<p>Since the release of Windows 11, Microsoft has pointed out that security is a crucial aspect of its latest OS. To explain the importance of features of TMP 2.0 and Core Isolation the company even demoed hacking attacks on mock systems.</p>
<p><img class="alignnone size-full wp-image-4830" src="https://www.wincert.net/wp-content/uploads/2022/11/cpu-g4fa4da31d_640.jpg" alt="" width="640" height="427" /></p>
<p>In a blog post by Microsoft&#8217;s Jin Lin, a PM Manager at Azure and Windows OS platform, the company has confirmed new development and said that TME-MK is available on Intel&#8217;s 3rd Gen Xeon scalable Ice Lake and also on 12th Gen Alder Lake processors. A list of supported guest operating systems can be found <a href="https://learn.microsoft.com/en-us/azure/virtual-machines/generation-2#generation-2-vm-images-in-azure-marketplace" target="_blank" rel="noopener">here</a>.</p>
<p>Below you may find the procedure on how to enable multi-key total memory encryption:</p>
<p>To boot a new Virtual Machine with TME-MK protection which assigns it a unique encryption key from other partitions we should use Powershell.</p>
<p>Open Powershell in elevated mode (run as admin)</p>
<p>type the following command:</p>
<p><em><strong>Set-VMMemory -VMName -MemoryEncryptionPolicy EnabledIfSupported</strong></em></p>
<p>In order to verify if a VM has enabled TME-MK for memory encryption the following command can be used:</p>
<p><em><strong>Get-VmMemory -VmName | fl *</strong></em></p>
<p>The output result should be like this:</p>
<p><em><strong>MemoryEncryptionPolicy : EnabledIfSupported<br />
</strong><strong>MemoryEncryptionEnabled : True</strong></em></p>