A trusted entity (probably Valve) could provide a locked down distro where kernel integrity is enforced through secure boot and TPM attestation, but that would mean giving up some control over your own system. There's no guarantee that anything client-side is impossible to bypass of course, but the goal would be to more or less match what Windows offers, which isn't perfect either.
You don't even need a developer mode. I was looking into making my own image based distro/system which has its bootchain entirely verified and I intend to make any modifications via system extentions[1], which IIRC also get measured aswell (or was at least planned somewhere). To be fair, this is purely additive or overlaying, so no removing of files, at best changing. This all would be signed using Secure boot and after the fact using dm-verity.
Secure Boot in theory isn't even necessary, only TPM2. Secure boot only ensure that you are actually booting into a binary that you expect to boot in this case, so if your binary is actually different it would result in different PCR values in the TPM indicating something is wrong.
Sadly a lot of end user software (flatpak, ...) isn't packaged & signed in a way which would allow for full "only run software I allow by importing public keys" (read Linux IPE[2]), but what can you do, only your best I suppose...
[1]: https://www.freedesktop.org/software/systemd/man/systemd-sys...
You don't need a full distro, you can just run the game in a VM sandbox with trusted computing extensions alongside whatever distro you want. That breaks cheats that rely on network/memory inspection, you can still cheat using the raw pixel output to drive faked input, but I don't think the loop is closeable there.
Has anyone produced a proof of concept for such a system, for gaming or otherwise?
Given that a certain amount of windows gamers have been having issues making sure their PCs complied with the config requirements for the latest COD/Battlefield, it would seem an even higher bar for a consumer targeted bit of software that needs to do more to be running securely (or add a different mode to your distro install and reboot to it), alongside the wider variety of distros/configs. Distros advertising themselves for gaming or getting people to migrate from windows are also trying to keep barriers to entry low or to appear simple.
That wouldn't be sufficient. You'd need a hardware component to verify the OS signature of the specific distro with a trusted (by the game company) asymmetric key, and that enforced driver signing.
Those things are all possible, but really the only entity that has the power to realistically do them is the OEM - Valve could do it for SteamOS, but only on it's own hardware.
Could reboot into secure mode for these types of games.
> giving up some control over your own system
There could simply be a developer option that disables these integrity checks but subsequently breaks online games that rely on them. Valve could also offer a module that allows signed user-space binaries access to kernel space, which would be an improvement over Windows offers in that anti-cheat wouldn't need to live in the kernel.
I think that's a fine trade off.