SYSTEM_ISOLATED_USER_MODE_INFORMATION - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTEXAPI_H

// private
/**
 * \brief Isolated User Mode (IUM) and virtualization-based security (VBS) status.
 *
 * Queries the state of Virtualization-Based Security (VBS) infrastructure, including Hyper-V Code Integrity (HVCI),
 * Secure Kernel, trustlets, and hardware-enforced security features. Enables applications to detect when running
 * in a hardened security posture and to determine available cryptographic protections.
 * Available via NtQuerySystemInformation(SystemIsolatedUserModeInformation).
 *
 * \since Windows 10 (RS2+)
 */
typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION
{
    ///< \brief Virtualization-based Security core status (byte 0):
    BOOLEAN SecureKernelRunning : 1;                   ///< Secure Kernel (hypervisor-based isolation) is active
    BOOLEAN HvciEnabled : 1;                           ///< Hypervisor-enforced Code Integrity enabled
    BOOLEAN HvciStrictMode : 1;                        ///< HVCI in strict enforcement mode
    BOOLEAN DebugEnabled : 1;                          ///< Kernel debugger enabled (may weaken security)
    BOOLEAN FirmwarePageProtection : 1;                ///< UEFI Secure Boot firmware page protection active
    BOOLEAN EncryptionKeyAvailable : 1;                ///< Isolation-backed encryption key available from Secure Kernel
    BOOLEAN SpareFlags : 2;                            ///< Reserved for future VBS flags (bits 6-7)

    ///< \brief Isolated execution and security features (byte 1):
    BOOLEAN TrustletRunning : 1;                       ///< Trustlet (isolated edge function) is running
    BOOLEAN HvciDisableAllowed : 1;                    ///< HVCI can be disabled without reboot (policy-driven)
    BOOLEAN HardwareEnforcedVbs : 1;                   ///< VBS enforced by processor/platform (e.g., AMD SME, Intel TXT)
    BOOLEAN NoSecrets : 1;                             ///< No cryptographic secrets loaded in isolated user mode
    BOOLEAN EncryptionKeyPersistent : 1;               ///< Encryption key persists across reboots
    BOOLEAN HardwareEnforcedHvpt : 1;                  ///< Hardware enforces Hypervisor Page Table (HVPT) isolation
    BOOLEAN HardwareHvptAvailable : 1;                 ///< CPU supports hardware-enforced HVPT (architectural feature)
    BOOLEAN SpareFlags2 : 1;                           ///< Reserved for future feature flag (bit 15)
    BOOLEAN EncryptionKeyTpmBound : 1;                 ///< Encryption key bound to TPM (Trusted Platform Module)

    ///< \brief Reserved for future expansion (binary compatibility):
    BOOLEAN Spare0[5];                                 ///< Reserved bytes for future isolated user mode flags
    ULONGLONG Spare1;                                  ///< Reserved 8 bytes for future isolated user mode expansion
} SYSTEM_ISOLATED_USER_MODE_INFORMATION, *PSYSTEM_ISOLATED_USER_MODE_INFORMATION;

#endif

View code on GitHub

NtDoc

No description available.

Edit description on GitHub