- Status
- Offline
- Joined
- Mar 3, 2026
- Messages
- 170
- Reaction score
- 7
Stuck on the Vanguard Secure Boot paradox – need some insight.
Been tearing my hair out trying to get a custom HWID spoofer running for Vanguard-protected titles. The current issue is the classic Catch-22: Vanguard requires Secure Boot enabled to even launch the client, but any driver I load at start-type 0 (the only way to hook the SSD serial retrieval before the kernel-mode anti-cheat initializes) is self-signed, which obviously forces me to disable Secure Boot to boot the system.
I have already looked into the following paths:
Has anyone here successfully managed to sign a driver for early boot in a way that satisfies the EFI requirements without triggering a full platform integrity failure? I am trying to avoid going the full DMA + custom firmware route if possible, though I know that is the gold standard for staying undetected against VGK.
Is there a way to spoof the disk serials at the EFI level before the OS loader even hands off, or are we strictly looking at a hypervisor-based solution at this point?
Interested to hear if any of you have tackled this specific boot-sequence hurdle. If you've managed to get an early-load driver signed and working with Secure Boot enabled, or if you have a cleaner way to handle the SSD serial reporting, drop a hint below. Trying to keep this from going into a perma ban loop on my main.
Been tearing my hair out trying to get a custom HWID spoofer running for Vanguard-protected titles. The current issue is the classic Catch-22: Vanguard requires Secure Boot enabled to even launch the client, but any driver I load at start-type 0 (the only way to hook the SSD serial retrieval before the kernel-mode anti-cheat initializes) is self-signed, which obviously forces me to disable Secure Boot to boot the system.
I have already looked into the following paths:
- Boot-Start Drivers: Loading a self-signed driver at start-type 0 is clean in theory because it intercepts the disk queries before Vanguard gets a chance to poll the drive hardware. The problem remains that Windows won't allow this without disabling Secure Boot, and Valorant throws a TPM/Secure Boot error immediately upon launch.
- Manual Mapping/Exploiting Signed Drivers: I attempted to leverage a known vulnerable signed driver like amifldrv64.sys to perform direct memory patches. While this avoids the self-signing issue, it loses the race. By the time I have control to patch the memory, Vanguard has already cached the original hardware serials, rendering the bypass useless.
Has anyone here successfully managed to sign a driver for early boot in a way that satisfies the EFI requirements without triggering a full platform integrity failure? I am trying to avoid going the full DMA + custom firmware route if possible, though I know that is the gold standard for staying undetected against VGK.
Is there a way to spoof the disk serials at the EFI level before the OS loader even hands off, or are we strictly looking at a hypervisor-based solution at this point?
Interested to hear if any of you have tackled this specific boot-sequence hurdle. If you've managed to get an early-load driver signed and working with Secure Boot enabled, or if you have a cleaner way to handle the SSD serial reporting, drop a hint below. Trying to keep this from going into a perma ban loop on my main.
