One of the big topics of discourse in the Linux gaming sphere recently has been Tim Sweeney's statement on porting Fortnite to the Steam Deck, where Sweeney argues that Linux would be too difficult of a target and the market not big enough to warrant the amount of resources it would take to bring all of Fortnite on the platform.
The central crux of the issue, from Sweeney's point of view, is that making Easy Anti-Cheat, with all of its capabilities, run on Steam Deck (and thus on Linux) would be extremely difficult. He argues, that for a game of Fortnite's size this would open the flood-gates to significant influx of cheaters.
There have been some responses to this from the Linux side, with some accusing Sweeney of exaggerating the difficulty of such a port or that his statements are conflicting, because he simultaneously believes the Linux market is too small to be worthwhile but also would provide a way for too many cheaters. I will address some of these aspects a bit later, but for now let's focus on the main technical blocker, which is Easy Anti-Cheat.
Easy Anti-Cheat, or EAC, is an anti-cheat solution which apparently comes in a few configurations. We know that it can be run in a configuration where it is compatible with Linux/Proton apparently with just a relatively simple toggle. However, this mode of operation is seemingly a comparatively high-trust configuration, where only part of the anti-tampering protections of EAC are active. This may prevent some cheats but fail to detect others, which can be perfectly reasonable for games, where the number of cheaters and potential cheaters are fairly low or other systems complement the anti-cheat solution. There are plenty of games, even some popular free-to-play titles, which at best have this level of anti-tamper protection and they don't seem to have a major cheating epidemic, so clearly in many cases this should be enough. We also don't know the scope of cheats that are detected by EAC in this configuration, so this system by itself may already be fairly comprehensive.
EAC also contains a kernel-level component, which on Windows is installed as a kernel driver. This allows EAC code to run at a very privileged level and inspect essentially any and all parts of the system in order to detect tampering. This provides a very broad level of monitoring, which is also harder to bypass. Based on Sweeney's comments, this is the mode of operation used by Fortnite. It is also a mode of operation that is technically incompatible with the Linux way of doing things.
In Linux, the standard way of delivering drivers is by submitting the driver into the kernel source code tree, which naturally requires that the driver be open source. Most drivers are delivered this way, where the driver gets tightly integrated into the kernel and the drivers are updated when the kernel is updated. There are of course some notable exceptions to this rule, the largest of which is the Nvidia driver. The Nvidia driver is instead loaded as a separate kernel module, which allows Nvidia to keep its source code hidden, but also allows the driver to be updated separately from the kernel. So, EAC could surely use this approach as well, right?
The separate kernel module approach comes with some gotchas. Firstly, the kernel is licensed under GPLv2 and many of the parts in the kernel require the calling code to also be GPLv2 due to the "viral" quality of GPL. This means that, legally speaking, if Epic were to turn EAC into a kernel module and started poking around the kernel APIs, they'd have to open source EAC or they'd be in a legal grey area. The first approach is obviously not possible due to their business model and the second is at least not a great look.
Another problem with separate kernel modules is that the Linux kernel only guarantees a stable user-facing interface. This means that almost anything is allowed to change inside the kernel as long as user-level programs continue functioning. This is also the reason why sometimes the Nvidia driver stops working when you upgrade from one kernel to the next without installing an up-to-date Nvidia driver as well. So, when Sweeney is complaining about the multitude of kernel configurations, he's not wrong. EAC would need to maintain a compatibility shim similar to that of the Nvidia driver, which ensures that the EAC kernel module functions with each kernel version out there. Every time the kernel updates, an EAC engineer would need to go over the changes and update the compatibility shim every time there's a breaking change while still maintaining the compatibility with older kernel versions.
Theoretically you could overcome this problem somewhat by only targeting the Steam Deck and its SteamOS. This would give you a single kernel version to target, although Epic would need to negotiate with Valve in order to ensure their driver is somehow shipped with SteamOS.
But the problems don't end there. Since Linux is a fully open platform, there is technically nothing that would prevent a determined cheater from cracking open the Linux source code and making some tactical changes to how the kernel behaves, building the kernel and then making the EAC kernel module blind. On Windows the EAC developers can assume that the black box that is the NT kernel is at least somewhat difficult to modify by users. This means that in kernel-space they can assume some level of security through obscurity. On Linux this assumption does not hold. The only way for Epic to overcome that problem would be to negotiate with Valve to lock down the Steam Deck, which Valve has already decided not to do.
