> Using an EK to sign a boot state on hardware that doesn't match is a flag to an anti-cheat tool

The idea is you implement a fake driver to sign whatever message you want and totally faking your hardware list too. As long as they are relatively similar models I doubt there's a good way to tell.

Yeah, I think there are much easier ways to cheat at this point, like robotics/special hardware, so it probably does raise the bar.