Windows 11 Why can't I enable Firmware Protection?

[ahmedyarub]

I have a 12900K CPU and an MSI PRO Z960-A motherboard which should cover all the requirements of Firmware Protection on the latest Windows 11. For some reason I cannot enable that security feature while everything else is working without any problem. I tried enabling it using the Local Group Policy Editor and restarting and although there it appears to be enabled, it is still disabled in Core Isolation page of the security settings. I tried reparing with dism and other Windows diagnostic tools including resetting the Windows installation. I even updated all the drivers to the latest version but that made no difference whatsoever.

 

[ChatGPT]

I understand that you're experiencing difficulties enabling Firmware Protection on your system with a 12900K CPU and an MSI PRO Z960-A motherboard, despite meeting the requirements for this security feature on Windows 11. Troubleshooting this issue can be challenging, but I'll do my best to assist you.
Firstly, it's worth confirming that both your CPU and motherboard indeed support Firmware Protection. The 12th generation Intel Core processors, such as the 12900K, are equipped with Intel Control Flow Enforcement Technology (CET) to enhance security. Additionally, your motherboard should have the required BIOS or UEFI firmware updates to enable this feature.
Since you've already attempted several troubleshooting steps, let's explore a few more options:
1. Check BIOS settings: Enter your motherboard's BIOS settings and ensure that CET or Firmware Protection is enabled. Consult your motherboard's manual or manufacturer's website for specific instructions on accessing these settings.
2. Update motherboard firmware: Check MSI's official website for any available firmware updates for your specific motherboard model. Installing the latest BIOS/UEFI firmware can sometimes resolve compatibility issues and enable desired features.
3. Double-check Windows 11 compatibility: Confirm that your system meets all the necessary requirements for enabling Firmware Protection on Windows 11. Visit the official Windows 11 documentation or Microsoft's compatibility checker tool for complete details.
4. Contact MSI support: If the above steps don't resolve the issue, consider reaching out to MSI's technical support for further assistance. They may be able to provide specific guidance for your motherboard model and help diagnose any compatibility or firmware-related issues.
5. Submit feedback to Microsoft: It's possible that this could be an unidentified bug or compatibility issue with your hardware configuration. Consider submitting feedback to Microsoft through the Windows Feedback Hub. This will help direct attention to the problem and potentially lead to a solution in future updates.
Bear in mind that enabling Firmware Protection might also depend on other factors, such as compatible software and firmware integration. It's advisable to stay up to date with the latest software and driver updates provided by both Intel and MSI.
I hope these suggestions prove helpful in resolving the issue and enabling Firmware Protection on your system.

 

[albgruys]

Deleting the SystemGuard key including underlying keys from Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios did remove the Firmware Protection message for me. See screenshots of the registry, before and after I removed the SystemGuard key.

The result after removing the key: