Core isolation and memory integrity - UEFI settings (vt-d)


  1. Posts : 3
    Windows 10 Home 64
       #1

    Core isolation and memory integrity - UEFI settings (vt-d)


    Hi folks.
    A week ago I migrated to Windows 10 from Windows 7 on a well aged ivy bridge system. So far everything went very well and I'm glad I finally made the step. I'm just "breeding" over a subject that I just can't seem to find any hard information about.

    Under "core-isolation" I activated the point "memory integrity", that wasn't activated after a clean install. It seems to work just fine. No problem whatsoever so far.
    I have vt-x and vt-d activated in UEFI and I understand that vt-x obviously is essential for this feature. But what about vt-d? Does Windows 10 utilize this feature in any way for security purposes or can it be disabled? (Or the other way round, does it have to be disabled for some reason I don't know.)
      My Computer


  2. Posts : 16
    Windows 10
       #2

    Even if hardware virtualization is enabled in the BIOS, VMWare or VirtualBox will not run if the Hyper-V hypervisor is running. The hypervisor is active even before the OS loads and locks VT-x. If you want to run these even if Hyper-V is enabled you need to prevent the hypervisor from loading. (This will allow VirtualBox/VMWare to run successfully but of course Hyper-V vms will not run). You do that from bcdedit. If there is an entry for hypervisorloadtype set it to Off. If you have never installed Hyper-V or if it has been successfully uninstalled it should either be absent or set to Off already.

    As far as I know, VMWare and VirtualBox do not use VT-d. It is concerned with Directed I/O. It is not enabled on my machines, and both VirtualBox and Hyper-V run as expected (on different host machines) with Windows 10 version 1809.
      My Computer


  3. Posts : 3
    Windows 10 Home 64
    Thread Starter
       #3

    I think you may have misundertood my question.

    I'm not planning to ever run virtual machines.
    My only goal is to take advantage of the Windows 10 inbuilt security measures that are realized by virtualisation techniques. (If I'm correct "memory integrity" is basically the only one.)
    So I'm fine with the fact the hypervisor is running. That's the point after all.
    I just find these techniques to be terribly documented, at least for the average user. Everything I can find in the web is remarkably vague. So I'm not sure if they can benefit off vt-d although I don't think they do.

    - - - Updated - - -

    OK, I think(!) I found the answer myself. It seems vt-d is used for Kernel-DMA protection. As far as I understand this is only relevant if Thunderbolt 3 is available. That makes sense, too.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:33.
Find Us




Windows 10 Forums