Until they require fTPMs, an attacker can just choose to use a regular TPM.

A more sophisticated attacker could plausibly extract key material from the TPM itself via sidechannels, and sign their own attestations.

▲

Charon77 9 hours ago | parent [-]

I remember there's a PCI device that's meant to be snooping and manipulating RAM directly by using DMA. Pretty much one computer runs the game and one computer runs the cheat. I think kernel anti cheats are just raising the bar while pretty much being too intrusive

	▲	int_19h 4 hours ago \| parent [-]
		TFA explicitly describes those devices, and how anti-cheat developers are trying to handle this. But the main point there is that this setup is prohibitively expensive for most cheaters.