From both a technical perspective and if the maintainers of these anti-cheat will consider porting or re-writing kernel level anti-cheat to work on linux, is it possible? Do you think that the maintainers of kernel level anti-cheat will be adamant in not doing it, or that the kernel even supports it or will support it. I think that if it ever happens, there will be a influx of people moving to linux, or abandoning their duelboots, and that alot of people will hate that such a thing is available on linux.
Kernel level anti cheats require secure boot. You can’t just “lie” and load an unsigned kernel.
You can add your own signing keys to the UEFI and boot an modified bootloader and Kernel that you have signed yourself. So yes, it is possible to “lie”
For such a locked down system, akin to game consoles or smartphones, would be needed. And even those get jail broken and manipulated, so “total security” on there is not complete but easier to check and ensure. Another way to make sure that the code is not manipulated would be to put all those games into the cloud and have every player only play via streaming. All the code would then run on secured, locked down and verified machines.
Another technique that helps is to limit the amount of information shared with clients to need to know info. This can be computationally intensive server-side and hard to get right … but it can help in many cases. There are evolving techniques to do this.
In FPS games, there can also be streaming input validation. eg. Accurate fire requires the right sequence of events and/or is used for cheat detection. At the point where cheats have to emulate human behaviour, with human-like reaction times, the value of cheating drops.
That’s the advanced stuff. Many games don’t even check whether people are running around out of bounds, flying through the air etc. Known bugs and map exploits don’t get fixed for years.
And then your keys will be rejected by the anticheat. Just because you can sign your kernel and load it does not mean a kernel module can’t verify who signed it.
Yes, but with a modified Kernel you can fake what the anticheat reads when it checks the key, so you just feed it the key it wants to see instead of your own. The anticheat module would need run on a higher level then the Kernel itself to prevent that, for example alongside the CPU (like the Intel Management Engine).
I am not an expert on secure boot so I can’t tell whether that’s possible or not. But if it is, what stops people from doing that with Windows now?
Linux secure boot was a little weird last I checked. The kernel and modules don’t need to be secure boot signed. Most distros can use shim to pass secure boot and then take over the secure boot process.
There are dkms kernel modules that are user compiled. These are signed using a machine owner key. So the machine owner could for sure compile their own malicious version and still be in a secure boot context.