So, from EAC's point of view the Linux platform can never be quite fully trusted, which is entirely fair, because from the user's point of view EAC can never be quite fully trusted.
But surely Epic could still somehow bring Fortnite to the Steam Deck, right? Surely they could ship a version of Fortnite without the kernel-level component, right?
That they could, which brings us to the points about market share and the viability of cheating. Sweeney argues that the Linux market is too small, which initially sounds a bit odd because he then goes on to worry about the large numbers of cheaters. The kicker is here that the small Linux market doesn't necessarily guarantee a low number of cheaters. If it turns out that certain cheats are possible via a Linux version of Fortnite, this will attract some cheaters to use the platform in order to bypass EAC. It won't be all of the cheaters, many casual cheaters would likely not bother to learn Linux in order to cheat in a video game, but there is no doubt a group of cheaters that would take the opportunity. So, Fortnite would see some increase in cheating, but without good data it is hard to determine how big that effect would be. However, considering the popularity and free-to-play nature of Fortnite, it could very well be that it would be an attractive enough target for cheaters to attack even if there is a slightly higher initial investment. Cheat makers on the other hand would probably eventually find ways to package their offerings in an accessible enough format, like boot-to-cheat USBs or pre-configured VM images.
Some solutions to this problem have been proposed. For example, they could silo Steam Deck/Linux users in such a way that they will never come into contact with the rest of the playerbase. This would contain cheating, but it's also a hard-handed measure that would likely be unpopular. It would also require some amount of work to accomplish and I think it's fair for Epic to discount options that would cause extra work on them.
So, what's the solution to the problem? Here's the thing: I don't think there is one. My personal opinion is that client-side anti-cheat is fundamentally limited and taking it into the kernel is a bandaid that comes with excessive cost and is simply incompatible with the Linux platform. So, as long as Epic insists on maintaining its current anti-cheat approach with Fortnite, I just don't think there's going to be Fortnite on Linux.
And that doesn't mean Tim Sweeney is wrong or lying about the difficulties of adapting that approach to Linux. It just means that a new or different approach is needed in the future.
Article taken from GamingOnLinux.com.
I'm unhappy they will have to have, because it makes the Steam Deck less attractive to them. And if any of those people cared about the arguments people here are making about the dangers of kernel level access for foreign software, they wouldn't be playing Fortnite in the first place.
I don't think it's a reason to feel bad for them. I don't.
Imagine something is harmful and clueless crowds don't mind it becasue they are clueless enough about it. And then something actually does come out with security in mind and these crowds don't like it. I think it's good to have alternatives that do the right thing rather then use "cater to the clueless crowd" approach every time.
Last edited by Shmerl on 10 February 2022 at 6:31 pm UTC
areamanplaysgame Feb 10, 2022
There is one solution: ship a cloud version of fortnite. Not the best solution but depending on how it is implemented could work.
Several games on the Nintendo switch are cloud based like Control and Kingdom Hearts. There are companies that port your game to the cloud.
Not the best solution, still a solution.
Cloud gaming requires a pretty robust internet connection, though (significantly more internets than you need to simply connect a locally installed game to a server). But given that Fortnite already is (was?) available on mobile platforms, I guess Epic is not particularly worried about delivering a suboptimal experience for their very popular digital clothing store for ten year olds.
EagleDelta Feb 10, 2022
All this stuff about whether people should trust a Fortnite on Linux with a kernel anti-cheat module is somewhat beside the point. So, if there were such a Fortnite, the security-conscious people wouldn't buy--um, it's free--wouldn't acquire it. Fine, fair enough.
But that's not important. The issue here is whether people who already play Fortnite on Windows with EAC with kernel-level access, will be able to do the exact same thing on their shiny new Steam Deck where they probably don't keep their sensitive information anyway. Not being able to do that is a disappointment I'm unhappy they will have to have, because it makes the Steam Deck less attractive to them. And if any of those people cared about the arguments people here are making about the dangers of kernel level access for foreign software, they wouldn't be playing Fortnite in the first place.
