Tamper-Proof at Boot Aristocrat’s Secure Bootloader That Authenticates Gaming Machine Software Before Every Start

Aristocrat Technologies Australia has patented a secure bootloader system for electronic gaming machines that authenticates the operating system before the machine is allowed to run – ensuring that only approved, unmodified software can execute on regulated gaming hardware. The invention addresses a fundamental security challenge in the gaming industry: how to guarantee that a machine running in a casino or gaming venue has not been tampered with since it left the manufacturer.

The Problem

Electronic gaming machines (EGMs) are tightly regulated products. Gaming regulators around the world require that only certified, approved software can run on licensed machines – because the software determines game outcomes, payout rates and the fundamental integrity of the wagering experience. Any unauthorised modification to the operating system or game software could allow fraudulent manipulation of outcomes, undermining player trust and regulatory compliance.

Traditional security approaches rely on post-deployment checks or digital signatures on individual files. However, these methods have limitations – they may not catch sophisticated tampering that occurs at a low level before the operating system even loads, and they may not provide the real-time, per-boot assurance that regulators and operators increasingly demand. A gaming machine that passes a periodic audit could still be running compromised software between audits.

What is needed is a mechanism that authenticates the operating system at the moment of boot – before any potentially malicious code has a chance to execute – and prevents the machine from starting unless authentication succeeds.

What This Invention Does

Aristocrat’s secure bootloader system stores one or more datasets on a “shadow partition” – a protected area of the machine’s storage. Each dataset represents a known-good operating system volume. During the boot process, the system selects one of these datasets, authenticates it, and then creates one or more operating system volumes on the machine’s operating system partitions from that authenticated data.

Critically, the kernel of the operating system is only allowed to execute from the newly created volumes after authentication has been successfully performed. This means that if the stored dataset fails authentication – indicating that it may have been tampered with – the machine will not boot into an operating state. The integrity check happens at the lowest level of the software stack, before any game software or user-accessible code is running.

The shadow partition architecture also provides resilience: by maintaining authenticated datasets separately from the active operating system partitions, the system can recover from certain failure conditions without requiring physical intervention.

Key Features

Pre-execution authentication. The operating system kernel can only run after successful authentication of the boot dataset – ensuring that no unverified code executes on the gaming machine, from the very first instruction.

Shadow partition architecture. Authenticated operating system datasets are stored on a protected shadow partition, isolated from the active operating system partitions, reducing the attack surface for unauthorised modification.

Per-boot integrity verification. Authentication occurs every time the machine boots, providing continuous assurance rather than relying on periodic audits that could miss interim tampering.

Multiple authenticated datasets. The system supports storage of multiple operating system dataset versions on the shadow partition, enabling controlled rollback or recovery options while maintaining authentication requirements.

Broad applicability. While designed for EGMs, the patent title and scope explicitly covers other computing devices – reflecting the generic utility of the secure boot architecture beyond the gaming industry.

Who Is Behind It?

Aristocrat Technologies Australia Pty Limited is the Australian subsidiary of Aristocrat Leisure Limited, one of the world’s largest gaming technology companies. This application is a divisional of AU 2019202942. The inventor is Thomas Rizos. The application is managed by James & Wells Intellectual Property in Canberra.

Why It Matters

Gaming regulators worldwide are increasingly focused on the cybersecurity posture of gaming machines, particularly as EGMs become more networked and connected. A machine with a compromised operating system could theoretically be manipulated to favour particular outcomes or to exfiltrate data – risks that undermine the integrity of regulated gambling and expose operators to serious legal and reputational consequences.

Secure boot technology is already standard in many high-security computing environments, including payment terminals and military systems. Aristocrat’s adaptation of this concept for EGMs – with the specific architecture of shadow partitions and per-boot authentication – represents a meaningful advance in the security infrastructure of gaming hardware. With IPC classifications covering software protection (G06F 21/10) and gaming systems (A63F 13/00), the patent sits at the intersection of cybersecurity and regulated gaming technology.

---

AU 2026201520 was published in the Australian Official Journal of Patents on 19 March 2026 and is open for public inspection. Patent applications represent inventions that are sought to be protected and do not necessarily reflect commercially available products.

Related Concepts

Secure boot is a security standard that ensures a device only runs software cryptographically trusted by the manufacturer, and is now mandated in many regulated computing environments. For electronic gaming machines, the integrity of the software stack directly determines game outcome fairness, making boot-level authentication a critical regulatory requirement. Gaming regulators globally mandate continuous software integrity controls, driving demand for hardware-enforced security solutions.