Windows 10: Windows memory integrity + Intel sgx

Discus and support Windows memory integrity + Intel sgx in Windows 10 Virtualization to solve the problem; Winver 1803 ( build 17134.254) Sorry for this long post but wanted to provide as much info as I can. Hopeful I am posting in the right area. When I... Discussion in 'Windows 10 Virtualization' started by humbird, Sep 6, 2018.

  1. humbird Win User

    Windows memory integrity + Intel sgx


    Winver 1803 ( build 17134.254)

    Sorry for this long post but wanted to provide as much info as I can. Hopeful I am posting in the right area.
    When I try to enable memory integrity in windows
    security I get the below message event ID 157.I am a complete noob in this area.
    When I turn it back off I do not see this warning.
    Seems the more I read about it the less I understand what to do.

    Event ID157 Hypervisor did not enable mitigations for cve-3646 for
    virtual machines because hyperthreading is enabled and the hypervisor
    core scheduler is not enabled. To enable mitigations for CVE-2018-3646
    for virtual machines enable core scheduler by running "bcdedit/set
    hypervisorschedulertype core" from an elevated command prompt and reboot.

    Intel SGX is enabled .Have had a recent BIOS update for mitigations.
    Also in system information it says hyperthreading is enabled

    My hypervisor scheduler type is "root (0x4)" info obtained from event ID 2
    in event viewer.

    Here is system information in admin view.

    OS Name Microsoft Windows 10 Home
    Version 10.0.17134 Build 17134
    Other OS Description Not Available
    OS Manufacturer Microsoft Corporation
    System Name LAPTOP-RP9S2D20
    System Manufacturer HUAWEI
    System Model MACH-WX9
    System Type x64-based PC
    System SKU C128
    Processor Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1800 Mhz, 4 Core(s), 8 Logical Processor(s)
    BIOS Version/Date HUAWEI 1.17, 7/28/2018
    SMBIOS Version 3.0
    Embedded Controller Version 1.17
    BIOS Mode UEFI
    BaseBoard Manufacturer HUAWEI
    BaseBoard Model Not Available
    BaseBoard Name Base Board
    Platform Role Mobile
    Secure Boot State On
    PCR7 Configuration Binding Possible
    Windows Directory C:\WINDOWS
    System Directory C:\WINDOWS\system32
    Boot Device \Device\HarddiskVolume1
    Locale United States
    Hardware Abstraction Layer Version = "10.0.17134.1"
    User Name LAPTOP-RP9S2D20\humbi
    Time Zone Pacific Daylight Time
    Installed Physical Memory (RAM) 8.00 GB
    Total Physical Memory 7.88 GB
    Available Physical Memory 5.68 GB
    Total Virtual Memory 9.13 GB
    Available Virtual Memory 6.78 GB
    Page File Space 1.25 GB
    Page File C:\pagefile.sys
    Kernel DMA Protection Off
    Virtualization-based security Not enabled
    Device Encryption Support Reasons for failed automatic device encryption: Hardware Security Test Interface failed and device is not InstantGo, WinRE is not configured
    Hyper-V - VM Monitor Mode Extensions Yes
    Hyper-V - Second Level Address Translation Extensions Yes
    Hyper-V - Virtualization Enabled in Firmware Yes
    Hyper-V - Data Execution Protection Yes

    I am not sure of the syntax for what I should enable.

    "bcdedit/sethypervisorschedulertype core"
    (mine is root 0x4}
    I know how to run a command from admin command prompt ,
    just not sure of the specific command and can I do it with hyperthreading enabled and intels SGX enabled (for my fingerprint reader)
    Should I just leave memory isolation off?
    Thank you for any help.

    :)
     
    humbird, Sep 6, 2018
    #1
  2. Brink Win User

    Intel SGX SDK and Intel SGX Platform Software Updates


    Source: INTEL-SA-00135
     
    Brink, Sep 7, 2018
    #2
  3. Bree Win User
    Bree, Sep 7, 2018
    #3
  4. Cliff S Win User

    Windows memory integrity + Intel sgx

    Which SGX setting to choose in BIOS


    I had noticed that even though I had Software Guard Extensions(SGX) set to "Software Controlled" in BIOS, that it wasn't showing up in Device Manager.
    Then it came to me, that on my last system build(an MSI mainboard with a 6700K) that MSI had included the driver in the downloads support for the board, and also through their MSI driver & software updater.
    ASUS though doesn't offer it.
    I suppose this is because my ASUS board is a Gaming board and my MSI was a Professional(workstation) board, and ASUS thinks that gamers have no use for this security option*Sad


    Windows memory integrity + Intel sgx [​IMG]
    Tip I has able to download the driver though through the Microsoft Update Catalog: Microsoft Update Catalog
    Select:
    Intel Corporation - SoftwareComponent - 12/22/2017 12:00:00 AM - 1.9.101.41172
    Last Modified: 12/22/2017
    Size: 22.5 MB

    Use something like 7 Zip and extract all files from the .cab folder, then double click the installer.

