Windows memory integrity


  1. Posts : 232
    Windows 10 Home
       #1

    Windows memory integrity + Intel sgx


    Winver 1803 ( build 17134.254)

    Sorry for this long post but wanted to provide as much info as I can. Hopeful I am posting in the right area.
    When I try to enable memory integrity in windows
    security I get the below message event ID 157.I am a complete noob in this area.
    When I turn it back off I do not see this warning.
    Seems the more I read about it the less I understand what to do.

    Event ID157 Hypervisor did not enable mitigations for cve-3646 for
    virtual machines because hyperthreading is enabled and the hypervisor
    core scheduler is not enabled. To enable mitigations for CVE-2018-3646
    for virtual machines enable core scheduler by running "bcdedit/set
    hypervisorschedulertype core" from an elevated command prompt and reboot.

    Intel SGX is enabled .Have had a recent BIOS update for mitigations.
    Also in system information it says hyperthreading is enabled

    My hypervisor scheduler type is "root (0x4)" info obtained from event ID 2
    in event viewer.

    Here is system information in admin view.

    OS Name Microsoft Windows 10 Home
    Version 10.0.17134 Build 17134
    Other OS Description Not Available
    OS Manufacturer Microsoft Corporation
    System Name LAPTOP-RP9S2D20
    System Manufacturer HUAWEI
    System Model MACH-WX9
    System Type x64-based PC
    System SKU C128
    Processor Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1800 Mhz, 4 Core(s), 8 Logical Processor(s)
    BIOS Version/Date HUAWEI 1.17, 7/28/2018
    SMBIOS Version 3.0
    Embedded Controller Version 1.17
    BIOS Mode UEFI
    BaseBoard Manufacturer HUAWEI
    BaseBoard Model Not Available
    BaseBoard Name Base Board
    Platform Role Mobile
    Secure Boot State On
    PCR7 Configuration Binding Possible
    Windows Directory C:\WINDOWS
    System Directory C:\WINDOWS\system32
    Boot Device \Device\HarddiskVolume1
    Locale United States
    Hardware Abstraction Layer Version = "10.0.17134.1"
    User Name LAPTOP-RP9S2D20\humbi
    Time Zone Pacific Daylight Time
    Installed Physical Memory (RAM) 8.00 GB
    Total Physical Memory 7.88 GB
    Available Physical Memory 5.68 GB
    Total Virtual Memory 9.13 GB
    Available Virtual Memory 6.78 GB
    Page File Space 1.25 GB
    Page File C:\pagefile.sys
    Kernel DMA Protection Off
    Virtualization-based security Not enabled
    Device Encryption Support Reasons for failed automatic device encryption: Hardware Security Test Interface failed and device is not InstantGo, WinRE is not configured
    Hyper-V - VM Monitor Mode Extensions Yes
    Hyper-V - Second Level Address Translation Extensions Yes
    Hyper-V - Virtualization Enabled in Firmware Yes
    Hyper-V - Data Execution Protection Yes

    I am not sure of the syntax for what I should enable.

    "bcdedit/sethypervisorschedulertype core"
    (mine is root 0x4}
    I know how to run a command from admin command prompt ,
    just not sure of the specific command and can I do it with hyperthreading enabled and intels SGX enabled (for my fingerprint reader)
    Should I just leave memory isolation off?
    Thank you for any help.
    Last edited by humbird; 06 Sep 2018 at 12:59.
      My Computer


  2. Posts : 232
    Windows 10 Home
    Thread Starter
       #2

    Hey I am sorry if I posted this to the wrong forum. I was not sure where it belonged. You may move it to the proper forum . I sure hope someone can help with this as I would like to turn on memory isolation. I did try to do what the warning in event viewer said but it threw an error saying core scheduler did not exist .
      My Computer


  3. Posts : 13,898
    Win10 Version 22H2 Pro and Home, Win11 Pro and Home
       #3

    Maybe something here will help: enable memory integrity at DuckDuckGo
    Looks to me like Core Isolation also needs to be Enabled.
      My Computers