While they can technically install Windows on the SteamDeck to play Fortnite, the supported software is SteamOS and, as such, no official "support" for EGS was going to be there anyway. This is no different than Switch at launch or any other console at launch with limited software options.
As LTT called it and Gardner Bryant mentioned - the SteamDeck should be seen as a Console pretending to be a PC that respects your right to the hardware ownership than just another PC since it's optimized for a Console-like experience. The only difference is that you can use it as a PC, not that it is meant to be used as one
That may be true, but it sounds like right now, the Linux kernel itself is partially the blocker. Even if a specific kernel version was required, there would need to be additional tweaks added (and accepted) into the kernel to prevent users from running/writing programs that use the BPF VM within the kernel, for example.
I meant by design, even though anti cheat would work on Linux, I just despise spying kernel modules playing cop in my ware. I miss multiplayer fps so much I'd be willing to use that kind of tech, but as a few comments mentioned, current AC are just snake oil, they're buying time but won't stop cheaters whatsoever.
What I mean is that you could do client-side password encryption in javascript on a web page, it doesn't mean it's good thing, and obfuscating the code won't make the whole process safer.
That is why we usually do stuff server side, cause the golden rule is (or at least should be) never trust user input (actually never trust users, period).
Alas, in game authoritative servers are a common thing but there's just no way it is ever performant enough to do the entire computation by itself, not to mention latency and a billion other network issues, so a few things are left out to clients to figure out, and that's usually where the flaw is.
Wallhack ? Why does the client need to know the position of players they can't see in the first place if the server is doing all the damage computation anyway ? It's just easier and less computation intensive.
Teleport ? Why would you trust the user telling you it went at thousands of m/s for a few frames ? Or why would you have the teleport feature exposed to clients over the network ?
Aimhack ? Why would you blindly trust user orientation ? 'cause the user's mouse DPI is the limit ? Or maybe just add a truly random spread pattern or some faulty weapon events, it ain't fair but life ain't fair either. More seriously you should time the average reaction time (aiming speed) of the users and for that specific user, compared those to the view moving speed, there's like a millions things for devs to try out there.
These are just silly examples, sadly there is no recipe for cheating so there can't be a magic recipe for preventing cheating, devs should allow budget on that specific part and listen to the community, do some red team pentesting and shit.
Overall I am just really not looking forward putting memory cops in my system, what's the next move, hand over my id to create an account ? Oh wait..
And that's probably not hard on Steam Deck, but it may be hard getting distros to support it.
I doubt any distro will willingly offer support for malware level kernel module.
That's why I said it may be hard on other distros. And I agree I wouldn't want that either, not for any game in the world.
Did I say something about feeling bad for them?I'm unhappy they will have to have, because it makes the Steam Deck less attractive to them. And if any of those people cared about the arguments people here are making about the dangers of kernel level access for foreign software, they wouldn't be playing Fortnite in the first place.
I don't think it's a reason to feel bad for them. I don't.
I want lots of Steam Deck sales.
(and for those who buy to continue using SteamOS rather than loading Windows onto it)
I think lots of people gaming on SteamOS due to buying Steam Decks will be good for the future of Linux gaming, even crucial.
Things that will interfere with there being lots of Steam Deck sales, or with use of SteamOS on those Steam Decks, therefore, are bad.
Fortnite not working on SteamOS because Tim Sweeney won't enable EAC-for-Proton on Fortnite, is such a thing. So it's bad.
Why does everyone seem to think I'm making some other point than the really obvious one? Why do so many people seem to have so little interest in keeping their eye on the ball that when I say look, there's the ball, they come back with "Forget about that, there's a seagull pecking at something on the field"?
Last edited by Purple Library Guy on 10 February 2022 at 9:35 pm UTC
I'm sure this is true, and doubtless it's worth pointing out, but it's way to the side of any point I was making.So, if there were such a Fortnite, the security-conscious people wouldn't buy--um, it's free--wouldn't acquire it. Fine, fair enough.
I'm just responding to this little bit before bowing out because you've said it several times, but Fortnite isn't free. Up-front cost is zero perhaps, but the psychological pressure to buy items, to spend money on the game, to have adverts targeted directly at you, is the real cost.
