Valorant‘s Controversial Vanguard Anti-Cheat Starts Requiring TPM 2.0 and Secure Boot

In July 2022, Riot Games pushed an update to Valorant, their immensely popular tactical 5v5 FPS, that mandated TPM 2.0 and Secure Boot in order to play the game. Many players were caught off guard when met with the error message "this build of Vanguard requires TPM 2.0 and secure boot to play" while trying to launch Valorant.

The decision marks a major escalation in the arms race between game developers and cheat makers. By leveraging hardware security features like the TPM, Riot aims to make it significantly harder for cheaters to tamper with the game. But the move has also reignited debates about how invasive anti-cheat software should be allowed to become in the name of competitive integrity.

Understanding TPM 2.0 and Secure Boot

TPM stands for Trusted Platform Module. It‘s a dedicated crypto-processor that‘s included on many motherboards or built into CPUs (like Intel‘s Platform Trust Technology or AMD‘s fTPM). The chip provides hardware-level encryption for security features like Windows Hello biometric authentication and BitLocker drive encryption.

Diagram showing how TPM integrates with other system components

The TPM generates, stores, and limits the use of cryptographic keys. Critically, it also produces a unique RSA key burned into the chip during manufacturing that identifies that specific physical device. This key can‘t be changed or spoofed, creating a hardware-backed root of trust.

TPM 2.0, the latest version of the spec, offers several enhancements over the older 1.2 revision:

  • Stronger crypto algorithms (SHA-256 vs SHA-1, ECC support, etc.)
  • Expanded NV storage for more keys and secure data
  • Easier management and maintenance
  • Better physical tamper resistance

Secure Boot is a complementary feature that ensures a system only boots using trusted, digitally signed UEFI firmware. On each boot, the firmware and bootloader components are cryptographically verified using keys stored in the TPM before being allowed to execute. If any unauthorized changes are detected, the system will refuse to boot.

Together, TPM 2.0 and Secure Boot form a hardware-enforced security chain that makes it extremely difficult for rootkits and bootkits to hide from anti-cheat scans or gain uninspected kernel-mode access.

Why Require TPM 2.0 Now?

Cheating has become an epidemic in online gaming. A 2020 survey by Irdeto found that 60% of multiplayer gamers in the US and UK have had their experience negatively impacted by cheating. In China and South Korea, that number skyrocketed to 77%.

Region% of Gamers Impacted by Cheating
China77%
South Korea77%
United States60%
United Kingdom60%

(Source: Irdeto Global Gaming Survey 2020)

The problem has only gotten worse since then. Top games like Call of Duty: Warzone, Destiny 2, and PUBG have seen massive upticks in cheat usage. Activision banned over 600,000 Warzone accounts for cheating in 2022 alone.

Cheats are also becoming increasingly sophisticated. Cheat developers are exploiting vulnerabilities in anti-cheat drivers, using kernel-mode rootkits to hide, spoofing hardware IDs, and more. They‘re often charging subscription fees of $100+/month for these "undetectable" cheats, raking in piles of cash.

This puts immense pressure on game studios to level up their anti-cheat efforts. Many of the software-based methods of detection that have been relied on for years are no longer enough on their own.

This is where hardware features like TPM 2.0 come in. By rooting trust in dedicated security hardware, anti-cheat gains a much stronger foundation to build on:

  • The TPM‘s unique, unforgeable attestation key acts as a fingerprint that permanently identifies that system. Attempts to spoof it can be detected.
  • Storing anti-cheat keys and configs in the TPM‘s tamper-resistant secure memory makes them much harder for cheats to access and manipulate undetected.
  • Secure Boot blocks cheats from getting a foothold pre-boot and then hiding from scans.

Riot has stated that mandating TPM 2.0 has allowed them to implement new anti-cheat techniques in Vanguard that were not possible before. While they haven‘t disclosed specifics, it likely involves using the TPM‘s secure key generation and storage to authenticate sensitive cheat detection mechanisms.

Valorant is not alone in this trend. Fortnite and Destiny 2 also now require TPM 2.0 and Secure Boot. More competitive games are expected to follow suit.

Backlash Over Increasing Anti-Cheat Invasiveness

While most players are in favor of stopping cheaters, there‘s also been significant backlash to anti-cheat becoming more and more deeply embedded into systems.

Vanguard‘s kernel-mode driver is already controversial for how much access it has and how early it loads. Now with the ability to interact with low-level firmware like UEFI and hardware like the TPM, it‘s reaching even further.

Critics argue that this crosses a line and gives Riot dangerous reach into players‘ PCs. A common refrain is that they want to play Valorant, not have Riot snoop through their entire system.

There are fears that Vanguard could abuse its position to access sensitive personal data unrelated to the game. Some also worry that if the driver itself has vulnerabilities, it could be exploited by malware to gain elevated privileges and cause harm.

However, Riot maintains that Vanguard is laser-focused on stopping cheaters and protecting competitive integrity. They state the driver only activates when the game is running and its scans are narrowly limited to game-related files and memory.

Riot has tried to build trust by:

  • Being upfront in blog posts and support articles about what Vanguard does, what it doesn‘t do, and why
  • Maintaining a public documentation site detailing Vanguard‘s core components and how they work
  • Paying out bug bounties (up to $100,000) to security researchers who find and disclose vulnerabilities in Vanguard so they can be fixed
  • Submitting Vanguard to Microsoft for attestation signing, indicating it meets their security standards for kernel drivers

The Future of Anti-Cheat

As long as there is money to be made in selling cheats, their creators will continue to devise new ways to circumvent detection. The battleground will keep shifting to lower and lower levels in pursuit of that bedrock of trust.

Hardware security features like TPM, Secure Boot, and virtualization-based protections will become increasingly important tools for anti-cheat. When properly implemented, they provide much stronger guarantees and dramatically raise the bar for cheaters.

At the same time, anti-cheat makers must recognize the valid concerns around privacy and security. Players have a right to know exactly what anti-cheat is doing on their system. Transparency is paramount.

Finding the right balance is not easy, but it‘s essential for the long-term health of gaming. Unchecked cheating can devastate games and drive away legitimate players in droves. But invasive anti-cheat breeds resentment and risks burning goodwill.

The key is open, honest communication and anti-cheat that is as unobtrusive as possible while still being effective. Riot seems to be learning this lesson, with Vanguard team members increasingly engaging the community directly to explain changes and assuage fears.

If nothing else, this trend proves that competitive integrity is now a front-and-center priority in the industry. Studios are realizing they can‘t take a back seat and must defend their games vigorously. Hardware-based security tech like TPM and virtualization will be a critical part of that going forward.

Valorant is on the leading edge of this shift, but expect to see TPM 2.0 become a common requirement for ranked play in the next few years. The battle between anti-cheat and cheat makers has moved to the hardware layer, and there‘s no going back.

Did you like this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.