Hacker News new | ask | show | jobs
by dist-epoch 380 days ago
It's various pieces are called Virtualization Based Security/Core Isolation/Hypervisor-Protected Code Integrity

> Virtualization-based security, or VBS, uses hardware virtualization and the Windows hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised.

> While VBS greatly improves platform security, VBS also changes the trust boundaries in a Windows PC. With VBS, the Windows hypervisor controls many aspects of the underlying hardware that provide the basis for the VBS secure environment. The hypervisor must assume the Windows kernel could become compromised by malicious code, and so must protect key system resources from being manipulated from code running in kernel mode in a manner that could compromise security assets.

https://learn.microsoft.com/en-us/windows-hardware/design/de...

https://learn.microsoft.com/en-us/windows-hardware/design/de...

Architecture Image: https://www.microsoft.com/en-us/security/blog/wp-content/upl...
1 comments
FirmwareBurner 380 days ago
To add more to the context, VBS is also why Windows 11 requires 8th Gen CPUs or newer, because only those have added working hardware VBS.
link
jeroenhd 380 days ago
The link about VBS above says it requires

> Intel VT-X2 with Extended Page Tables (EPT)

As far as I know, this doesn't limit CPUs to 8th Gen and newer. Neither does VT-x and the other requirements.

Furthermore, there are supported ways of disabling VBS entirely so the gimped version of Windows 11 that doesn't use VBS you'd get for installing it on older hardware wouldn't be that different from an install you'd disable VBS on to get 15% better performance in video games.

link