Windows-itpro-docs: Blocking essential display driver (Intel graphics)

@officedocsbot assign @jvsam

@verdy-p. Intel releases only DCH WHQL based driver. Currently Intel released graphics DCH driver 26.20.100.7323 on 18-10-2019 for end consumers and for IT professionals..
.exe file for consumers
.zip file for IT professionals

IF you are using non DCH based driver . uninstall using display driver uninstall software.
Download the current driver from intel website.
https://downloadcenter.intel.com/download/29113/Intel-Graphics-Windows-10-DCH-Drivers?v=t.

MY asus laptop uses intel i5 7200U processor with HD graphics 620 and with Nvidia geforce 940mx .
I using only DCH drivers for intel and nvidia.

Enable bootlog in msconfig options , so that we can verify whether intel gpu driver is booted or not.

please disable driver verification and disable integrity checks on boot, see below website
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/driver-verifier#feedback

Intel does NOT provide ANY DCH driver for all its existing Core i3/i5/i7
CPU/APUs. This is only available since generation 6. Previous generations
only have WHQL-certified drivers using kernel drivers. These drivers (last
version published by Intel in May 2019) are certified for Windows 10, but
don't work now with Memory integrity force ON when Secure boot is used.

Having to boot in non secure boot is definitely not an option. The new
Memory integrity requirement needs to be fixed, possibly with
virtualization and serialization support in a Windows kernel, using a
missing "shim", even if this has a small performance impact. Such
requirement is also NOT part of secure UEFI boot where the UEFI driver
really works for loading the OS. It's only the OS itself that now no longer
wants to use the secure UEFI configuration and wants to "play" with memory
allocations.

This was not a problem in past versions of Windows 10 that did not have the
limitations applied now by the new "Memory integrity" feature. I am
convinced that Microsoft can allow a "Memory integrity" compatible working
mode that allows WHQL display kernel drivers to continue working.

Many users don't have a display compatible with DCH drivers working purely
in user mode and virtualization by the windows kernel itself; in Intel
kernel mode drivers, that virtualization was offered by that driver itself,
without delegating all to the default Windows kernel implementation. So
this should continue to work for all Windows 10-WHQL certified drivers.

You are speaking about newer generations of Intel CPUs, there are a lot of
Haswell-class processors in the market, including in servers and in many
professional notebooks.

Note that my comment only applies to the version of Memory Integrity in the current Vibranium preview.
Intel kernel drivers (as well as basic VGA drivers) ARE working with Memory Integrity in the current commercial release.
So this new requirement will break many existing supported installations without notice, at first boot they will no longer have any display if they were already configured with Memory Integrity activated and Secure Boot.

@verdy-p. In my laptop, having integrated Intel graphics 620 and Nvidia 940mx .
I have installed both graphics drivers are DCH based whql.
And I have enabled memory integrity and enabled secureboot and UEFI mode.
But I don't have problems , I can able conenct another monitor via VGA port on laptop.
Both the displays are working fine.
Sir how do you know Intel graphics driver is not loading after boot.

please video or screenshots, and upload here.

Sir I am not fighting with you . but I have joined here for discussion.

You simply use an Intel CPU with Generation 6 or higher, whose interel
Intel HD GPU is not the same and has DCH drivers from Intel.
For Gen4/5 Intel Core i3/I5/i7, they only provide WDM kernel drivers, fully
compatible with Windows 7/8/8.1 and all versions of Windows 10 up to May
2019 (including with Memory integrity enabled). But Microsoft has made
internal changes in newer Windows 10 kernels and bus drivers, which enforce
more strict restrictions.
Basically this is a bug caused by more randomized relocation of pages of
physical memory and another virtualization of DMA channels. Some buffers
allocated in kernel drivers spanning and spanning multiple pages (notably
frame buffers) are no longer moved together atomically but page by page
(even if this is supposed to not change the virtual memory addresses in
applications).
The HDK describes the situation. Intel drivers will break in 20H1 and
already break in Insider versions since a few weeks. Microsoft is pressing
now OEMs to fix their display drivers to DCH, but this also includes Intel
for its Core APUs before Generation 4/5.
Intel wants me now to disable Secure boot and Virtual Base Security (VBS)
completely. And in 20H1, not only VBS will be activated by default but also
the new version of Memory integrity (made for a new specification which is
only supported by the most recent processors and still not by any MS
Surface laptop).

Try running 20H1 if you don't have a DCH driver (i.e. your CPU is
Gen4/Gen5, alias Haswell or Broadwell, as is the case of a LOT of servers,
for which there will no logner be any supported display driver, except by
pluggining another display board, which is difficult in many servers or
would require replacing these servers, and resinstalling them, plus
maintenance costs in colocation areas; it's not always possible to plug an
extra GPU on servers whose PCI slots are generally full and used for
storage adapters, and also because adding another GPU causes cooling
problems). With 20H1, theer will be a new need to resintall a very basic
VGA driver at least. On professional notebooks, adding a GPU is simply
impossible without changing the notebook (and many organization are now
using lower ranges of hardware than most people at home, especially for
travelling workers)

Gen4/Gen5 Intel CPUs are still sold today in "Windows 10 certified"
solutions.

