Windows 11 [2021]

[Malo]

I need you to open the 'PowerShell (Admin)' shortcut from the Start menu, run the command below, and see if the resulting list includes number 7 (for MBEC/GEMT support):

On my 2600X, it does not include 7

1,2,3,4,8

 

[Davros]

I think this is the most gorgeous Windows to date, visuals wise.

Obviously never experienced the sheer joy that is the Hotdog theme under Windows 3.1

Ps: out of interest
3800x
1,3,4,5,7,8 so missing 2 + 6 but I think I can get 6 with a bios setting

 

[Cyan]

 

[Albuquerque]

My Gigabyte Aero laptop reports 1,2,3,5 and 7 available, edit: running an 8750H on what appears to be an HM370 chipset. I also have the ability to enable memory protection, however it isn't compatible with the drivers for my ECU flash hardware for my Mazda MX-5... /edit

Enable virtualization-based protection of code integrity - Windows security | Microsoft Docs

 

[DmitryKo]

Please add the CPU model / chipset to your report! I'm not a mind reader (yet)!

I think I can get 6 with a bios setting

I think only 2 Secure Boot and 3 Kernel DMA Protection (IOMMU) are selectable in UEFI settings; 1 5 7 8 require a supporting CPU model, and 4 6 require specific ACPI tables and API calls in the UEFI firmware.


BTW my Ryzen 5 3600 / ASRock X570 has 'scored' every option from 1 to 8 after I enabled IOMMU (in Advanced / AMD PBS).

Still cannot turn on Memory Integrity in Security Settings - some legacy Logitech webcam drivers were listed as incompatible, and they weren't even present in Device Manager or Add/Remove Programs. Had to use pnputil to remove them from the Driver Store.
Then there's an incompatible file system driver from a disk recovery utility which I currently use... that's already too much hassle for most users. I'm still on Windows 10 build 21390 though.

 

[Kaotik]

Even Lumia 950 XL runs Windows 11

 

[Albuquerque]

Haha! I still need to sit down and get Win10-OA on my Lumia 950XL; I sooooooooo want to try it now that they have it almost 90% working as an actual phone.

 

[Kaotik]

Haha! I still need to sit down and get Win10-OA on my Lumia 950XL; I sooooooooo want to try it now that they have it almost 90% working as an actual phone.

I'd need a new battery, but I wonder if it would run on my Lumia 950 too

 

[orangpelupa]

so, its confirmed then. Microsoft got longer (unofficial) update support than Google and Apple.

 

[eastmen]

https://www.techrepublic.com/articl...ystem-requirements-and-the-security-benefits/

TPM 2.0 has been a requirement for all new Windows PCs since 28 July 2016 (2018 in China), with the only exceptions being special-purpose commercial systems and custom orders. Although it's usually just thought of as storage for BitLocker (and the Device Encryption equivalent on Windows Home) keys, the Trusted Platform Module services a wide range of Windows security features: storing other keys and the PINs for Windows Hello biometrics and Credential Guard; blocking brute-force dictionary attacks so that even shorter PINs and passwords are more secure; powering virtual smart cards; acting as the hardware root of trust for secure boot and measured boot; attesting to PC health after boot with Windows Defender System Guard; and enabling 'white glove' and self-service Autopilot deployments.

makes sense and auto pilot is a huge selling point for companies to go with MS for purchases even of some other oem hardware.

To run Windows 11, CPUs need to have the hardware virtualisation features to enable virtual secure mode for Virtualisation-Based Security and the Hypervisor-Protected Code Integrity that underlies a range of protections that Microsoft has been building since Windows 8, like Application Guard, Control Flow Guard, Credential Guard, Device Guard and System Guard. Now they'll be on by default for all PCs, not just specially selected devices.

like what i'm reading

They also need to have drivers based on the new Windows Drivers model; earlier this year, Microsoft announced that drivers for what was then called Windows 10X would need to be certified through the Windows Hardware Compatibility Program and be componentised, written for isolation and use an approved subset of Windows APIs, to make them more stable and easier to update.

I doubt Intel or amd want to go back and write new drivers for old devices they stopped selling years ago.

While 7th generation and AMD Zen CPUs have the hardware features, they have what Microsoft described to us as 'limited support', so one of the things the Windows Insider releases of Windows 11 will show is exactly which of those earlier processors will deliver a good enough experience to be supported. And the Snapdragon 835 that powered the very first Windows on Arm devices isn't supported at all.

There goes my surface rt

Windows 11 will have other security improvements that Microsoft isn't ready to talk about yet, which might include the application containers originally promised for 10X. "We have some really interesting ideas on how to do better app security for mainline apps," said Weston.

But beyond security, one of the features Weston is most excited about is the way Windows Updates are 40-50% faster to install (thanks to only delivering file deltas and even more aggressive compression than previous update models. "As someone who takes a daily build [of Windows], every day I'm smiling and saying 'that was so fast' -- it's really noticeable."

Please give me the containers it would solve so many problems in windows

Just turning on the existing hardware-based security features reduces malware infections by 60%, but compatibility and performance worries have meant only a few PCs have shipped with them on by default.

