I notice that NVML now reports GPU serial numbers even for (at least some) GeForce cards. This could potentially be used (instead or as well as things like hard disk serial numbers, MAC addresses, etc.) in a software licensing mechanism. How easily it could be spoofed though? It seems like it would be quite easy for an end user to substitute their own nvml.dll. Would something like WinVerifyTrust() allow the authenticity of nvml.dll to be verified or could this be defeated by an end-user adding their own certificates to their system and self-signing their fake nvml.dll?