New
#1
Windows memory integrity + Intel sgx
Winver 1803 ( build 17134.254)
Sorry for this long post but wanted to provide as much info as I can. Hopeful I am posting in the right area.
When I try to enable memory integrity in windows
security I get the below message event ID 157.I am a complete noob in this area.
When I turn it back off I do not see this warning.
Seems the more I read about it the less I understand what to do.
Event ID157 Hypervisor did not enable mitigations for cve-3646 for
virtual machines because hyperthreading is enabled and the hypervisor
core scheduler is not enabled. To enable mitigations for CVE-2018-3646
for virtual machines enable core scheduler by running "bcdedit/set
hypervisorschedulertype core" from an elevated command prompt and reboot.
Intel SGX is enabled .Have had a recent BIOS update for mitigations.
Also in system information it says hyperthreading is enabled
My hypervisor scheduler type is "root (0x4)" info obtained from event ID 2
in event viewer.
Here is system information in admin view.
OS Name Microsoft Windows 10 Home
Version 10.0.17134 Build 17134
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name LAPTOP-RP9S2D20
System Manufacturer HUAWEI
System Model MACH-WX9
System Type x64-based PC
System SKU C128
Processor Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1800 Mhz, 4 Core(s), 8 Logical Processor(s)
BIOS Version/Date HUAWEI 1.17, 7/28/2018
SMBIOS Version 3.0
Embedded Controller Version 1.17
BIOS Mode UEFI
BaseBoard Manufacturer HUAWEI
BaseBoard Model Not Available
BaseBoard Name Base Board
Platform Role Mobile
Secure Boot State On
PCR7 Configuration Binding Possible
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "10.0.17134.1"
User Name LAPTOP-RP9S2D20\humbi
Time Zone Pacific Daylight Time
Installed Physical Memory (RAM) 8.00 GB
Total Physical Memory 7.88 GB
Available Physical Memory 5.68 GB
Total Virtual Memory 9.13 GB
Available Virtual Memory 6.78 GB
Page File Space 1.25 GB
Page File C:\pagefile.sys
Kernel DMA Protection Off
Virtualization-based security Not enabled
Device Encryption Support Reasons for failed automatic device encryption: Hardware Security Test Interface failed and device is not InstantGo, WinRE is not configured
Hyper-V - VM Monitor Mode Extensions Yes
Hyper-V - Second Level Address Translation Extensions Yes
Hyper-V - Virtualization Enabled in Firmware Yes
Hyper-V - Data Execution Protection Yes
I am not sure of the syntax for what I should enable.
"bcdedit/sethypervisorschedulertype core"
(mine is root 0x4}
I know how to run a command from admin command prompt ,
just not sure of the specific command and can I do it with hyperthreading enabled and intels SGX enabled (for my fingerprint reader)
Should I just leave memory isolation off?
Thank you for any help.
Last edited by humbird; 06 Sep 2018 at 12:59.