Who has a bug ? Intel for not creating DCH drivers whose early
specifications were finalized only 4 years ago, and will soon change again,
or Microsoft for adding a new hardware requirement for Windows 10 and
changing its OS silently to add new restrictions and enforcing them without
even checking if this is compatible, and without creating a compatibility
layer for continuing to use WDM display drivers that are already
WHQL-certified for Windows 10, and approved by Microsoft, including the
most recent drivers made by Intel in last March? and Intel continues
selling Gen4/5 CPUs: there are a lot of users of Haswell and Broadwell CPUs.

Le mer. 23 oct. 2019 à 06:25, VARADHARAJAN K notifications@github.com a
écrit :

@verdy-p https://github.com/verdy-p. In my laptop, having integrated
Intel graphics 620 and Nvidia 940mx .
I have installed both graphics drivers are DCH based whql.

For your case precisely, you have a Generation 6, so you use the Intel DCH drivers that support only Intel CPUs from generation 6 to most recent 10.

Gen4 (Haswell)/Gen5 (Broadwell) only have WDM kernel drivers, still no DCH driver even if Microsoft told them to create many years ago. Intel still sells today some Generation 5 processors (mostly for servers or dektops, with LGA1150 sockets, where they were quite popular, notably those models with enhanced security features), and has continued to produce newer Gen5 models even after the specification of DCH were published.

Intel has since known a much faster rate of generations, because nVidia, then AMD pressured it with its Radeon series (but AMD does not target servers a lot, and nVidia was pressured for sales by coin-miners; it's now the end of the mine rush, and AMD has now taken the lead for its branches of CPU, GPU and APU, so new Intel generations do not survice long: they are out even before reaching the market, with low support for OEMs and software producers). Gen4/Gen5 on the opposite have had a long support, and were widely sold when AMD processors of the same time were using too much energy and overheating (not suitable for servers). Things have changed when Intel was so long to develop microfirmware updates for Spectre/Meldown-class attacks compared to AMD and other smaller CPU foundries: Intel now lives behind in terms of performance and lack of long term support.

Hello @verdy-p and @RAJU2529, this has been a very interesting discussion. We always want to hear from the community. However, please be informed that this GitHub-based documentation feedback system is intended to help improve the quality of the technical documentation of Microsoft Docs. If you have feedback, suggestions related to this documentation (Memory integrity), or ideas to make it better for users, please let us know and we will submit it for review.

I understand that the issue or bug being discussed here is on the version of Memory integrity on Windows 10 Insider Preview Build 19013 (20H1). For this, kindly submit your feedback via Feedback Hub to tell Microsoft about any problems you run into while using the preview build. Thank you.

Hello again @verdy-p, we will now close this issue. We hope the information we've provided helped. If you have feedback or suggestions to help improve the quality of this documentation, please let us know or use the doc's feedback feature.

Thank you for your feedback and for being part of the Microsoft Docs community!

@officedocsbot close

thats cool

@officedocsbot assign GITTER126

You still did not provide any solution for users that have internal Intel GPU that CANNOT be changed and that DO NOT have any DCH driver (introduced years after Windows 10 release). These GPU are still highly used today. They were used in PC sold with a Windows 10 certifdication label from Microsoft MHQL. Their supported kernel driver (WDM based) were working flawlessly in Windows 10 until May 2019 when Microsoft changed the requirement.
These Windows 10 certified PC can no longer be used at all on windows 10 since the silent change in Windows 10: they no longer have any working display.
You did not provide any solution for users that cannot change their existing WDM driver to a newer DCH driver. The only solution that these users can do is:

• add a secondary GPU and disable the internal GPU (if they can: impossible in most servers, impossible on almost all notebooks, tablets, and most desktop mini-PCs as there's no PCI slot available)
• buy a new PC

In both cases, the PC that was certified for Windows 10 are no longer usable at all in Windows 10, as there is no longer any working display driver. Since May 2019, those PC have been killed by Microsoft.

All what their users can do is to UNINSTALL Windows 10 completely, resintall the older version (if they can with their own preserved installable image...) but blocking all version updates after May 2019, or install Windows 7 (even if the PC was not certified at all for windows 7 but only for Windows 10), or abandon Windows completely and switch to Linux (and change all their softwares...)

It is a fact that Microsoft killed Windows 10 usability on large ranges of PC that were designed and certified for Windows 10.

Microsoft did not provide any replacement DCH driver for those older GPUs. Killing all WDM drivers completely even if they were designed and WHQL-certified for Windows 10 was a really bad decision. Microsoft should have worked with Intel to build a DCH driver for the Gen4/5 Intel Core i3/I5/i7 (still widely used).

Many affected users had to make costly choices:

• changing or adding the GPU (only possible with desktops, with available PCI slots but this is generally costly) and change BIOS settings to disable the internal GPU completely (some BIOSes do not allow doing that, the internal GPU must be used and enabled for the correct early boot phase).
• if this did no work, changed the motherboard (only possible with dektops, but then Microsoft no longer consider they have a valid licence for Windows 10, which must be purchased again whilst the older mother board no longer has any use for Windows).
• buy a new PC (and then reuse the older one on Linux)

Or simply:

• not buy anything, but abandon Windows completely: use Linux ! (but then find alternate softwares, may be buy new licences for them, or for the medias that were bound by their sellers to the older PC hardware or the former windows 10 licence: in some cases this is impossible, users will have to rebuy their whole collections of musics or videos using windows-based hardware protection and that have limited or unallowed option to transfer them to another device)