Comment by quotemstr
14 hours ago
Everyone is thinking about this problem the wrong way. Just use remote attestation.
Who needs opaque binary blob kernel modules or whatever for anti-cheat when you can bootstrap a secure boot and remote attestation setup? It's possible for a game server to verify cryptographically that someone is running stock firmware, stock bootloader, stock TCB userspace, a stock game executable, and that no debugger is attached. You don't need cat and mouse BS with executable obfuscation. You don't need inscrutable spyware. You don't need to prohibit VMs. All you need to do is configure your program not to be debuggable, prohibit network MITM (e.g. with certificate pinning), and then use remote attestation to make sure nobody has tampered with the system to make it ignore your anti debugging configuration.
All of the components involved in this trust chain can be open source. There's no spyware involved. No rootkit. No obfuscation. Everything is transparent and above board.
The only downside (besides implementation complexity) is that the remote attestation scheme is incompatible with running custom builds of the components remotely attested. But so what? Doing so isn't a requirement of open source. You can still run custom builds too -- just not at the same time you play your game.
Seems like a fair compromise to me
Giving users the freedom to customise the code running on their machine is literally the entire point of FOSS (Free Software & Open Source). Some of the FOSS licenses (like the GNU GPL) also include this as a requirement of the license.
That said, you might be right that breaking the proprietary software when it runs on custom builds of the FOSS software would be compliant with the license. That is what TiVo did. Would be pretty annoying though, since you couldn't immediately reboot into a new distro kernel security update, since it wouldn't be known by the remote attestation stuff yet.
https://sfconservancy.org/blog/2021/mar/25/install-gplv2/ https://sfconservancy.org/blog/2021/jul/23/tivoization-and-t... https://events19.linuxfoundation.org/wp-content/uploads/2017...
What options do gamers have?
1. No games
2. Inscrutable rootkit
3. Piracy
4. Attestation, i.e. partial Tivoization
Of these, #4 seems least awful and maximally user freedom preserving. Unlike regular Tivoization, also, we're not talking about locking down the whole machine. No need. You basically just need to attest the kernel and some binary signing infrastructure. You can run custom builds of whatever else you want otherwise.
I mean, or you can run a trusted VM, as some others have suggested. Is that really any worse?