Question Windows 10's "core isolation" / "memory integrity" feature

[mikeymikec]

You can find it in the Windows Security Center under 'device security'. Apparently it uses virtualisation in order to further sandbox userland from system land, but it's no good for you if you want to use virtual machines. Might be a good grandma PC security tweak?

Further reading:
https://www.howtogeek.com/357757/what-are-core-isolation-and-memory-integrity-in-windows-10/
https://techcommunity.microsoft.com...Making-a-leap-forward-in-platform/td-p/167303

 

[VirtualLarry]

I'm running 1809 64-bit Pro, and it says that I don't even meet "Standard Hardware Security", two of which required items are TPM 2.0, and Secure Boot. I think that my Ryzen R5 1600 CPU supports TPM built-in, but I don't have Secure Boot enabled.

So, it looks like you need those features, at a minimum, before you can even THINK of enabling the additional security layers that you are describing. Oh well. I like being able to access my BIOS by a hotkey during boot. (Disabled in Secure Boot mode.)

 

[mikeymikec]

Interesting. Z97 board here, and it gives me the memory isolation option. It adds a good 5 seconds to the boot cycle though before the circular progress bit starts.

I have UEFI enabled but secure boot disabled due to Linux.

 

[Iron Woode]

memory isolation is working on my system in my sig.

 

[kjboughton]

I'm running 1809 64-bit Pro, and it says that I don't even meet "Standard Hardware Security", two of which required items are TPM 2.0, and Secure Boot. I think that my Ryzen R5 1600 CPU supports TPM built-in, but I don't have Secure Boot enabled.

So, it looks like you need those features, at a minimum, before you can even THINK of enabling the additional security layers that you are describing. Oh well. I like being able to access my BIOS by a hotkey during boot. (Disabled in Secure Boot mode.)

Ha. Secure boot has no effect after transferring control to OS. That MS would make dependent on this “feature” further “security” capabilities is a testament to their herding ability. Essentially secure boot turns your system into a hardened boot-loader just like all those Apple, Android phones etc that you are forced to unlocked and “jail break” if you want proper control. MS are walking the other direction now and want that for your desktop “experience.” Today, optional. In th future, mandatory (for your own protection, of course).

 

[Chiefcrowe]

Thanks for the heads up!
It's strange that I read a bunch of articles on this new Win 10 and this never came up until now. Perhaps they are still not quite ready for people to start using it - that's what it seems like to me.

I tried to enable it but it didn't stay enabled after restarting - probably because I use Hyper-V. I didn't see anything specifically on Hyper-V not working with it, but it would be nice if they clarified...