Vanguard On-Demand – Anti-Cheat Update
Riot Games’ Vanguard anti-cheat utilizes Secure Boot, TPM 2.0, and IOMMU to block kernel-level cheats and Direct Memory Access (DMA) hardware. According to Riot Games, these technologies reduce the kernel attack surface and establish permanent hardware identities, making ban bypasses cost-prohibitive by requiring the replacement of physical CPUs or motherboards.
Why is TPM 2.0 becoming the standard for anti-cheat?
The Trusted Platform Module (TPM) 2.0 acts as a secure cryptoprocessor that stores cryptographic keys independently from the system’s RAM and CPU. Riot Games uses this “immutable secret store” to implement driver attestation and non-fungible hardware identity.
A TPM’s Endorsement Key is burned into the hardware during manufacturing. If Vanguard bans this specific key, a user cannot bypass the restriction via software. According to Riot Games, bypassing a TPM-based ban requires the user to physically replace the chip or the entire CPU.
Riot distinguishes between discrete TPMs (dTPM) and firmware TPMs (fTPM). Because dTPMs are often not soldered to the motherboard, they can be replaced for a low cost. To increase the cost of ban evasion, Vanguard mandates fTPM for restricted accounts, as these are integrated directly into the CPU.
How does IOMMU stop DMA hardware cheats?
The Input-Output Memory Management Unit (IOMMU) functions as a hardware firewall between PCIe devices and system memory. Without IOMMU, high-end cheating peripherals—some costing up to $6,000—can use DMA to request raw physical addresses in RAM, allowing them to read game memory undetected.
When IOMMU is active, devices cannot access physical RAM directly. They must use virtual addresses via a translation table. Riot Games uses this to mark game memory as unreadable; any attempt by a DMA device to access that memory triggers a hardware fault, according to the developer.
Riot Games reported that for the past year, they have applied full IOMMU restrictions specifically to high-ranked VALORANT players suspected of abusing DMA hardware. This targeted approach renders the external cheating hardware useless without impacting the broader player base.
What happens as Secure Boot and Driver Attestation evolve?
Secure Boot prevents the loading of unsigned malware by blocking bypasses for Driver Signing Enforcement and PatchGuard. By requiring Secure Boot, Vanguard ensures that only verified, signed drivers can enter the kernel.
This requirement, combined with driver attestation, limits the “kernel surface” that anti-cheat software must monitor. When unsigned drivers are blocked at the boot level, the number of potential entry points for cheats drops significantly.
The trend is moving toward a “hardware-verified” chain of trust. Instead of the anti-cheat software fighting a battle in the operating system, the hardware itself (TPM, IOMMU, and UEFI) rejects the cheat before the game even launches.
Comparison: fTPM vs. dTPM in Ban Evasion
| Feature | Discrete TPM (dTPM) | Firmware TPM (fTPM) |
|---|---|---|
| Physical Form | Separate chip/module | Integrated into CPU |
| Replacement Cost | Low (Approx. $5) | High (CPU/Motherboard) |
| Vanguard Status | Sufficient for Pre-Check | Required for Restricted Accounts |
Frequently Asked Questions
Does enabling TPM 2.0 slow down my PC?
No. The TPM operates with logical independence from the processor and RAM, meaning it does not impact gaming performance.
Can I bypass a Vanguard hardware ban by changing my IP?
No. Vanguard uses the TPM Endorsement Key, which is a physical identifier burned into the hardware, making IP or MAC address changes ineffective.
What is a DMA cheat?
Direct Memory Access (DMA) cheats use external hardware connected via PCIe to read system memory without the OS or anti-cheat software detecting the process.
Why does VALORANT require Secure Boot on Windows 11?
Secure Boot ensures that only signed, trusted drivers are loaded, preventing cheaters from using unsigned drivers to bypass kernel protections.
Join the conversation: Do you think hardware-level mandates like TPM 2.0 are the only way to stop cheating in competitive gaming, or is this an overreach of privacy? Let us know in the comments below or subscribe to our newsletter for more deep dives into gaming security.