There's some ML image-based cheats out there but they're much worse (and have been for years). Some games have sidestepped this with tiny imperceptible color changes to nametags & outlines to throw off the cheats while not bothering a human player.
> It's perfectly accurate, as Microsoft could let you use Riot's servers without using the secure kernel if they wanted to.
And then you're back to needing to load vgk.sys at boot time to play a Riot game. And that's dramatically worse as anticheats like Vanguard do PCIE & DMA screening, vulnerable driver blocklist enforcement, and other hardening at boot time.
The fence you're trying to maintain is already broken on both sides: media DRM (Widevine) does hardware attestation. TPM attestation already exists. Macs don't let you connect to some Apple services without a hardware-sourced ticket. Secure Boot enforcement and requirement by some apps is already a thing.
This is entirely used for anticheat purposes. Ergo, if you want to play with other people in a multiplayer setting, you're required to abide by certain rules: some logical and social, some technical. It's a careful balance between a fully locked down platform (Xbox/PS OS) and just zero measures to prevent cheaters. (No, server-side anticheat is not sufficient, as proven countless times)
You're free to use your hardware as you wish, but if you want to disable the Secure Kernel et al, don't be surprised if the gameserver rejects your connection.
Okay, then I don't get the point you're trying to make. You "slippery slope"'d the Secure Kernel TPM attestation used for multiplayer games into "what if you can't do banking anymore". Like I said (and you agreed), we're already using hardware attestation. So what's the problem with this approach that gets rid of the requirement of anticheat drivers, freeing your hardware? (You can now use that one app that Vanguard preemptively blocks for using a vulnerable driver)
The point is that until now, attestation has not been widely used on PCs, but we can observe this changing and bringing in the pain points known from other platforms.
I recall one of the issues leading up to their abrupt cancellation was fulfillment, so I can't help but suspect there's some potential (long-term) issue they couldn't work out for this dev kit's chipset. Maybe some part of the chain was held together with glue and "this shouldn't fail but continue anyway" and whatever hardware issue eventually hit something critical. (And they intended to fix this some time after shipping, and gave up halfway through fulfillment)
The generated FIDO keys with "[...]-sk" are hardware-only too, the "key" you load is only an "identifier" associating the onboard passkey, allowing you to add it on multiple computers but still requiring the FIDO key present to use[1]:
> ssh-keygen(1) may be used to generate a FIDO token-backed key, after
which they may be used much like any other key type supported by
OpenSSH, so long as the hardware token is attached when the keys are
used. FIDO tokens also generally require the user explicitly authorise
operations by touching or tapping them.
> [...]
> This will yield a public and private key-pair. The private key file
should be useless to an attacker who does not have access to the
physical token. After generation, this key may be used like any other
supported key in OpenSSH and may be listed in authorized_keys, added
to ssh-agent(1), etc. The only additional stipulation is that the FIDO
token that the key belongs to must be attached when the key is used.
IMO the baseline Security Key ($20) series is now enough, unless your setup uses PGP, legacy SSH that doesn't support these key types, or if you're using a real certificate for e.g. code signing.
All the videos I've seen show it adopted by an existing UniFi site, I wonder if I can still set it up as a standalone device? Hopefully even set up the VPN functionality to some WireGuard server (which was implied somewhere where it listed OpenVPN & WireGuard, can't find it now).
No, it started ~4 years ago when FIFA hiked the license cost for EA, and 2 years ago EA had enough & didn't renew the license.[1] Since then, EA basically rebranded their series to "EA Sports FC" and dropped the FIFA branding altogether. This didn't change much as they kept/renewed the licenses for players, teams, stadiums, etc.[2]
reply