-super-sweat try-hards, thinking they're competing in high-stakes games.
So we cede more and more control of our computer over to video game(!!) companies, going deep down the rabbit hole of kernel-level anti-cheat and worse to come.
It's a freaking video game... have fun. If someone cheats, find a new server. It's really that simple.
I can't say which has more weight but it's not a cut and dry situation, at least until Linux has anti-cheat.
Right now developers could make an "unattested" queue for linux and other non-TPM windows systems. Which could also serve as a black-hole for cheaters, so maybe there's some value in that.
I predict they won't allow all Linux but only the specific version Valve puts on the Steam Deck/Machine, and if you modify it then your games won't run again.
>It's supposed to be modifiable.
https://www.kernel.org/linux.html
I have not seen that as a project goal.
Only because desktop Linux will be behind on security.
Macs already got this ability in 2023 which allowed for a user mode anticheat for Riot Games to be made that successfully prevented cheating. Now Windows is getting attestation that is the game running on a secure system.
If desktop Linux ever gets around to this then a anticheats can add support for it and it will be much easier then them needing to make a kernel anticheat for a platform that few people use.
Allowing third parties to measure it is a security violation, and a freedom violation if there's no way for me to spoof what I'm running on my device and they block me based on that.
>that's my right.
It's common for states to make fraud unlawful due to being an antisocial behavior. I similarly believe that lying about your the integrity of an app running is similarly antisocial behavior.
>Allowing third parties to measure it is a security violation
How does it break your security model?
>a freedom violation
It turns out that such freedom when given to bad actors turns into the freedom for them to ruin games by cheating. People still have the freedom to do whatever they want on their own computer, but they just can't hack a game and then fraudulently claim they aren't using hacks.
I don’t really understand what that means. Are you, or anyone, expecting a signed Linux kernel by some organization (say Valve or Debian or whatever) that will be the “Gaming Kernel”? If not, no Linux kernel feature is safe from 1 patch and a custom build.
If you were around in the late 2000s when UEFI SecureBoot was being proposed, you’d remember the massive hysteria about how “SecureBoot is a MS plot to block Linux install”. Even though the proposal was to just allow the UEFI to verify the sig of the binary it’ll boot, and to allow the user to provide the UEFI with the keys to trust, the massive fear was that MB manufacturers will just be too lazy (or be bought by MS) that they will only allow MS keys, or that the process to enlist a new key would be too difficult to sufficiently discourage people from installing Linux (because you know, I’m all for the freedom and fuck-Microsoft camp, until its expected that I verify a signature) so Microsoft offered a service for CA service, like https CAs, but for boot signing.
Assuming you’re a good Linux user, you can always just put your favorite distro signing key in your UEFI without accepting MS CA n there.
Signing your own custom-built kernel (if you need to adjust flags etc., like I do) won't result in a certification chain that will pass the kind of attestation being sketched out by the OP article here.
It’s why I hate the term “self-signed” vs “signed” when it comes to tls/https. I always try to explain to junior developers that there is no such a thing as “self-signed”. A “self-signed” certificate isn’t less secure than a “signed” certificate. You are always choosing who you want to trust when it comes to encryption. Out of convenience, you delegate that to the vendor of your OS or browser, but it’s always a choice. But in practice, it’s a very different equation.
It was inevitable when this even started.
I agree with your sentiment though. It's a wild future we're considering, just so some people can play video games and complain less about supposed cheaters (or often, skill issues, but I digress).
However, I believe part of the huge positive sentiment about “Linux gaming” online is that, so far, it’s been truly “Linux gaming”. Once it becomes “Valve’s Gaming” it’s really no different than PS5 or Switch using Linux for its base OS but it’s really Sony or Nintendo’s device.
(inb4 "but Microsoft only provides a report that's interpreted by others" - yes, but ultimately it's up to whether Microsoft chooses to sign the content of a report you want to produce)
Riot would not let you use their servers to play League of Legends with others if you were not using the secure kernel.
You are still able to do whatever you want with your own PC, but you can't force others to let you play with them when they don't trust you.
And it will not be just game servers. We can already see that on other platforms.
>We can already see that on other platforms.
And it doesnt prevent you from using those devices how you want.
1. The third parties are not your device.
2. This only prevents their app from attesting in the insecure kernel. You can still use the app with it loaded in the secure kernel.
>Anyone who uses an Android device that doesn't pass the attestation know this well.
This is quite different because no Android operating system lets you transparently run those apps in a secure vm that would pass attestation. Needing to reflash your device is totally different than the OS transparently loading the app in a secure environment.
Speaking of which, tangentially, what are the latest workaround for play integrity these days?
And then you're back to needing to load vgk.sys at boot time to play a Riot game. And that's dramatically worse as anticheats like Vanguard do PCIE & DMA screening, vulnerable driver blocklist enforcement, and other hardening at boot time.
The fence you're trying to maintain is already broken on both sides: media DRM (Widevine) does hardware attestation. TPM attestation already exists. Macs don't let you connect to some Apple services without a hardware-sourced ticket. Secure Boot enforcement and requirement by some apps is already a thing.
You're free to use your hardware as you wish, but if you want to disable the Secure Kernel et al, don't be surprised if the gameserver rejects your connection.
The only thing Microsoft is preventing you from doing on your own PC is having Microsoft lie to the other piece of software.
Where vision based AI will start running riot is in games like Runescape where macroing is a huge problem. I expect it will become undetectable and therefore unbannable.
You can have a fully encrypted and attested click-to-photon DRM chain, but it will just a) turn your computer into an appliance and b) cause even worse cheating.
Here's my previous comment about what it takes to actually eliminate cheaters. Anticheats are only marginally helpful in this, it's all about observability, manual control, and community building. https://news.ycombinator.com/item?id=46139481
Intrusive DRM schemes will just take any semblance of computing freedom away from you, while actually making the problem worse in the end.
At the level of League of Legends me and my friend group play, we never noticed cheaters. We play casual ARAM games. Never noticed any hackers or anything.
But we definitely notice when at the start of the game, one of our team didnt actually get past the loading screen because Vanguard decided instead they need to reboot their machine. And then good luck winning when you are down a player for several minutes.
It doesn’t happen often, but it happens way more often than cheaters did. And this bug happens to multiple people in my friend group. This anti cheat software is extremely buggy. And causes way more problems than it solves for us.
I wish i could say “but the software is improving” because the last few weeks it’s been fine, until literally yesterday. I got out of fountain and into combat and then got a “Vanguard must be running” popup. It kicked me out and I couldn’t get back in until I rebooted. And then if you open league too fast after the reboot, because you are hurrying to get back in, you can actually open League before Vanguard starts and then too bad you have to reboot again!
"Neuromuscular Cyborg Aim Assist"
i.e. why not simply make it "XBox for the PC" and leverage both PC and XBox gaming together. There should be no difference to a developer of an "XBox for the PC" and XBox development besides XBox giving you an exact performance config. One codes the same, one has the same resources made available to them and so forth and then one doesn't need anti-cheat (i.e. I'm making an assumption that there's no real need for invasive anti-cheat on xbox / ps platforms).
If I was being conspiracy minded, I might argue that Microsoft doesn't do this, because if one simply reverted to a trusted/attested platform, it be easy for valve to provide the same on a steam deck. If one is booted into a trusted/attested mode on the steam deck, these games that eschew invasive anti-cheat due to trusting the platform could do the same on the steam deck if it provided such a mode. So by enabling invasive anti-cheat, they create a form of lock-in.