Yes for DRM

Posted Aug 8, 2025 9:36 UTC (Fri) by excors (subscriber, #95769)
In reply to: Yes for DRM by Cyberax
Parent article: Don't fear the TPM

Valorant does use TPM remote attestation to some extent (and I expect the other modern anti-cheat systems are similar). Some cheats use a nearly-undetectable hypervisor to emulate the TPM and provide innocent-looking fake responses to the anti-cheat system, and attestation lets the anti-cheat system detect that.

I think it's primarily using the TPM as a hard-to-spoof hardware ID, so that banned players can't simply make a new free account and start playing again, though it can be bypassed by using an external TPM chip (instead of fTPM) and replacing it with a new chip every time you get banned. Secure Boot is an extra hurdle since you have to enroll new keys before it'll boot with your kernel-level cheat (unless you find another way to bypass it), and I presume the anti-cheat can detect those non-standard keys and will consider it an additional point of suspicion.

It's not perfect but it doesn't need to be - it's one of many layers that combine to make cheating more awkward for users to set up and less profitable for cheat makers, to keep the number of cheaters low enough to not ruin the game for everyone else.

Yes for DRM

Posted Aug 8, 2025 18:56 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

> Valorant does use TPM remote attestation to some extent

TPMs are not well-suited for remote attestation. They can attest that the running software is the same as it was at some point in the past, but you can't pre-compute the expected hash values for an arbitrary PC.

This is fine if your goal is to protect a corporate laptop, as you can guarantee that you install the software in a clean environment. But a dedicated cheater can start subverting the system during the installation so it's _never_ in a clean slate state.

Though it certainly makes attacks much more complicated, which is the end-goal for the anti-cheat protections.