Comment by altairprime
3 months ago
By making it immutable out of the box, VAC enforcement because vastly easier and third-party multiplayer anti-cheating kernel rootkits are replaced by “attest that you are unmodified”, which Steam Linux and macOS/tvOS/iOS/iPadOS can do — but not Windows 10/11, because sealed boot functionality is behind Microsoft’s enterprise annual subscription fee paywall. This positions Steam Linux as the monopoly provider of console-gaming Linux, since no one else is doing sealed attestation Linux at scale, and opens the door for multiplayer AAA games to target Steam Linux for their day-one releases as a competitive equal to Xbox/PS5/Switch and as a better defended console platform than Windows PCs. The modifications described by OP are still possible, but won’t be compatible with multiplayer anti-cheating enforcement, which is perfectly fine; boot to sealed for competitive gaming, boot to custom for single player, everyone wins except Microsoft’s Windows division. (If Microsoft hadn’t shot off their foot with Windows 10, they could have simply enabled sealed booting for all 10/11 installations and remained competitive as a gaming platform, but I think they’re done with that business.) Nice to see my predictions pan out and I look forward to buying one :)
Immutability doesn't provide this on it's own. You can load any custom immutable image you want. What game devs want is full boot chain attestation where every part of the OS is measured and verified untampered with, and then to load their own spyware at the highest level.
The only way immutability helps here is you could have two OS images, the users own customisable one, and a clean one. Then when you try to load an anti cheat game, the console could in theory reboot in to the clean one, and pass all the verification checks to load the game.
I am, indeed, assuming that their immutable image can generate attestations chained appropriately. If not, it’s a catastrophic business error on their part to put in all that work, and I don’t consider that degree of failure likely. Definitely curious to see if they can enable the chain on existing Steamdecks or not.
Immutable images provide many benefits that are unrelated to DRM. The main one being that the entire fleet of Steam Decks/Machines are all in a known state. Updates are a matter of pushing a new OS image, you don't have to worry about migrating files, conflicting configurations, strange user changes. And if an update fails, the bootloader shows a screen where you can boot a previous OS image that worked.
It's like docker images for the whole OS. As far as I can tell, the Steam Deck does not have secure boot or any kind of attestation enabled. They have been very forward in marketing it as an open and free system you can do anything on. The hardware does have a TPM that is seemingly unused currently, not sure if it supports some form of secure boot.
1 reply →
There's hardware level (on a separate device) ability to capture video and send key/mouse now. Impossible to be detected by anticheat. https://wiki.sipeed.com/hardware/en/kvm/NanoKVM_Pro/cua.html
Yes, but that works just as readily on consoles as it does PCs, so it doesn’t affect immutable Steam any more or less than any other gaming steam. Sealed protections are still valuable regardless!
It affects console too, but watch game publishers disable linux support, blaming cheaters while producing graphs that don't support their arguments. While console packs and cheats are rampant, and their game servers even being hacked during competition.
6 replies →
gaming *system