I do believe a solution could be found, if it is really wanted. I believe creating a kind of trusted bubble should be technical possible, and it should be no problem for a program to check if the kernel (or the bubble) has be corrupted.
To do that you require a completely locked down system where a single entity controls the private keys and use something similar to TPM to make sure that the entire software stack is what this single entity expects it to be.
But just to show how hard this is to actually pull off we can just point to the available cheats for consoles, and consoles by their very nature try very very hard to create such a bubble (not to specifically avoid cheats but to be the single controlling entity of the entire machine, aka to make sure that you only buy games from them and not run something of your own on it).
To all people saying that not trusting the client or moving the game to the cloud is the solution - you seem to ignore the existence of network latency.
I think that you are misunderstanding what people mean. People are not saying that putting a game like Fortnite in the cloud would be a good solution for the gameplay itself, no what they mean is that putting it in the cloud is the only solution if you really want to stop the cheaters. As long as you rely on the client being honest you are going to loose this battle, there is not a single thing that you can do to make it work this way.
Now there can be made an argument that, well we don't need to be 100% free from the cheaters so if client side makes it just 90% safe then that might be a good compromise. Well the problem is that the real world numbers are probably more like 5% then 90%, going by peoples experience there are vast amount of cheaters out there for these highly competitive games.
And I've seen this first hand, back in my Wii U days I became quite good at the online part of Watchdogs, but then suddenly one day almost every single opponent I tried to hack would instantly find me long before I had even travelled to where they where in the game (which is impossible without cheats). That was the last time I ever played a game online.
EagleDelta Feb 10, 2022
This isn't unique to Linux, the anti-cheat developers want your PC to be more like a Console because they want that sweet PC revenue, but don't want to give up the control Consoles give them.
eridanired123 Feb 10, 2022
To all people saying that not trusting the client or moving the game to the cloud is the solution - you seem to ignore the existence of network latency.
False.
Gforcenow latency is pretty fine on LOL, GW2 and BDO which are the competitive games I've played. I can assume other gaming clouds to have similar results. And I'm not a resident of a first world country by any means.
Last edited by eridanired123 on 10 February 2022 at 11:22 pm UTC
Did I say something about feeling bad for them?
I want lots of Steam Deck sales.
I don't think sales at the cost of perpetuating poor security is a good idea. That's my take on it at least. Those who sell stuff that causes damage becasue there is demand are doing a very questionable thing.
If information security sounds too abstract, you can use some more tangible example. Let's take transport. Imagine someone will say it's good to sell more but risky vehicles, because someone hyped that it's "cool" and clueless masses want that.
I'd argue those who sell that will bear responsibility for the harm that will cause.
Last edited by Shmerl on 11 February 2022 at 2:32 am UTC
One game which requires a kernel module? You can ignore that game (and therefore the module).. But the game is still popular so other companies see it mostly works, so another game studio tries it.
Again, only a small percentage of users reject it. Thus more studios see it's okay to do it. So again, more games start adding it.
Next thing you know, you'll find every new game requires its own kernel module to be installed, and if you want to play games you must always give game studios full access over your computer.
Then it'll move over to other industries like music and movies to stop piracy.. so you'll need a module from them too.
Can this really be justified? Honestly.. imo no. At this point, you basically don't have the right to control your computer anymore if using their software.
Sadly, you always get a small group of people who can see it's a bad thing and try to stop it.. but you also always get a large group of people who don't understand why it's bad (no one explained it properly) or defeatists who simply say "well you can't stop it anyway" and allow it to happen.
Just look at the EARN IT act, or the many spying laws in the UK to see how that works.
Last edited by BlackBloodRum on 11 February 2022 at 2:35 am UTC
EagleDelta Feb 11, 2022
what I don't get about this whole article... is how does the heck Fortnite for Android works? and I think there's enough android "distros" out there, that have plenty of different kernels. Did google let them run a proprietary module on their kernels?
I'm sorry if my question is too stupid I simply ignore this.
They will detect if you are running with root, or running with an unlocked bootloader, or try to see if you're running a custom ROM and block those things.
