Intel® NUCs
Assistance in Intel® NUC products
13308 Discussions

"Standard hardware security not supported" Windows 11

RolandT
New Contributor I
5,769 Views

I recently see this Windows 11 security warning "Standard hardware security not supported" on my Intel NUC NUC10i7FNB 

 

Anyone an idea what is causing this? I assume W11 is unhappy about something but no indication as to what the problem is.

 

0 Kudos
7 Replies
Alberto_R_Intel
Moderator
5,706 Views

RolandT, Thank you for posting in the Intel® Communities Support.

 

In reference to this scenario, we recommend to make sure that the latest BIOS version is currently installed in the Intel® NUC. Latest version is 0058:

https://www.intel.com/content/www/us/en/download/19485/bios-update-fncml357.html?wapkw=nuc10i7fnk

 

Instructions to update the BIOS:

https://downloadmirror.intel.com/740729/NUC-AptioV-UEFI-Firmware-BIOS-Update-Readme.pdf

 

To check if the Intel® NUC supports “Standard Hardware Security”, Go to "Windows Security" → "Device Security".

Windows Security displays “Your device meets the requirements for standard hardware security” if all three features are turned on:

Core isolation

Security processor

Secure boot 

 

If any of the three is turned off, it displays “Standard hardware security not supported.” This is easily fixable by changing some settings in the UEFI (BIOS). To enter the BIOS, tap F2 several times as soon as you turn the Intel® NUC on:

 

Enable Intel® Virtualization Technology, Virtualization Technology, VT-x: It’s under "System Configuration". This enables Core isolation in Windows Security.

 

Enable VT-d. It’s: under "System Configuration". This enables Memory integrity in Windows Security.

 

Enable Intel® Platform Trust Technology (PTT): This enables Security processor in Windows Security. 

 

Enable Secure Boot: For OS type, select Windows UEFI mode. This enables Secure boot in Windows Security.

 

Press F10 to save and exit. Now you should be able to see that Core isolation, Security processor, and Secure boot are all turned on in Windows security and the error should not appear anymore.

 

Here you will find additional details about Windows* Standard hardware security:

https://support.microsoft.com/en-us/windows/device-protection-in-windows-security-afa11526-de57-b1c5-599f-3a4c6a61c5e2

 

The content on the above site is not controlled by Intel. This information is offered for your convenience and should not be viewed as an endorsement by Intel for the merchants or services offered there

 

Any questions, please let me know.

 

Regards,

Albert R.

 

Intel Customer Support Technician

 

 

0 Kudos
RolandT
New Contributor I
5,666 Views

Thing is W11 never complained about this until very recently. The setting are all correct. I see some reports that this could be a Microsoft bug?

0 Kudos
Alberto_R_Intel
Moderator
5,642 Views

RolandT, Thank you very much for letting us know those details.


That is correct, it seems to be this is a Microsoft bug an error related to Windows* itself based on the fact, also, that this is a feature provided by them related to Windows* directly.


So, if the settings are all correct and especially if this issue happened just recently, then the next thing to do in this case will be to get in contact directly with Microsoft Support for them to provide further technical assistance on this topic:

https://support.microsoft.com/en-us


Regards,

Albert R.


Intel Customer Support Technician


0 Kudos
LeonWaksman
Super User
5,634 Views

Hello @RolandT 

It must be some thing in your BIOS settings (for example the Secure Boot is disabled or the UEFI Boot mode is not enabled.

I've checked on my NUC FN and there is no problem.  I've checked with BIOS 0057 and then updated BIOS to 0058.

 

Leon

 

DeviceSecurity.gif

0 Kudos
RolandT
New Contributor I
5,558 Views

After another Windows11 update, I now get more info on what Windows does not like. It seems a driver that is blocking memory protection. The driver seems to be linked to a Smart Card Reader. The company states the Smart Card Reader is end of life. 

0 Kudos
n_scott_pearson
Super User Retired Employee
5,555 Views

Are you running the latest available driver for the Genesys Card Reader? The latest is v1.1.14.0, which you can download from here: https://www.intel.com/content/www/us/en/download/19604. Manually download and install this version if not currently installed.

Hopefully this will correct the situation,

...S

0 Kudos
RolandT
New Contributor I
5,548 Views

The incompatible driver is apg8201zx64.sys this is not from the Genesis card reader but probably from an old external card reader. It seems something got not properly deleted and is now conflicting 

0 Kudos
Reply