Hi
Welcome to Microsoft community.
Kernel DMA Protection is a security feature that helps to protect your system against Direct Memory Access (DMA) attacks via external devices. Enabling it requires certain hardware capabilities and BIOS/UEFI support. Given your hardware configuration, it looks like you should, in theory, be able to support this feature. However, the message "Boot DMA Protection not supported" indicates there's a missing link in the compatibility chain. Here's how you can troubleshoot and potentially resolve this issue:
Update Your BIOS/UEFI Firmware
Given that you're on BIOS version FE (dated March 27, 2024), it's possible there's a newer version available that improves or enables support for Boot DMA Protection. Manufacturers often release updates that enhance hardware compatibility or enable additional features.
Visit the Gigabyte official website, find your motherboard model, and check for the latest BIOS/UEFI updates.
Follow the manufacturer's instructions carefully to update your BIOS/UEFI.
Disclaimer: Microsoft provides no assurances and/or warranties, implied or otherwise, and is not responsible for the information you receive from the third-party linked sites or any support related to technology.
If you are going to modify BIOS Settings, please back up all your personal files first to ensure you do not lose data.
Check BIOS/UEFI Settings Again
After updating the BIOS/UEFI, or if you're already on the latest version, dive back into the settings to ensure everything necessary for Kernel DMA Protection is enabled. Look for settings like:
VT-d (Intel Virtualization Technology for Directed I/O) or AMD-Vi (AMD Virtualization technology), which might be referred to as IOMMU in your BIOS.
Secure Boot: Sometimes, enabling Secure Boot is necessary for full DMA protection.
Windows Defender Device Guard: Some systems include an option to enable Windows Defender Device Guard, which can also enable related protections.
Windows Settings and Group Policy
Ensure that your Windows installation is configured correctly for enabling Kernel DMA Protection:
Check TPM Status: Press Windows + R, type tpm.msc, and press Enter to ensure TPM is ready for use.
Group Policy: For professional editions of Windows, you can check group policy settings related to DMA Protection. Press Windows + R, type gpedit.msc, and look under Computer Configuration -> Administrative Templates -> System -> Device Guard. Ensure that "Turn On Virtualization Based Security" is not disabled.
Consult Manufacturer Support
If, after trying the above steps, Boot DMA Protection is still not supported, it may be helpful to consult Gigabyte support. There could be a specific requirement or an undocumented setting that needs to be adjusted for your motherboard model.
Hardware Compatibility
While your hardware seems to meet the requirements, there's a possibility that the motherboard's implementation of certain features doesn't fully support Kernel DMA Protection, especially for Boot DMA Protection. This is less likely, but it's something to consider if all else fails.
Kernel DMA Protection and especially Boot DMA Protection are relatively advanced security features that depend on a tight integration between hardware and software. Sometimes, even if all the individual components support the necessary features, enabling the full protection requires specific support from the motherboard's firmware, which not all manufacturers provide for every model.
Please feel free to let me know how it goes.
Best regards
Derrick Qian | Microsoft Community Support Specialist
