Courtesy of Intel, Windows 11 will receive a new feature that promises to make the operating system more secure. This is TME-MK, an acronym for a long name that translates to “full memory encryption with multiple keys”, an exclusive tool for computers equipped with 12th generation Core or 3rd generation Xeon.
As announced by Microsoft last Wednesday (23), the feature will be available to all users who have updated to the 22H2 version of Windows 11. Jin Lin, a cybersecurity expert at big tech, says that the encryption will take advantage of unique features of the hardware to provide more security on Windows and Azure.
The TME-MK is a feature that encrypts all device memory — a constant target of exploiting security breaches by hackers — with 128-bit keys, making any interaction between the processor and the memory private. The keys are stored in the hardware, so it is not exposed to the operating system.
The role of the software is to use the cryptographic keys to access memory whenever necessary, but the random credentials generated by the hardware remain hidden. For enterprise users with 3rd generation Intel Xeon, the TME-MK supports generation 2 (Gen 2) VMs at version 10 or later in the Azure portal.
How to enable the feature
Full memory encryption with multiple keys is easily enabled through the operating system’s command line interpreter. Just open Windows PowerShell, enter the following codes and press Enter:
Set-VMMemory -VMName -MemoryEncryptionPolicy EnabledIfSupported
As noted in the last parameter, the feature is only enabled if the machine supports full memory encryption. If not, the software will return an error message. To disable the feature, enter:
Support for the new encryption technology is a reflection of Microsoft’s goal of strengthening the security of Windows 11. The operating system brought “controversial” requirements that limited its diffusion among older computers, such as the TPM 2.0 module, a security chip on the motherboard used to encrypt different areas of the software.