How does the AC check the BIOS version? If you have DMA you should be able to spoof that, even against the kernel I assume. I guess its a cat and mouse of spoofing detection by the AC versus the cheat devs?
Possibly TPM backed remote attestation. Having said that, once you are at the point of being worried about hardware DMA attacks, TPM attestation is not as full proof as you might think.
The bios flaw they were exploring was the bios having flawed anti DMA protections.
From the article
According to the company, the Input-Output Memory Management Unit (IOMMU), which protects system RAM from Direct Memory Access (DMA) devices, is not fully initializing upon boot in some motherboard models. This means that even though the BIOS might indicate that Pre-Boot DMA Protection is active, it’s not actually protecting the entire system.
How does the AC check the BIOS version? If you have DMA you should be able to spoof that, even against the kernel I assume. I guess its a cat and mouse of spoofing detection by the AC versus the cheat devs?
Possibly TPM backed remote attestation. Having said that, once you are at the point of being worried about hardware DMA attacks, TPM attestation is not as full proof as you might think.
The bios flaw they were exploring was the bios having flawed anti DMA protections.
From the article