From b8c8a29275b29f48ee8f58da457d950c596da6e5 Mon Sep 17 00:00:00 2001
From: aktsuda <aktsuda@microsoft.com>
Date: Tue, 25 Aug 2020 19:02:50 +0900
Subject: [PATCH 1/2] Update kernel-dma-protection-for-thunderbolt.md

The item of "Virtualization technology in Firmware" doesn't exist in msinfo32.exe. So, it should be replaced with **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is NOT shown (this means Virtualization technology in Firmware is disabled).
---
 .../kernel-dma-protection-for-thunderbolt.md                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 6ea046a8f3..85a687c064 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -84,7 +84,7 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if
 1. Launch MSINFO32.exe in a command prompt, or in the Windows search bar.
 2. Check the value of **Kernel DMA Protection**.
    ![Kernel DMA protection in System Information](bitlocker/images/kernel-dma-protection.png)
-3. If the current state of **Kernel DMA Protection** is OFF and **Virtualization Technology in Firmware** is NO:
+3. If the current state of **Kernel DMA Protection** is OFF and **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is NOT shown (this means Virtualization technology in Firmware is disabled):
    - Reboot into BIOS settings
    - Turn on Intel Virtualization Technology.
    - Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md).

From 012cd7717bcce28b59a2bce6a8428135bfa4a198 Mon Sep 17 00:00:00 2001
From: aktsuda <aktsuda@microsoft.com>
Date: Wed, 26 Aug 2020 16:38:45 +0900
Subject: [PATCH 2/2] Update kernel-dma-protection-for-thunderbolt.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Changed “Virtualization technology in Firmware” to “Hyper-V - Virtualization Enabled in Firmware” and added Note.
---
 .../kernel-dma-protection-for-thunderbolt.md                | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 85a687c064..2d8554f52b 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -84,11 +84,15 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if
 1. Launch MSINFO32.exe in a command prompt, or in the Windows search bar.
 2. Check the value of **Kernel DMA Protection**.
    ![Kernel DMA protection in System Information](bitlocker/images/kernel-dma-protection.png)
-3. If the current state of **Kernel DMA Protection** is OFF and **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is NOT shown (this means Virtualization technology in Firmware is disabled):
+3. If the current state of **Kernel DMA Protection** is OFF and **Hyper-V - Virtualization Enabled in Firmware** is NO:
    - Reboot into BIOS settings
    - Turn on Intel Virtualization Technology.
    - Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md).
    - Reboot system into Windows 10.
+
+>[!NOTE]
+> **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES.
+
 4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature. 
 
 For systems that do not support Kernel DMA Protection, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection.