January 8, 2026
Cheat-proof or player-proof?
Anti-cheat evolution in Windows 11
Windows 11’s anti-cheat sparks a fight over control, fairness, and Linux lockouts
TLDR: Windows 11 is adding a TPM-backed anti-cheat report to help games verify no kernel-level cheats are loaded. The community is split between cheering fair play and warning about Microsoft control, forced upgrades, and Linux lockouts—plus doubts that cheaters won’t just use a second machine anyway.
Microsoft engineer Andrea Allievi just dropped a New Year bombshell: Windows 11 is testing an attestable anti-cheat report that uses the PC’s TPM (Trusted Platform Module) to prove a game isn’t running sneaky, kernel-level cheats. His post breaks down how TPM “measurement chains” and a signed Quote (via an Attestation Identity Key) can give games a cryptographic thumbs-up that your system hasn’t been tampered with. Geeky? Yes. But the comments turned it into a full-on arena brawl.
The hottest take: cheaters will just use a second machine to read the screen and play for you, making anti-cheat at the OS level moot. Privacy hawks are fuming that this makes Microsoft the gatekeeper of your own PC, comparing it to Android’s “comply or be blocked” vibes. Linux fans smell a lockout, with jabs about forcing gamers onto Windows 11 and side-eyes at the Steam Deck. Cynics predict the “secure kernel will get hijacked” and roast the whole thing with memes like “TPM = Trusted Player Module.” Meanwhile, curious tinkerers probe the details: can attackers replay the TPM log, or does a fresh challenge stop that? The mood is split: some cheer stronger anti-cheat, others yell “hands off my rig,” and everyone’s doom-posting the arms race between cheaters and the OS.
Key Points
- •Two OS technologies built in 2025 are introduced: a Micro-executive for ARM64 PTE updates and an attestable anti-cheat report.
- •The article focuses on an attestable anti-cheat report intended to block kernel-level cheats during gameplay in Windows 11.
- •TPM is outlined as enabling integrity proofs, remote attestation, and conditional key release based on measurements.
- •PCRs and the TPM Extend operation create a cumulative, tamper-evident chain of measurements reflecting system state.
- •The OS keeps a TCG log and obtains AIK-signed PCR values via a TPM Quote (e.g., TpmApiQuote2), forming the basis for trustworthy anti-cheat attestation.