New
#140
It does activate like this. Still buggy/impossible to deactivate through the UI, just like in RS4.
However I suspect it's not fully functional. I've ran the Device Guard Readiness Tool again, and HSTI still fails. So the incompatibility is there, that's for sure, it's just that we brute-forced past whatever is in the way. At least this would be my guess.
I wonder if this will ever be fixed or this is just the way it's supposed to be and my PC is not meeting the requirements.
I don't think so, but the feature is not really functioning properly in RS5/1809.
For example, I can enable Memory Integrity on the more modern PC (see My Computer for specs) in 1803; I can also turn it on in my older FX8350 PC that boots with UEFI (CSM might be on, I will have to double check) but has VBS turned off.
On 1809 I can only turn it on with the registry, it always fails as incompatible if I use the UI toggle.
I'll edit this in a bit after I get to check on the other PC if it still works with CSM/Legacy boot.
---------------
EDIT: Memory Integrity "just works" on my old PC that has the FX 8350. What doesn't work after enabling it is the HD4850 driver, the OS puts the PC on the Basic driver from Microsoft. It works with CSM, works with or without Safe Boot, but it wants SVM (AMD-V) and IOMMU enabled. On Intel it should be VT-x and VT-d. Also works without CSM, but... even if I set the PC to Legacy only, it still appears as UEFI in msinfo. I don't know why. Seems like Win 10 can pretty much decide to use UEFI even if I try to disable it in BIOS.
PS: the Etron USB 3.0 driver is also not working with Memory Integrity. If you have an older PC which is most probably having older drivers that are not compatible, I wouldn't recommend bothering with this setting at all.
Last edited by t0yz; 13 Dec 2018 at 15:05.
Thanks t0yz...
The chances are that my HD7800 card's driver, dated as 09.2017, may not work either. Interestingly, the BIOS is set to EUFI first, but the system information shows "Legacy" BIOS mode.
Windows does not manage drivers on this system and some of them might be old, like from 2013, 2016, etc. Not to mention the latest BIOS version from 2012...
Maybe Microsoft should have updated this feature, instead of the Candy Crush app, but what do I know... . I'll leave this feature alone, thanks for the advise...
If you want some fun trivia, the ideal case should look like image below.
That would be a "Enhanced Hardware Security" compliant PC, with TPM, Secure Boot, UEFI only boot and Memory Integrity (which gives the "Enhanced" part of the status). Sadly it's also a Hyper V VM. Since 1809 is kinda broken in this aspect, HSTI is still showing as failing even with the HyperV Microsoft firmware (in msinfo), but Memory Integrity can easily be activated with the UI toggle. This is running on my main PC, which would have to force MI through the registry to achieve the same status. I have not bothered with it though. I just can't see the benefits of TPM and VBS and all of this for normal desktop users.
That
Hey Shawn, I have just finished rebuilding and setting up my old 6700K system, and tried Memory integrity and it worked.
So it works with my Z170 6700K, and worked with the Z370 8700K, but not with my Z370 board & 9900K(same memory sticks as the 8700K):
The only thing I can think of is the hardware based spectre and meltdown hardware mitigations and how it might have changed how the memory controller in the CPU communicates with the RAM(thru the L caches):
Meltdown: Variant 3 Rogue Data Cache Load
Meltdown: Variant 5 L1 Terminal Fault
Well it's not working since 1809 on my Z370+8700K combo, with latest BIOS and drivers, unless forced through registry, yet VMs can enable it with ease with the toggle. I have a feeling that installed software could affect the "incompatibility" message popup, but I'm too lazy to clean install 1809 at this point in time, where the 19H1 is relatively close.