Sorry to see the downvotes on your comments explaining the technical stuff. You aren’t wrong, but people are cultish and like dog piling.
The entire idea of Secure Boot is to verify the boot chain using signature checks to ensure that nothing “unauthorized” runs in the boot process before control is handed off to the kernel. It’s meant to stop lower bootloader stages from silently modifying or hooking later stages.
In theory, it’s supposed to stop rootkits from being able to exist above the OS, hiding themselves while stealing information or influencing programs. In practice, there’s a shit load of badly implemented EFI programs and bootloaders that are signed and later turned out to be vectors for arbitrary code execution (this is why you need the DBX list to be updated frequently).
Cynically, Microsoft probably came up with Secure Boot because that whole rootkit-and-fuck-with-the-kernel thing used to be one of the ways people cracked Windows 7.
As for TPM 2.0, the whole point of it being used for anticheat is because it stores an immutable log of the Secure Boot process and attests to the integrity of the system. If I installed my own Secure Boot certificates and rootkitted Windows for the sole purpose of cheating, the TPM would see that a self-signed executable was used during boot and refuse to say the system was unmodified.
Edit: The downvote button is not a “I disagree” button. There is an actual technical reason why Secure Boot and TPM 2.0 are used in anticheat crap. I don’t agree with it or that they demand it as a requirement to even open the game, but it’s not some grand conspiracy to make you buy new PC hardware.
Sorry to see the downvotes on your comments explaining the technical stuff. You aren’t wrong, but people are cultish and like dog piling.
The entire idea of Secure Boot is to verify the boot chain using signature checks to ensure that nothing “unauthorized” runs in the boot process before control is handed off to the kernel. It’s meant to stop lower bootloader stages from silently modifying or hooking later stages.
In theory, it’s supposed to stop rootkits from being able to exist above the OS, hiding themselves while stealing information or influencing programs. In practice, there’s a shit load of badly implemented EFI programs and bootloaders that are signed and later turned out to be vectors for arbitrary code execution (this is why you need the DBX list to be updated frequently).
Cynically, Microsoft probably came up with Secure Boot because that whole rootkit-and-fuck-with-the-kernel thing used to be one of the ways people cracked Windows 7.
As for TPM 2.0, the whole point of it being used for anticheat is because it stores an immutable log of the Secure Boot process and attests to the integrity of the system. If I installed my own Secure Boot certificates and rootkitted Windows for the sole purpose of cheating, the TPM would see that a self-signed executable was used during boot and refuse to say the system was unmodified.
Edit: The downvote button is not a “I disagree” button. There is an actual technical reason why Secure Boot and TPM 2.0 are used in anticheat crap. I don’t agree with it or that they demand it as a requirement to even open the game, but it’s not some grand conspiracy to make you buy new PC hardware.
You are downvoted for your first part. Nobody is dog piling or being cultish, the person is just being a moron.
We know why they might be used, we just dont want video games demanding shit we dont actually need.