Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Gaming – Lenovo LegionGaming Laptops
All Forum Topics
Options

16 Posts

12-07-2019

United States of America

18 Signins

152 Page Views

  • Posts: 16
  • Registered: ‎12-07-2019
  • Location: United States of America
  • Views: 152
  • Message 1 of 5

Kernel DMA Protection and Device Encryption support is off, even with Intel Virtual Tech enabled.

2021-10-14, 0:59 AM

Computer Configuration

This is the laptop.  It does have one Thunderbolt™ 3 USB Type-C port.

Lenovo Legion Y740, Intel core i7 9750H, 17.3" 144Hz GSync, RTX 2080MQ, 16GB RAM, 1TB SSD, Windows 11 Home 21H2 (Build 22000.194)

Intel Virtual Technology: Enabled

Intel Hyper-Threading Technology: Enabled

Secure Boot: Enabled

It does have TPM 2.0, and the status is "TPM is ready for use".

Windows Security also says "Your device meets the requirements for enhanced hardware security." (that means this.)

 

(p.s. - my system had official support for upgrade to Windows 11. It's not "unsupported".)

 

 

Problem

On msinfo32, I see the following -

 

Kernel DMA Protection: Off

Device Encryption Support: Reasons for failed automatic device encryption: Hardware Security Test Interface failed and device is not Modern Standby

 

 

Troubleshoot Done so far

I found this MS page, that says

 

If the current state of Kernel DMA Protection is OFF and Hyper-V - Virtualization Enabled in Firmware is NO:

  • Reboot into BIOS settings

  • Turn on Intel Virtualization Technology.

  • Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in BitLocker countermeasures.

  • Reboot system into Windows.

 

I checked in my BIOS and "Intel Virtualization Technology" is already enabled. I disabled -> rebooted -> enabled -> rebooted; just in case. Still had same situation at the end.

 

If I plug in any drive to the Thunderbolt 3 port, for example an external usb drive, then a new "Intel(R) USB 3.1 eXtensible Host Controller - 1.10 (Microsoft)" entry pops up in device manager, and that does have "DMA remapping policy" = 00000002. So, looks like it supports DMA remapping.

 

powercfg /a says my laptop is currently supporting standard standby (S3) only, not modern standby (S0). Found an article that said "set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\CsEnabled to 0." I did that, but it had no effect.

 

 

Looking for

Any help enabling Kernel DMA Protection and Device Encryption support. Thanks for reading and any possible guidance.

 

 

Screenshots

MSInfo32

 

Intel Virtual Technology

 

Secure Boot

 

Windows Security

 

 

Reply
Options

12829 Posts

11-30-2015

Philippines

7411 Signins

754040 Page Views

  • Posts: 12829
  • Registered: ‎11-30-2015
  • Location: Philippines
  • Views: 754040
  • Message 2 of 5

Re:Kernel DMA Protection and Device Encryption support is off, even with Intel Virtual Tech enabled.

2021-10-14, 17:46 PM

Hello @Bikram2020  

 

Greetings.

 

I suggest that you share the machine type model / MTM (ex. 81C70000RK or 20UD000BUS) from the sticker usually under the case. This would help us detail more about your machine variant while keeping the confidentiality of your serial number.

 

As the snapshots shows, hardware does confirm such feature but just wondering how you install Windows 11.

Before deciding on a complete clean install, back up your files and ensure that bit locker is disabled.

 

On a side note :

Systems released prior to Windows 10 version 1803 do not support Kernel DMA Protection

https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt 

 

Update us how it goes best for you.

 

Regards,

spidey101

 

 

 



Did someone help you today? Press the thumbs-up icon below to thank them.!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.


Using Browser Search to find your answers in Lenovo and Moto Community

Reply
Options

16 Posts

12-07-2019

United States of America

18 Signins

152 Page Views

  • Posts: 16
  • Registered: ‎12-07-2019
  • Location: United States of America
  • Views: 152
  • Message 3 of 5

Re:Kernel DMA Protection and Device Encryption support is off, even with Intel Virtual Tech enabled.

2021-10-15, 20:22 PM
Hi Spidey101. Thanks for reading my post and helping. Laptop's MTM is 81UJ0001US. I had received this laptop on January 2020, with Windows 10 Home preinstalled. I don't remember what was the windows build number though. I upgraded to Windows 11 by running the official Windows 11 Installation Assistant.
Reply
Options

12829 Posts

11-30-2015

Philippines

7411 Signins

754040 Page Views

  • Posts: 12829
  • Registered: ‎11-30-2015
  • Location: Philippines
  • Views: 754040
  • Message 4 of 5

Re:Kernel DMA Protection and Device Encryption support is off, even with Intel Virtual Tech enabled.

2021-10-18, 20:53 PM

Hello  @Bikram2020   

 

Greetings.

 

Not sure if this is some initial bug with Windows 11 that may soon get fixed by update.

It does appear that all other features does confirm this security and only the system information page shows otherwise.

 

Verify that your Windows is activated and you have back up your files.

You may want to think of option to clean install Windows 11 or wait for future updates as option.

 

Regards,

spidey101

 



Did someone help you today? Press the thumbs-up icon below to thank them.!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.


Using Browser Search to find your answers in Lenovo and Moto Community

Reply
Options

16 Posts

12-07-2019

United States of America

18 Signins

152 Page Views

  • Posts: 16
  • Registered: ‎12-07-2019
  • Location: United States of America
  • Views: 152
  • Message 5 of 5

Re:Kernel DMA Protection and Device Encryption support is off, even with Intel Virtual Tech enabled.

2021-10-19, 0:31 AM
This isn't Windows 11 issue though. I had the same DMA and Encryption status in Windows 10 too; before updating to Windows 11. Windows is activated.
Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms