Usually I write my Blog-Posts in German, this one is English as I try to report this to Microsoft too and to reach a broader community.
Skylake PC based on Fujitsu D3410-B1 Mainboard with most actual BIOS/UEFI-Firmware V220.127.116.11 R1.21.0 for D3410-B1x,
Windows 10 Education, 64bit, v1709 running in UEFI/SecureBoot with BitLocker with TPM 2.0 Protection. Update v1703 to v1709 via WindowsUpdate was done on 05. November 2017. Before installing the Fall Creators Update everything worked smooth and fine.
After Updating to Windows 10 v1709 I noticed that there is no Sound-Output working any more, Device-Manager doesn’t show up any Sound-Output-Device (neither my Intel(R) Display-Audio nor my Realtek High Definition Audio). In addition two System-Devices stopped working, Device-Manager shows up “Code 10” for:
- High Definition Audio-Controller
- Driver: Microsoft, v10.0.16299.15, Date: 28.09.2017
- Intel(R) Management Engine Interface
- Driver: Intel, v18.104.22.1680, Date 18.07.2017
No newer Drivers available in WindowsUpdate, on Fujitsu-Website or on Intel-Website. Devices failed to load with “Code 10”.
System works fine, but no sound available. And: System Startup-Time when doing a fresh restart of the system increased significantly (Machine seems to stuck for about 1-2 Minutes at the Boot-Screen still showing the Fujitsu-UEFI-Logo and the loading Windows-Progress “circle”), but when waiting with patience the Machine boots and then runs at normal speed.
System Eventlog Source MEIx64 shows several entries with:
“Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x90000245, FWSTS1: 0x89118306).”
as well as “The Intel(R) Management Engine Interface is being disabled.”
After a while I figured out that this problem is caused by the setting “Disable new DMA devices when this computer is locked”. This setting was introduced with v1703 and I enabled it some month ago to protect my BitLocker-Key from DMA-Attacks (see this Blog-Post).
When updating to Windows 10 v1709 this setting leads to my described problem.
Countermeasure (Workaround): GroupPolicy Editor (gpedit.msc)
Computer -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Disable new DMA devices when this computer is locked.
Set this to “Disabled” => reboot the Machine => Problem is solved, both the Sound and the Intel ME Interface are working again.
Seems we have to wait for a Patch until this Setting can be reactivated again!
Send Error Report to Microsoft:
I reportet this through the Microsoft Feedback Hub, see: https://aka.ms/Gg2urj
Please UpVote for this Issue to get if fixed quicker.
Finally: Solution Win10 Cumulative Update KB4093105
On April 23rd Microsoft published Cumulative Update KB4093105 for Windows 10. This Update resolves this Issue, Bitlocker-DMA Protection can be turned on again after applying this Update. Changelog is provided here.