Windows-itpro-docs: Kernel DMA Protection for Thunderbolt™ 3 - Where is the "Memory Access Protection" option ?

Created on 4 Feb 2020  ·  11Comments  ·  Source: MicrosoftDocs/windows-itpro-docs

Hello,

I can't found the Memory access protection option in Core Isolation.

The documentation has the following picture:
kernel-dma-protection-security-center

However, this option does not appear in my Windows installation :

Annotation 2020-02-04 171943

I tried to find this option on several recent and fully updated Windows 10 computers without success.

In System Information, Kernel DMA Protection is off on the computer I'm playing with

Annotation 2020-02-04 173107

Regards,

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

information protection
Source
picture PierrickV

All 11 comments

@PierrickV. First install the certified and verified device driver to thunderblot 3.
then enable dma protection in GPO.
You must enable UEFI or secure boot in bios.
you need windows 10 professional or enterprise 64bit 1903 or 1909 edition OS.

please change the language as English in your computer and take and post the corresponding screenshots

RAJU2529 picture RAJU2529 on 12 Feb 2020

@RAJU2529
So DMA protection doesn't work without thunderbolt driver? Does windows doesn't install that by default ?

beerisgood picture beerisgood on 12 Feb 2020

@PierrickV . I think you must install the certified driver , download from the system manufacturer .

RAJU2529 picture RAJU2529 on 12 Feb 2020

@RAJU2529 your quote go to wrong person again ;)

Also I never see any company which provide such a driver. Any infos?
Also where did you read that the driver is necessary?

beerisgood picture beerisgood on 12 Feb 2020

@PierrickV . I have seen the asus company , which provides thunderbolt 3 certified driver for laptop.
Driver is necessary , because the driver is modified such way that , compatible with dma protection and also depends upon the Intel Processor model with highend chipset

RAJU2529 picture RAJU2529 on 12 Feb 2020

@beerisgood

Documentation about Windows DMA protection that I am aware of:

PierrickV picture PierrickV on 12 Feb 2020
👍1

Dear @PierrickV,
In System Information, Kernel DMA Protection is off on the computer I'm playing with - it means you need to enable Intel Thunderbolt Security in BIOS, as it is described here (second article that you provided)

Thank you

MaratMussabekov picture MaratMussabekov on 17 Feb 2020

@PierrickV - Thank you for submitting feedback.

From our understanding, the issue you raised has been answered by MaratMussabekov so we will close this issue.

Thank you for your contribution to make the docs better! Much appreciated!

mypil picture mypil on 20 Feb 2020

So I finally found one computer that had the protection enabled (sorry it's in french, I don't own the computer).

dma-protection-ok

The computer has the following configuration :

  • Secureboot on
  • VT-d on
  • Admin password on the BIOS/UEFI
  • Intel Thunderbolt Security set to User Authorization in BIOS settings
  • (+ it's a very recent computer?)

Thank you @RAJU2529 for your help

@MaratMussabekov : Thunderbolt is off on the computer that has the protection enabled (did you mean "intel thunderbolt sercurity set to user authorization in bios settings" ?)

PierrickV picture PierrickV on 20 Feb 2020
👍1

Hello @PierrickV,
yes, sorry for being unclear
Thank you

MaratMussabekov picture MaratMussabekov on 20 Feb 2020
👍1

You can also go to the System Information and check if the Kernel DMA Protection is ON or OFF.
Kernel-DMA-Protection
Here's a quick step-by-step guide on how to check it and how to enable it if it's OFF.

umair-mirza picture umair-mirza on 16 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jadelise picture jadelise  ·  3Comments
arcotek-ltd picture arcotek-ltd  ·  3Comments
illfated picture illfated  ·  3Comments
andrewpong picture andrewpong  ·  3Comments
sundhaug92 picture sundhaug92  ·  3Comments