Virtualization-based security in Windows 10 on ARM

Applies to: Windows 10Windows 10 Consumer

Summary


Virtualization-based security uses the Windows hypervisor to create isolated regions of memory from the standard operating systems. Windows can use this security feature to host security solutions while providing greatly increased protection from vulnerabilities in the operating system. For more information, see Virtualization-based Security (VBS).

Virtualization-based security is available for Windows 10, version 1903 (OS build 18362.383) on supported ARM devices that are running on Qualcomm's Snapdragon 850 platform and later versions. When this security feature is enabled, you may experience the following issues if the system is in an unsecure configuration:

  • Fingerprint authentication stops working because the fingerprint authentication data is cleared to protect your privacy.
  • Digital rights management (DRM)-protected videos can't be played.

The following table lists conditions that might indicate that the system is in an unsecure configuration. The table also lists the corresponding methods to revert the system from this state.

Note To use fingerprint authentication, clear the existing data, and then set up fingerprint authentication again. We recommended that you revert your system to a secure configuration before you do this.

Condition Reversion method

Failure to check or enforce the Security Version Number (SVN) of a System Guard Secure Launch process during a secure startup

Install the latest version of Windows through Windows Update

Startup debugging is being enabled

Enable Secure Boot

Test-signed code is not completely disabled for execution

Enable Secure Boot

Microsoft hypervisor self-check detects certain unsafe settings

Run the following cmdlets to disable the hypervisor debugger and delete the hypervisor load options:

  • bcdedit /set hypervisordebug off
  • bcdedit /deletevalue hypervisorloadoptions