Plain-language guide for beginners. What these features do, why anti-cheats love them, and why internal/external cheats are at a disadvantage.
Secure Boot only runs bootloaders and OS components that are signed and trusted. It helps stop unsigned/modified boot code and drivers from loading at startup.
Because the system verifies signatures during boot, it’s harder for cheats to sneak in low-level code before Windows starts.
Secure Boot doesn’t “detect” cheats by itself. It enforces integrity so anti-cheats can trust what’s running and apply stricter checks.
Think of the TPM as a hardware notary. It measures critical parts of the boot process and can prove to software (like anti-cheat) what actually booted.
With attestation, the TPM can provide signed evidence (measurements) that the system booted in a known-good state. If values don’t match, you can be flagged.
You can “spoof” some visuals, but you can’t easily fake the TPM’s signed measurements. When anti-cheats query the TPM, mismatches are a red flag.
Kernel drivers must be properly signed. Secure Boot helps enforce that. Cheats that rely on unsigned or tampered drivers are blocked or stand out.
With TPM measurements, anti-cheats can tell if core components were modified. If your boot chain isn’t clean, you risk instant flags.
Combined with modern kernel protections, it’s harder to hide or inject code. Even “external” cheats that read memory via software are easier to spot.
Anti-cheats like Vanguard and EA’s systems actively reverse engineer cheats and track how drivers manipulate the system. The bar keeps rising.
"Just spoof Secure Boot and you’re safe"
Even if you trick UI indicators, TPM attestation can reveal the truth about your boot state. When queried, mismatched measurements can lead to flags and bans.
"TPM/Secure Boot only matter for DMA"
They matter even more for internal/external cheats, because those depend on drivers and process tampering that these features make harder to hide.
"Anti-cheats can’t query TPM"
Anti-cheats can rely on platform services and integrity signals (including TPM-backed attestation) to decide trust. It’s not magic, it’s standard security tech.
TPM 2.0 and Secure Boot are becoming required in big titles (e.g., Battlefield 6, Call of Duty Black Ops 7). If you don’t understand basic computer security, you’ll keep getting banned without knowing why.
Learn the fundamentals first. Read our Misconceptions and Anti‑Cheats pages. DMA is not a shortcut to safety—it’s a different set of risks.