Device Guard
1 Topic
Kernal DMA Protection in dell inspiron 14 5405
AMD Ryzen 7 4700U I have upgraded the OS from home to pro to Enterprise version 20H2 Then I checked the Hyper-V using the systeminfo.exe command from cmd The output was compatible: 64-bit processor with second-level address translation (SLAT) is enable Virtual Machine Monitor Mode Extensions is enable Virtualization Enabled In Firmware (These require enabling from bios) Data Execution Prevention is enable I entered the bios by pressing F2 For Hyper-V the BIOS has one line which is: Virtualization Technology I have enabling it. Now I have verified Hyper-V requires using the system info command The result was Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed. Meaning, Hyper-V is detected but!!!!! I check for kernel dma protection in system information What does it require? The rule says that when you enabling Virtualization Technology on bios , kernel Dma protection is enabling Automatically. Why kernel dma protection is off? I tried Coreinfo64.exe When disable Virtualization Technology on bios coreinfo Output: HYPERVISOR - Hypervisor is present SVM * Supports AMD hardware-assisted virtualization NP * Supports AMD nested page tables (SLAT) - : not enable * : SVM and slat mode is enable Again check kernel dma protection - kernel dma protection is off !!! And when I enabling Virtualization Technology from the bios: coreinfo Output: HYPERVISOR * Hypervisor is present SVM - Supports AMD hardware-assisted virtualization NP - Supports AMD nested page tables (SLAT) SVM and slat mode is disable and Virtualization is enable WHAT!!!! Therefore, I cannot use Device Guard and Credential Guard. Why kernel dma protection is off? The reason... I have to check several things, and they are: Secure boot enabled TPM v2.0 Ensure boot is configured to use (UEFI) OK All steps are available There are requirements to look out for and they are : IOMMU i/o Memory Management Unit Enabling Secure Virtual Machine Mode (Svm) Or I looked for something called AMD-V All of these steps require checking bios settings In the bios configured insydeh20 on this device, these settings do not exist Why I'm enabling Virtualization Technology from the bios (Svm) disable (SLAT) is disable And when I disable Virtualization Technology from the bios Svm and slat is enable Is there an overlap (Virtual enable on exe windows) or what I need to use Device Guard and Credential GuardSolved6.5KViews0likes9Comments