IOMMU is the hardware feature that anti-cheats now use to shut down DMA cheats — and in 2026 it has become part of the baseline they require to play. The Input-Output Memory Management Unit acts as a firewall for system memory: it controls what a plugged-in device is allowed to read over the PCIe bus. With it enabled, a DMA card that used to siphon game memory from a second machine simply can't reach the addresses it needs.
This is the same hardware-trust direction behind TPM and Secure Boot requirements, and it ties directly to how modern enforcement works. This article explains what IOMMU does, why FACEIT and Vanguard now lean on it, and the important distinction between "blocking a device" and the "bricking" myth.
Quick reference: IOMMU and DMA cheats
| Term | What it means |
|---|---|
| DMA cheat | A PCIe/USB card that reads game memory directly, often from a second PC |
| IOMMU | A memory firewall that restricts device access over the bus |
| VBS | Virtualization-Based Security, paired with IOMMU for memory isolation |
| Effect | DMA card cannot read protected memory while IOMMU is on |
| Required by | FACEIT, and enforced via IOMMU hooks by Vanguard |
What a DMA cheat is, and why it's hard to catch
A direct-memory-access cheat doesn't run as software on the gaming PC the way a traditional aimbot does. It's a physical card that reads memory directly over the bus, frequently feeding a second computer that does the processing. Because little or no detectable code runs on the gaming machine, DMA cheats have been one of the hardest classes to catch — which is why they command high prices. We covered the detection side in how anti-cheats detect DMA cheats and the hardware itself in DMA hardware cheats.
How IOMMU closes the door
IOMMU sits between devices and physical memory and enforces which regions a device may touch. When an anti-cheat requires IOMMU — usually alongside Virtualization-Based Security — the protected game memory becomes unreadable to an unauthorized DMA device. The cheat card is still physically present, but the addresses it wants are walled off. This is a hardware-level block rather than a signature scan, which is what makes it effective against a technique that was specifically designed to avoid software detection.
FACEIT has been rolling IOMMU and VBS out in stages, enforcing it for higher-Elo players, and reported banning over 200 players for DMA-based cheats during a limited rollout — including a handful using devices costing several thousand dollars. The requirement pushes cheat developers toward rarer, far more expensive techniques.
The "bricking" myth versus what actually happens
When Valorant's Vanguard began hooking IOMMU to neutralize DMA hardware, some reports suggested it could permanently damage devices. Riot publicly clarified that Vanguard does not damage hardware or disable your devices — it prevents an unauthorized DMA device from functioning while IOMMU protections are enabled. The card stops working as a cheat; it is not physically destroyed. The distinction matters: this is access control, not sabotage, even if the marketing around it was pointed.
For the broader picture of how Vanguard reads and gates the system, see our Vanguard deep dive. The same firmware-trust philosophy underpins the TPM 2.0 and Secure Boot requirements other titles now impose.
How this connects to hardware bans
IOMMU doesn't fingerprint you, but it belongs to the same regime that makes hardware enforcement work. The verified-boot, TPM-attested, IOMMU-protected baseline is what lets an anti-cheat trust the values it reads — the very identifiers that make a hardware fingerprint reliable. As DMA and firmware-level evasion get walled off, the firmware-anchored fingerprint becomes the dominant identity, and hardware bans get harder to dodge.
FAQ
Does enabling IOMMU hurt performance?
For typical gaming, the overhead is negligible. It is a standard platform security feature, not a tax on frame rates.
Will IOMMU brick my DMA capture card or legitimate hardware?
No. It restricts unauthorized memory access; it does not physically damage devices. Legitimate hardware that respects memory boundaries continues to work.
Why are anti-cheats requiring IOMMU now?
Because DMA cheats evade software detection by design. Blocking them at the memory-firewall level is more effective than trying to spot them in software.
Is IOMMU the same as Secure Boot or TPM?
No. They are separate features, but anti-cheats increasingly require all of them together as a hardware-security baseline.
The takeaway
IOMMU turns the hardest cheat class — direct memory access — into a hardware problem the platform can actually contain. It blocks unauthorized devices rather than damaging them, and it now sits beside TPM 2.0 and Secure Boot as something competitive games expect. The trend is consistent: as the cheap evasion paths close at the firmware layer, the hardware fingerprint becomes the anchor everything else is measured against.