> And yes, they probably also don't want people to keep hacking online video games, which is why Riot uses TPM attestation as an additional security measure to preventing people banned for hacking from evading bans in Valorant[3].

on most of my gaming boards you buy the TPM and plug it into the board like you would a USB connector

total cost: ~$15 (ignoring currently craziness)

if I'm a wallhacker/aimbotter how would this stop me?

Usually they ban every part they can get a SN/unique ID for, TPM being just another signal. Modular TPMs are being phased out anyhow, with new AMD and Intel chips having it built in.

that would be a shame

the hardware TPM is considerably harder to tamper with than the software "fTPM" that come built-in with the CPU

though I suppose once it gets cracked that may turn out to be a blessing for software freedom

I can't wait for CPU-built-in TPMs to get hacked, rendering entire generations of CPUs "insecure" and "tainted" to these anti-cheat and DRM systems.

As I said, it doesn't actually do much for anti-cheat besides act as a hardware ID for bans. You can still run cheats and hack your own system with the TPM fully in-tact, it's just another method to increase the cost required to get back in after being banned - now you have to have an entirely new CPU every time, at least once they fully drop Windows 10 support in \d{2} years.

There's quite literally only one potential exploit that would work for the purposes of ban-evasion: extracting the private key. Since every CPU is signed by Intel/AMD's CA, the Riot servers require your CPU attest by signing a secret message, so you'd need a surefire way to extract the private key from other machines to then spoof TPM responses using your existing hardware - that, or you have an active worker agent on other PCs proxying the attestation process.

And, if you were actually able to find a way to extract the private key on TSMC's newest process nodes, there are much more profitable ways to use that knowledge.. ie. selling it to zerodium or nation state actors that are eager to decrypt iPhones.

Doesn't UEFI already provide for the automated installation of vendor malware whenever Windows boots?

Reliable chain of trust combined with hardware bans is a pretty high entry barrier, though. You need to change most of your PC hardware to not be banned again, and HWID spoofers are also cheats that have to squeeze through the same filter.

So no, it's not a completely invalid idea. At some iteration, it will make the anticheats even better, and they already work pretty well (regardless of players' oversized perception of cheaters running unpunished). A proper chain of trust + hardware signing of mouse input + kernel hardening + hardware fingerprinting will make most cheats irrelevant (including the ML-based ones). You'd have to mod your hardware to be even able to run cheats; which is also preventable, just ask console manufacturers.

The only downside is, this would turn your computing device into an appliance remotely controlled by several companies. And the gamers will be perfectly happy to have it at that, because everybody hates cheaters, and even talking about that is stigmatized.

» So no, it's not a completely invalid idea.

No. Say no to TPM. It is worse than useless. Imagine Netflix or your bank participating in this nonsense. Would you buy a used computer?

How many cheats have you seen on consoles? I guess none. Besides maybe an occasional lagswitch, or a packet manipulation/sniffing thing, but that's due to developers' lack of expertise, because all of that is avoidable. That's because consoles are locked down completely. So yes, it is useful if implemented properly, and if your PC is totally locked down. It would be silly to deny that.

(and BTW my bank already does that, requiring non-rooted stock firmware for its app on mobile. With Samsung for example, rooting amounts to warranty loss; maybe in EU it's different, but I'm not in EU)

Whether you or me say yes or no to TPM is not hugely important. Most people are absolutely happy to trade freedom for convenience, and it aligns with Microsoft's incentive to lock everyone into using their products. This isn't new at all, I've seen loss of PC modularity and openness discussed since late 90s.

However, there are several counterbalances for that incentive.

1. Platform fragmentation, the major one. This alone can delay the inevitable for any amount of time.

2. Backwards compatibility.

3. PCs being used for many purposes, not just as an appliance. This is a minor but noticeable one.

4. Some groups advocating for the platform openness. This one is of little relevance in practice.

Expecting the x86/MS platform to stay open forever is not realistic, because the incentives are biased towards locking down. How much time it'll take to get to that state is a different question, though. It haven't happened yet is all that can be said.

Stop playing devil's advocate. It's worse than useless because it takes away the best part of computing: our freedom to own, operate and modify.

> Expecting the x86/MS platform to stay open forever is not realistic, because the incentives are biased towards locking down.

It's only unrealistic when these fatalist certainties are pushed as inevitable. Free, live free is more than the name of a novella, it's an act to be performed, to fight for.

So yes, say no to the TPM and other such measures such as SafetyNet, which are worse than useless to the most important endgame, to live free.

The purpose of my computer is not to protect anyone else's business model.

If there is no way to deal with cheating at games other than relinquishing ownership, disposition, and functionality of my own hardware, that is not my problem, and, it's not true anyway.

Consoles are just the easy way not the only way.

> The purpose of my computer is not to protect anyone else's business model.

It is if you want to use someone else’s software that requires it; you can’t have something on your terms just because the cost of using it is paid in something other than fiat currency.

Incorrect.