Steam Machine

[sodality2]

I have to wonder if it's possible to ever even guarantee something that can't be trivially bypassed on Linux - Windows, sure, it's possible with DMA, but it's damn hard. On Linux you could just compile a spoofed kernel or a DKMS module or something.

[kykat]

Look at android, locked bootloader, no root, se linux, and voila

[robotnikman]

It looks like Valve wants to avoid going down the road of an extremely locked down system like that. They even view the ability to load alternate OS's as a feature of their products.

[lifty]

They could offer both locked down signed software on top of their hardware and allow for bypass when the user wants to install their own thing. I prefer by default to have locked down signed chain of software bootstrapping but I do want to also have the ability to use my own.

[Jnr]

It doesn't have to be bypassed. Those same anti-cheats used by many unsupported titles are enabled for some games and work fine on Linux. So you just have to give the developers some incentive to enable it for their titles. It is a choice made by game developers. Currently they don't see a market on Linux/Steam OS but if Steam Machines become popular, potentially they would be missing a market and decide to join in.

[MindSpunk]

No, they don't work on Linux. They're borderline useless. The whole point of client side anti cheat software is to prevent players reading the game's memory or messing with the game's code. There's no practical way an anti cheat can stop someone on Linux because you can just compile a custom kernel that bypasses all the protections.

On Windows you can't do this, so you have to go through one of the known APIs that anti cheat software monitors or find exploits in kernel drivers to get in and poke at the game's address space. They also look for known vulnerable kernel drivers on boot and block loading the game if they find them.

Some anti cheats run on Linux, but they're borderline useless and trivial to bypass.

Unfortunately for anti cheat software to ever work on Linux would require signed and attested kernels and locked down OS software. Something that will never fly in the Linux ecosystem.

[bigyabai]

Game developers can ship an attested runtime (or hell, even an attested kernel) with the game and, refuse booting it unless the kernel passes some boot tests. Most Linux games already containerize their runtime anyways.

Locking down Linux totally is impossible, but the same very obviously goes for Windows and even macOS as well. Locking down a Linux runtime well enough to play online games seems trivial in my opinion. It's just a lot of work that would be better-spent preventing Windows hackers from pants-on-head insane DMA exploits.

[aDyslecticCrow]

you can make a signed readonly linux installation, and restrict your games to it. this would be like "support steamos but not linux".

Or deliver the game as a container format, like snap or appimage to bypass most of the system.

Or demand the installation of a kernel driver like they do on windows.

or just give up on kernel level aticheat since they're been breached all the same, just as windows are restricting their power too.

easy-anticheat has a linux version. Developers have to disable the support intentionally.

[lawlessone]

is it not possible for someone to have Linux spoof that it's Windows to the game?