Until they require fTPMs, an attacker can just choose to use a regular TPM.
replyA more sophisticated attacker could plausibly extract key material from the TPM itself via sidechannels, and sign their own attestations.
I remember there's a PCI device that's meant to be snooping and manipulating RAM directly by using DMA. Pretty much one computer runs the game and one computer runs the cheat. I think kernel anti cheats are just raising the bar while pretty much being too intrusive
replyTFA explicitly describes those devices, and how anti-cheat developers are trying to handle this.
replyBut the main point there is that this setup is prohibitively expensive for most cheaters.
what about faulTPM? https://arxiv.org/abs/2304.14717
replyCan a TPM be faked in a QEMU VM?
replyTechnically yes, but it would produce an untrusted remote attestation signature (quote). This is roughly equivalent to using TLS with a self-signed certificate — it’s not trusted by anyone else. TPMs have a signing key that’s endorsed by the TPM vendor’s CA.
replyWe don't allow games to run in virtual machines and require TPM. Check TPM EK signing up to an approved manufacturer.
replyIt is not "fake", a software TPM is real TPM but not accepted/approved by anticheat due to inability to prove its provenance
(Disclosure: I am not on the team that works on Vanguard, I do not make these decisions, I personally would like to play on my framework laptop)
reply