Since the release of Windows 11, Microsoft has pointed out that security is a crucial aspect of its latest OS. To explain the importance of features of TMP 2.0 and Core Isolation the company even demoed hacking attacks on mock systems.
In a blog post by Microsoft’s Jin Lin, a PM Manager at Azure and Windows OS platform, the company has confirmed new development and said that TME-MK is available on Intel’s 3rd Gen Xeon scalable Ice Lake and also on 12th Gen Alder Lake processors. A list of supported guest operating systems can be found here.
Below you may find the procedure on how to enable multi-key total memory encryption:
To boot a new Virtual Machine with TME-MK protection which assigns it a unique encryption key from other partitions we should use Powershell.
Open Powershell in elevated mode (run as admin)
type the following command:
Set-VMMemory -VMName -MemoryEncryptionPolicy EnabledIfSupported
In order to verify if a VM has enabled TME-MK for memory encryption the following command can be used:
Get-VmMemory -VmName | fl *
The output result should be like this:
MemoryEncryptionPolicy : EnabledIfSupported
MemoryEncryptionEnabled : True