That is pretty big if true.

hat's important for features like Windows Defender Application Guard, the Windows Sandbox, WSL 2 and the way Hyper-V now works with third-party virtualisation software. It will also be what powers the virtualised Android apps that will run on Windows 11.

I'm excited for windows 11 even if a few machines can't run it. Those machines are older and will get upgraded as time goes on

 

[pcchen]

Still cannot turn on Memory Integrity in Security Settings - some legacy Logitech webcam drivers were listed as incompatible, and they weren't even present in Device Manager or Add/Remove Programs. Had to use pnputil to remove them from the Driver Store.
Then there's an incompatible file system driver from a disk recovery utility which I currently use... that's already too much hassle for most users. I'm still on Windows 10 build 21390 though.

I have a very old Razer Deathadder mouse driver which is incompatible, but it's actually not in use, so I just removed it (apparently the check for incompatible driver looks for all driver files in the system, not just for active ones).
Another incompatible is from a very old smart card reader. The hardware is fine but the latest driver is from 2015, so I decided to just remove it so I can enable memory integrity.

 

[hoom]

I have R5 5600X, B550: 2,3,4,5,7,8
Pretty sure I didn't enable IOMMU in BIOS after last BIOS flash.

 

[Cyan]

Even Lumia 950 XL runs Windows 11

it's incredible that it still runs so well. My Lumia was my best telephone in many years. I paid 80€ for it, it took good photos, it uploaded everything to the cloud every time I made a photo, I still miss it to this date.

Now I am using Android, though iOS and Android are not my thing, there arent any other options available, alas.

Please add the CPU model / chipset to your report! I'm not a mind reader (yet)!


I think only 2 Secure Boot and 3 Kernel DMA Protection (IOMMU) are selectable in UEFI settings; 1 5 7 8 require a supporting CPU model, and 4 6 require specific ACPI tables and API calls in the UEFI firmware.
.

Enabled secure boot on a Ryzen 3700X, motherboard is a Asrock B450M Steel Legend. Now I get this:

1
2
5
6
7
8

 

[PSman1700]

it's incredible that it still runs so well. My Lumia was my best telephone in many years. I paid 80€ for it, it took good photos, it uploaded everything to the cloud every time I made a photo, I still miss it to this date.

I have never tried any windows phone, this discussion makes me wanna look for a used lumia smartphone Imo, windows mobile seems like a much better approach than both IOS and android, in special IOS. You wont be needing OS updates, with windows its just going to be on the same revision (w10) but still updated at the core etc.

 

[swaaye]

.

 

[swaaye]

Is there anyone still using AMD Zen / Zen+ (Ryzen 1000/2000/1000AF-series) or Intel Skylake / Skylake X / Kaby Lake (Core 6000/7000/7000X-series) desktop CPUs?

I need you to open the 'PowerShell (Admin)' shortcut by right-clicking the Start menu, run the command below, and see if the resulting list includes number 7 (for MBEC/GEMT support):

$Win32_DeviceGuard = Get-CimInstance -Namespace ROOT\Microsoft\Windows\DeviceGuard -ClassName Win32_DeviceGuard
$Win32_DeviceGuard.AvailableSecurityProperties​

Security properties are 0 None, 1 Hypervisor, 2 Secure Boot, 3 DMA protection, 4 Secure Memory Overwrite, 5 NX protection, 6 SMM mitigations, 7 Mode Based Execution Control, 8 APIC virtualisation.

Surface Book i7 6600
1
2
3
4
5
6

 

[swaaye]

TVPC with Asrock Z270M Pro 4 and i5 7600K. UEFI isn't as up to date as the Surface Book's methinks. Asrock stopped releasing updates years ago, fairly shortly some initial Meltdown/Specter updates.
1
2
3
4
7
I did get its built-in TPM 2.0 and Secure Boot activated but the Windows Insider tab still says Windows 11 isn't supported on it.


How about a 2010 ASUS G73JH notebook. Intel HM55 chipset and i7 920XM.
1
3

 

[DmitryKo]

Thank you all! Are you running Windows 10 'Vibranium' builds, or Insider Preview 'Cobalt' biuld?

So far it looks like HVCI support does require specific UEFI firmware features, even if you have the supported processor generation...

Only Intel Kaby Lake and later systems seem to enable these features by default, while AMD Ryzen systems are inconsistent...

https://linustechtips.com/topic/135...-market/page/5/?tab=comments#comment-14833134

Enabled secure boot on a Ryzen 3700X, motherboard is a Asrock B450M Steel Legend. Now I get this:
1 2 5 6 7 8

Did you flash the latest AGESA 1.2.0.3b firmware?

I have R5 5600X, B550: 2,3,4,5,7,8
Pretty sure I didn't enable IOMMU in BIOS after last BIOS flash.

Strange, looks like hypervisor is not enabled. Is that latest BIOS?

 

[swaaye]

I am using the standard Win10 21H1 on all my machines.

8600K on Asrock Z370 Extreme4
1
2
3
4
5
6
7

 

[hoom]

Strange, looks like hypervisor is not enabled. Is that latest BIOS?

Yeah beta one with AGESA V2 PI 1.2.0.3 Patch B.
The post-flash reset turns off virtualisation stuff & I don't necessarily remember to turn it on/may not have actually found all the relevant options.