  4. Posts : 232
    Windows 10 Home
    Thread Starter
       #4

    Thank you. I will see if I can find anything there.
      My Computer


  5. Posts : 232
    Windows 10 Home
    Thread Starter
       #5

    Memory integrity


    If I understand this correctly I will post this for others that may run across this . I am able to change the scheduler but core or classic will not work with Intel HT and HyperV. So to use the core scheduler I would need to turn off Hyperthreading. I was able to successfully change the core scheduler to both classic or core but then got another message in event viewer that the mitigations for CVE-3646 could not be applied as HT is running.
    Here is some information I found on Microsoft TechNet. I also checked the Microsoft Docs.
    The post on TechNet is located here
    Hyper-V is not configured to enable processor resource controls


    The document is located here
    Understanding and using Hyper-V hypervisor scheduler types | Microsoft Docs

    From the section, "The Root Scheduler":
    "The root scheduler was introduced with Windows 10 version 1804. When the root scheduler type is enabled, the hypervisor cedes control of work scheduling to the root partition. The NT scheduler in the root partition’s OS instance manages all aspects of scheduling work to system LPs.
    The root scheduler addresses the unique requirements inherent with supporting a utility partition to provide strong workload isolation, as used with Windows Defender Application Guard (WDAG)...
    Starting with Windows 10 version 1804, the root scheduler is used by default on client systems only.... This is the only supported hypervisor scheduler configuration for client systems...

    The virtual machine processor resource controls provided by Hyper-V are not supported when the hypervisor root scheduler is enabled..."[/B]

    The article states, which Hyper-V Host server scheduler is in use can be seen in the System Event Log, as Event ID 2, or by using this PowerShell command:
    I found mine in event viewer under information event ID 2 before I found this article and this command.

    Get-WinEvent -FilterHashTable @{ProviderName="Microsoft-Windows-Hyper-V-Hypervisor"; ID=2} | select -Last 1

    The number in the message will be:
    0x1 = Classic scheduler SMT disabled
    0x2 = Classic scheduler
    0x3 = Core scheduler
    0x4 = Root scheduler
    On my Windows 10 computer, I found the Event message was, "Hypervisor scheduler type is 0x4". (The new 'Root scheduler'.)

    To change the scheduler type used by Hyper-V Host, bcdedit must be used to change the "hypervisorschedulertype" variable used at boot, to either "core" or "classic"
    bcdedit /set hypervisorschedulertype
    {core or classic}

    then reboot... I had a scary few minutes when I did this. I thought I would not get back into windows. I did it twice. Once for core and once for classic. It succeeded both times to change to each scheduler but caused many more errors in event viewer .Also still did not enable the mitigations for CVE-3646 because of hyperthreading being enabled.
    So I changed it back.

    bcdedit /deletevalue hypervisorschedulertype

    Well all of this is above my head really. It would seem I would need to disable sgx and HT and reinstall windows clean and do all updates then flip sgx back on once windows is installed to have use of the fingerprint reader.. I would lose the function of my fingerprint reader without sgx. It seems I have a hardcoded cpu instead of software extensions. I have had a Bios update that addresses CVE-3646 .

    Anyway I hope this can help others that have more understanding of this than I do.
    There is a lot more in the article about this.
    Thanks to T. Kowalsky for his post about this
      My Computer


  6. Posts : 232
    Windows 10 Home
    Thread Starter
       #6

    Problem solved


    I have solved my problem .It really was very simple.
    Ok ,Finally after 3 days of messing with this I have gotten it working, I have read Microsoft Docs until my eyes were red and just dind't understand at all what I was reading.
    What I did in case anyone else needs help with this.
    I ran the BCD edit first to change from (root) scheduler to core.
    bcdedit /sethypervisorschedulertype core
    Rebooted
    Then I turned on memory isolation and rebooted.
    All seems to be well . I am monitoring event viewer for errors.
    I did all of this around a half an hour ago. I even shut down totally and restarted . So it seems I have solved my own problem. My System information reports everything as normal now.

    Virtualization-based security Available Security Properties Base Virtualization Support, Secure Boot, DMA Protection, Secure Memory Overwrite, UEFI Code Readonly, SMM Security Mitigations 1.0, Mode Based Execution Control.

    Hope this can help others who may be dummies like me.. LOL
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:58.
Find Us




Windows 10 Forums