Kernal DMA in BIOS Enable or Disbale

Hari Prasad 6 Reputation points
2020-09-15T08:51:14.95+00:00

Recently we came across the issue that Bitlocker is not encryting while in OSD Task Sequence

We noticed the BIOS DMA Protection is set as ENABLED leads to Bitlocker Failure and if we DISABLED Bitlocker is working fine during OSD.

What relation with Bitlocker and DMA ?
This must to be disabled ?
What is the impact if we disable this ?

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,924 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Dale Kudusi 3,236 Reputation points
    2020-09-16T06:31:39.247+00:00

    Hi,
    Based on my research, Kernel DMA Protection is not compatible with other BitLocker DMA attacks countermeasures. It is recommended to disable the BitLocker DMA attacks countermeasures if the system supports Kernel DMA Protection. Kernel DMA Protection provides higher security bar for the system over the BitLocker DMA attack countermeasures, while maintaining usability of external peripherals.

    Reference: https://learn.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt#system-compatibility

    Best regards.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.