Forum Discussion
[SOLVED] Memory Integrity bounces back to "turned off" state after Windows restart - fast ring 19536
This is an old post and the issue is no longer relevant. This has been happening since a couple of builds ago as well. I turn on the Memory Integrity in Core isolation section of Windows Defende...
Keith_KeplerMS
Microsoft
MicrosoftFrom what I understand, it has to do with the entire Dynamic Root of Trust Measurement (DRTM) boot process when hibernate is involved. (Force firmware code to be measured and attested by Secure Launch on Windows 10 | Microsoft Security Blog).
I thought, perhaps when my hiberfil.sys file was created, it (and the relevant BCD entries) were made without the necessary signatures to support Memory Integrity or it was made with a prior release of Windows where security feature X or Y did not exist yet. So, I took a logical leap of faith and removed it and recreated it "after" having Memory Integrity on. I was pleasantly surprised to find it resolved my issue.
FYI: My device is a corp Entra joined device with BitLocker/Secure Boot enabled.
How System Guard helps protect Windows | Microsoft Learn
Windows Hibernation is an outdated tool, it saves data to the hard drive - in my opinion, it is not safe, so it does not exist by default in the settings.
"As Windows boots, a series of integrity measurements are taken by System Guard using the device's Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch doesn't support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data isn't subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device's firmware, hardware configuration state, and Windows boot-related components, to name a few."
Thank you 🙂
Windows hardware security | Microsoft Learn