I.e. it is understood that nothing will stop a _very_ determined individual. But if you raise the threshold so high that 99[.99]% of people give up trying, the goal is achieved.
PC is slowly moving towards this as an architecture, but it will always remain more open than a dedicated hardware.
Doing everything server-side is an unacceptable latency (as of now). Yes, the tech is also improving in that area, but for example if you wanted to prevent aimhacks, you'd need to make the server authoritative over the mouse movement - and good bye the feeling of smoothness when playing at 60 or more FPS.
So the critique and ideas voiced here are often indeed underway, but in the meantime existing anti-cheat mechanisms need to work with what we have - PCs that cannot be fully secured, games that cannot relegate everything to the server. And they do make a difference, very noticeable one for the players.
EagleDelta Feb 11, 2022
that probably can be easily bypassed with MagisK. There's actually nothing preventing me from patching my own kernel and building a custom rom image, with a patched kernel to run on my android device (and running fortnite with full customized kernel). I don't see that being any different from Linux distros, It might be a little more complicated to setup and compile, than lets say installing xanmod or liquorix kernel, but it's totally doable.what I don't get about this whole article... is how does the heck Fortnite for Android works? and I think there's enough android "distros" out there, that have plenty of different kernels. Did google let them run a proprietary module on their kernels?
I'm sorry if my question is too stupid I simply ignore this.
They will detect if you are running with root, or running with an unlocked bootloader, or try to see if you're running a custom ROM and block those things.
Anyway... I think that clearly, they are not relying on a kernel module on android, so all this about GPL incompatibilities with EAC and the kernel is all nonsense.
Besides let's not make it about Linux only tho... I think that probably Apple wouldn't allow a kernel module for anticheat on their kernel, for the obvious security reasons.
In my opinion...this is not about Linux only, Google banned fortnite from their play store, Apple did likewise. So maybe the problem is Epic here. Maybe their app wants unlimited trust, their app needs more permissions and priviliges, than anything out there, so it's getting banned, for security reasons.
And Sweeney is so blinded with greed, that cannot see the Elephant in the room here.
Not sure that will be a thing anymore. Back in August, Magisk said they were dropping support for hiding root from SafetyNet and joined the Android Platform Security Team.
https://www.xda-developers.com/magisk-development-continues-without-magiskhide/
The latest Magisk release from 2 weeks ago no longer contains MagiskHide
EDIT: Looks like that release just copied the release notes from 24.0
https://github.com/topjohnwu/Magisk/releases/tag/v24.1
Last edited by EagleDelta on 11 February 2022 at 4:09 pm UTC
The problem is that even a TPM or Pluton would be unsuited to combat cheaters.
A cheater could simply modify one system and keep another "legit" one. When something asks for a verification, you send that request to the legit machine, have it attest that everything is ok and send that back instead.
This is also why TPMs aren't used to enforce DRM, btw.
Right! I missed that. This is often a general problem in TPM / remote attestation implementations, that after the check you can exchange the system and thus "spoof" the check that it has not been tampered with.
The standard way to combat this in a normal TPM / remote attestation scenario is to encrypt the communication with a key where only the TPM has the private key to decrypt it. So only the trusted non-manipulated software can read the communicated data. However, routing FPS gaming network traffic through a TPM admittedly is prohibitive ;)
The separate kernel module approach comes with some gotchas. Firstly, the kernel is licensed under GPLv2 and many of the parts in the kernel require the calling code to also be GPLv2 due to the "viral" quality of GPL. This means that, legally speaking, if Epic were to turn EAC into a kernel module and started poking around the kernel APIs, they'd have to open source EAC or they'd be in a legal grey area. The first approach is obviously not possible due to their business model and the second is at least not a great look.Based on the Linux Syscall Note, using system calls does not count as deriving from the Linux kernel. Otherwise closed-source drivers and libraries couldn't legally exist. You might argue that EAC needs to do more than what the NVIDIA driver might access, and you may be right, but it's not clear how GPL would prevent them from doing those things.
Last edited by hagabaka on 11 February 2022 at 9:06 pm UTC
What is the point of "breaking the steam monopoly" if you are going to concede the underlying OS to an even bigger competitor that has a proven track record of monopoly abuse?
Patreon
PayPal
See more from me