←back to thread

Steam Machine

(store.steampowered.com)
1173 points davikr | 1 comments | 12 Nov 25 17:59 UTC | HN request time: 0.407s | source
Show context
hebejebelus ◴[12 Nov 25 18:42 UTC] No.45904087[source]
Very interesting! The one killer issue that jumps to mind is anti-cheat. I switched away from gaming on Linux via Proton to gaming on Windows because Battlefield 6's anti-cheat won't work under Proton. Many games are like this, particularly some of the most popular (Rainbow 6 Siege for instance). And BF6 made this decision only recently despite the growing number of Steam Deck players (and other players on linux - in fairness I don't think there would have been that many BF6 players on a handheld).

Edit: I specifically use a gaming-only PC. The hardware is used for nothing else. Hence, discussions of rootkits don't really bother me personally much and on balance I'd really rather see fewer cheaters in my games. I think it would be the same with any of these machines - anything Steam-branded is likely to be a 99% gaming machine and their users will only care that their games work, not about the mechanisms of the anti-cheat software.

replies(8): >>45904175 #>>45904207 #>>45904682 #>>45905512 #>>45905633 #>>45906276 #>>45908020 #>>45908039 #
hananova ◴[12 Nov 25 18:47 UTC] No.45904175[source]
All Valve has to do is say “Your software cannot deliberately exclude linux support including kernel anti-cheat to be listed on Steam.” And that would be that, the few devs big enough to make it on their own would leave, and everyone else would adapt.
replies(4): >>45904232 #>>45904245 #>>45904268 #>>45905926 #
Goronmon ◴[12 Nov 25 18:51 UTC] No.45904245[source]
Is there an feasible alternative to "kernel anti-cheat" available on Linux?
replies(3): >>45905143 #>>45905901 #>>45908286 #
1. aseipp ◴[12 Nov 25 20:18 UTC] No.45905901[source]
Today, no. Very simplified but the broad goal of those tools is to prevent manipulation and monitoring of the in-process state of the game. Consoles and PCs require this to varying degrees by requiring a signed boot chain at minimum. Consoles require a fully signed chain for every program, so you can't deploy a hacking tool anyway; no anti-cheat is needed. PCs can run unsigned and signed programs -- so instead they require the kernel at minimum to be signed & trusted, and then you put the anti-cheat system inside it so it cannot be interfered with. If you do not do this then there is basically no way to actually trust any claim the computer makes about its state. For PCs, the problem is you have to basically trust the anti-cheat isn't a piece of shit and thus have to trust both Microsoft and also random corporations. Also PCs are generally insecure anyway at the hardware level due to a number of factors, so it only does so much.

You could make a Linux distro with a signed boot chain and a kernel anti-cheat, then you'd mostly need to get developers on board with trusting that solution. Nobody is doing that today, even Valve.

Funny enough, macOS of all things is maybe "best" theoretical platform for all this because it does not require you to trust anyone beyond Apple. All major macOS programs are signed by their developers, so macOS as an OS knows exactly where each program came from. macOS can also attest that it is running in secure mode, and it can run a process at user-mode level such that it can't be interfered with by another process. So you could enforce a policy like this: if Battlefield6.app is launched, it cannot be examined by any other process, but likewise it may run in a full sandbox. Next, Battlefield6.app needs to login online, so it can ask macOS to provide an attestation saying it is running on genuine Apple hardware in secure mode, and then it could submit that attestation to EA which can validate it as genuine. Then the program launch is trusted. This setup requires you to only trust Apple security and that macOS is functioning correctly, not EA or whatever nor does it require actual anti-cheat mechanisms.