Any x86-64 Windows system without a hardware TPM 2.0. Boot Camp Macs, custom builds, bare-metal PCs, and VMs.
Signed native Windows driver that registers as a TPM 2.0 device through the Windows driver stack. No emulation or virtualization layer.
Passes all 9 validation categories with full command coverage.
Encryption and TPM protectors work. Boot volume will prompt for a recovery key on restart since the driver loads after boot.
Vanguard, RICOCHET, and other attestation-based anti-cheat systems pass. Real TPM 2.0 implementation, not a bypass.
PIN, biometric, and Credential Guard all work automatically after install.
HWID-locked activation, signed license envelopes, anti-tamper checks. Functional equivalent for systems without hardware root-of-trust.
Hardware-locked at activation. Personal covers 1 machine, Pro covers 3, Studio covers 5.