    Windows memory integrity + Intel sgx [​IMG]



    Windows memory integrity + Intel sgx [​IMG]




    Windows memory integrity + Intel sgx [​IMG]
    Information

    Windows memory integrity + Intel sgx [​IMG]
    Note SGX is only available for Intel CPUs from 7th gen Core Kaby Lake and above.
    What is SGX:
    Intel® Software Guard Extensions SDK | Intel® Software


    Why is the software controlled setting better than enabled in BIOS for consumers as opposed to business:
    Properly Detecting Intel® Software Guard Extensions (Intel® SGX) in Your Applications | Intel® Software



    What does SGX do:
    Intel SGX Homepage | Intel® Software




    I hope this might help other security conscious users here.
    But remember, this is only for 7th gen Intel processors and above!
     
    Cliff S, Sep 7, 2018
    #4
Thema:

Windows memory integrity + Intel sgx

Loading...
  1. Windows memory integrity + Intel sgx - Similar Threads - memory integrity Intel

  2. Intel SGX Event Items

    in AntiVirus, Firewalls and System Security
    Intel SGX Event Items: Hi there, To the best I know, I have never installed Intel Software Guard. However, even so, I have a driver installed and an AESM service running. I get quite a few Application Errors in Event Manager on this service. I can find no way to uninstall this since I don't...
  3. Security- Memory integrity hacked

    in AntiVirus, Firewalls and System Security
    Security- Memory integrity hacked: I am stymied. Memory integrity has been hacked. Cannot get it to stay in on position. Cannot download Norton. Cannot talk to a virtual agent. Do I need to replace with new windows?...
  4. memory integrity

    in Windows 10 BSOD Crashes and Debugging
    memory integrity: When I play Video with the memory integrity feature enable, I have blue screen. Because this happens??? https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/memory-integrity/3975a992-b0a7-4645-aa18-b4efa1640dc5
  5. Memory integrity will not turn on

    in Windows 10 Drivers and Hardware
    Memory integrity will not turn on: I tried to turn on Windows 10 Memory integrity core, under Device Security for Defender, but it won't let me saying there is a device incompatibilty. I know that all VMM is turned on in BIOS on my B75a-G43 , and virtual software is turned on in windows services as it had to...
  6. Windows memory integration

    in Windows 10 BSOD Crashes and Debugging
    Windows memory integration: I turned on memory integration and now i can't boot into Windows https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/windows-memory-integration/73fd972a-2d14-4b4e-97e9-69665315a147
  7. Intel SGX SDK and Intel SGX Platform Software Updates

    in Windows 10 News
    Intel SGX SDK and Intel SGX Platform Software Updates: Intel ID: INTEL-SA-00135 Product family: Intel® SGX SDK and Intel® SGX Platform Software Impact of vulnerability: Information Disclosure Severity rating: Moderate Original release: 05/10/2018 Last revised: 05/10/2018 Summary: Intel® Software Guard Extensions Software...
  8. Intel Optane Memory

    in Windows 10 Drivers and Hardware
    Intel Optane Memory: I'm waiting for an Intel Optane Memory Module to arrive. In the meantime I'm following up 3 Installation Media Preperation (Recommended Optional Step) in https://www.intel.com/content/dam/su...stallation.pdf https://www.intel.com/content/dam/su...stallation.pdf...
  9. sgx what is it?

    in Windows 10 Graphic Cards
    sgx what is it?: i am running power DVD to play my blue ray discs on my pc. these run ok. i recently purchased a Uhd 4k film and power dvd could not run it it tried to install an update but reported back "unable to install update as SGX is not suported or TURNED of in the Bios" i canot find...
  10. Turn On or Off Core Isolation Memory Integrity in Windows 10

    in Windows 10 Tutorials
    Turn On or Off Core Isolation Memory Integrity in Windows 10: first of all excuse me for my english but i have some questions. So, if i don't misunderstand the MS article, device that meet the minimum requirements have (part of) VBS enabled by default regardless of the type of installation (clean or upgrade) while HVCI depends on the...

Users found this page by searching for:

  1. hypervisor did not enable mitigations for CVE-2018-3646 for virtual machines because HyperThreading is enabled and the hypervisor core scheduler is not enabled. To enable mitigations for CVE-2018-3646 for virtual machines

    ,
  2. the hypervisor did not enable mitigations for cve-2018-3646 for virtual machines because hyper threading is enabled and the hypervisor core scheduler is not enable

    ,
  3. memory integrity vs SGX

    ,
  4. cnat edit the core scheduler to turn on memory integrity,
  5. core scheduler root windows 10 memory integrity to protect against cve-3646