(no title)

And then you're back to needing to load vgk.sys at boot time to play a Riot game. And that's dramatically worse as anticheats like Vanguard do PCIE & DMA screening, vulnerable driver blocklist enforcement, and other hardening at boot time.

The fence you're trying to maintain is already broken on both sides: media DRM (Widevine) does hardware attestation. TPM attestation already exists. Macs don't let you connect to some Apple services without a hardware-sourced ticket. Secure Boot enforcement and requirement by some apps is already a thing.