Thank you Martin. Is this the same for SMX? And I notice TME is also shown to be supported and enabled... is this certain? Unfortunately there is no option for this in the bios...Yes, it's due to Hyper-V which intentionally masks presence of this feature.
Look in the screenshot, says HVCI disabled. I disabled secureboot. That shuts down HVCI. Its installed as an optional feature, but not active... windows system information and hwinfo both say disabled. I'll disable everything regardless when I have the time just to confirm what actually happens.Are you sure Hyper-V is completely disabled? Sometimes even after disabling HVCI, Hyper-V can remain active. The main window of HWiNFO should tell you whether Hyper-V is active.
Appears that this turns out to not be true. Turns out Hyper-V was already disabled in optional features. So, I disabled "Windows Hypervisor Platform" instead, all device guard features via group policy, and secure boot, and the result is the same. Bcdedit hypervisorlaunchtype is also set to the default "auto". HWINFO is not listing VMX.Hyper-V can be active regardless of HVCI or Secure Boot state. Check the "Turn Windows features on or off".
No, because I reiterate, when I disable virtualization based security, (and secure boot) under "services running" it shows none running.This is quite odd as "Hypervisor Enforced Code Integrity" (HVCI) implies Virtualization is active.
Ok, but System Guard is not loading, which depends on TXT/SMX. Theoretically if the bit was disabled in the bios, windows should still load SMX? Are those features on top of SMX necessary for it to function properly? Can you name those features?Even Viewer probably means that SGX is disabled via MSR, not TXT. There are several features on top of SMX/TXT. MSR_FEATURE_CONTROL doesn't seem to be capable of disabling TXT.