Memory Overwrite Request Control (MOR) lock version 2
Warning
Memory Overwrite Request Control (MOR) lock cannot be unlocked in Windows systems running with Virtualization Based Security (VBS) and/or Hypervisor-enforced Code Integrity (HVCI) which is the default configuration for Windows 11 22H2 and later versions.
To prevent advanced memory attacks, the existing system BIOS security mitigation MemoryOverwriteRequestControl is improved to support locking to defend against new threats.
Version 1 defined a UEFI variable which, when set, locks the original MOR byte, preventing it from being changed by unauthorized agents such as the OS kernel. When MOR lock is enabled, the original MOR byte is set to 0x11, indicating that the platform must wipe memory across all resets – auto-detection is prohibited. This introduced a performance penalty when enabled platforms.
Version 2 of the lock supports a key that permits an authorized agent, for example the hypervisor, to disable the lock. The expectation is that during a normal shutdown, the hypervisor will first remove its secrets from RAM, use the Version 2 key to disable the lock, and clear the original MOR byte, enabling the platform to reboot without clearing RAM. Firmware that implements Version 2 of the MOR Lock provides additional protection while avoiding the performance penalties associated with Version 1.
Support for MOR Lock V2 is included in the following versions of Windows:
Windows Server Technical Preview 2016
Windows 10, version 1607 and later
Related resources
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for