Computer Configuration
This is the laptop. Lenovo Legion Y740, Intel core i7 9750H, 17.3" 144Hz GSync, RTX 2080MQ, 16GB RAM, 1TB SSD, Windows 11 Home 21H2 (Build 22000.258)
Intel Virtual Technology: Enabled
Intel Hyper-Threading Technology: Enabled
Secure Boot: Enabled
It does have one Thunderbolt™ 3 USB Type-C port.
It does have TPM 2.0, and the status is "TPM is ready for use".
Windows Security also says "Your device meets the requirements for enhanced hardware security." (that means this.)
(p.s. - my system had official support for upgrade to Windows 11. It's not "unsupported".)
Problem
On msinfo32, I see the following -
Kernel DMA Protection: Off
Device Encryption Support: Reasons for failed automatic device encryption: Hardware Security Test Interface failed and device is not Modern Standby
Troubleshoot Done so far
I found this MS page, that says
If the current state of Kernel DMA Protection is OFF and Hyper-V - Virtualization Enabled in Firmware is NO:
- Reboot into BIOS settings
- Turn on Intel Virtualization Technology.
- Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in BitLocker countermeasures.
- Reboot system into Windows.
I checked in my BIOS and "Intel Virtualization Technology" is already enabled. I disabled -> rebooted -> enabled -> rebooted; just in case. Still had same situation at the end.
If I plug in any drive to the Thunderbolt 3 port, for example an external usb drive, then a new "Intel(R) USB 3.1 eXtensible Host Controller - 1.10 (Microsoft)" entry pops up in device manager, and that does have "DMA remapping policy" = 00000002. So, looks like it supports DMA remapping.
powercfg /a says my laptop is currently supporting standard standby (S3) only, not modern standby (S0). Found an article that said "set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\CsEnabled to 0." I did that, but it had no effect.
Looking for
Any help enabling Kernel DMA Protection and Device Encryption support. Thanks for reading and any possible guidance.
