Comment by fc417fc802
16 hours ago
Not really. Measured boot and remote attestation are a thing. Couple with reproducible builds to address security and privacy concerns.
Hardware support would inevitably be somewhat limited but that's still better than the situation with either consoles or kernel anticheat.
Sure you can secure boot the kernel and the game binary itself but then you have all the surrounding support from the OS that also need to interop without being tamperable. Screenshots, network and input devices for example are routed through user space before reaching the game, and they can be used to make cheats. Now some of those layers are getting more isolated, for example with Wayland. Even so, that means your secure boot chain must go all the way up to include a non tampered window manager too, taking you closer and closer into reinventing a Android like console OS.
> that means your secure boot chain must go all the way up to include a non tampered window manager too,
Yeah, that's the entire point. The whole distro in this scenario would be signed reproducible FOSS builds. No untrusted binaries would be permitted to run. State of entire filesystem verified except specific directories. Think Android without the app store and no user provided APKs permitted.
Valve already manages SteamOS so this isn't as crazy as it might initially sound.
Although it does occur to me now that one of the newer GPLs has an anti-tivo provision. Not sure if this would run afoul of that. It's access to a subset of a service that would be restricted (competitive matches), everything else would still work.