No announcement yet.

Getting BSOD 0x3B when launching BurnInTest 9.0 with Device Guard Enabled

  • Filter
  • Time
  • Show
Clear All
new posts

  • Getting BSOD 0x3B when launching BurnInTest 9.0 with Device Guard Enabled

    Hi, I'm running BurnInTest 9.0 on AMD Ryzen 7 2700U system with latest AMD driver on Win10 1803 Enterprise 64-bit.
    When Device Guard is enabled on this system, launching BurnInTest app will cause BSOD 0x3B immediately (0x0000003B, SYSTEM_SERVICE_EXCEPTION).

    This issue is not seen with Device Guard (DG) disabled.

    I did some experiments with DG enabled and found out that 1) this issue also happens with AMD driver uninstalled, 2) issue happens with v8.1 and 9.0, and does not occur with v7.1

    Memory dump shows that the bugcheck occurred at DirectIO64.sys.

    Could you help take a look? Sorry I won't be able to upload dump file.
    FAILURE_BUCKET_ID: 0x3B_DirectIo64!unknown_function

  • #2
    It shouldn't be possible to crash the entire machine from any application.
    Device guard is meant to protect a machine from malware. But it is pretty useless protection if it just crashes the whole machine.

    Seems VMWare also crashes it,
    and so does VirtualBox
    So does sysmon, bitlocker, Intel VTune, Cisco AnyConnect, etc....

    It seems Microsoft knows there are a bunch of drivers that aren't going to work. They wrote a whole page on it,

    and another page
    Quote. "This can cause devices or software to malfunction and in rare cases may result in a Blue Screen"

    We'll investigate it as we get time, but it is a complex area and there is unlikely to be a quick fix.


    • #3

      We had another customer report the problem and collected some additional information.

      Attempts to replicate the problem here failed. But we did it on a Intel CPU.

      So problem seems happen on new AMD CPUs only. With Windows 10 Enterprise only. Only with Device Guard turned on and only when BIOS virtualisation is ON and Secure boot is ON.

      BIOS virtualisation is called VT-D or SVM, depending on what BIOS you have.

      We are continuing to look at the problem.


      • #4
        Another update:

        Turns out Microsoft are blocking (or never implemented) AMD's MSR instructions in their virtual machine (VM) that they use with Device Guard. If they didn't want to implement this aspect of the CPU in their VM, it would have at least made sense to fail in a graceful manner. Instead they crash the whole machine. So it is really both a bug and a deficiency in Device Guard that causes this problem. It is going to cause problems for a lot of software that does low level programming, and then further problems for people losing all their work as the system & servers blue screen.

        As background MSR = Machine specific registers.
        In a modern CPU there are heaps of these MSR instructions to control and monitor the CPU's behaviour. We use them for example to check the base and turbo clock speeds the CPU is running at. In our case it crashed on the AMD MSR 0xC0010292, [Power Management Miscellaneous] PMGT_MISC. But the problem effects other MSRs as well.

        We have heard 2nd hand that Microsoft has no intention of fixing the problem in the short term (thanks Microsoft, as we really needed the extra work to document and work around your problem).

        So we'll add some detection process for when BIOS virtualisation is on (PF_VIRT_FIRMWARE_ENABLED) and an AMD CPU is in use and Windows Enterprise is in use. At the moment there doesn't seem to be any way easily directly detect if Device Guard is running or not. This will allow us to work around the problem, but will mean we don't collect a bunch of system information in the next patch releases of BurnInTest and PerformanceTest.


        • #5
          Final update (maybe):

          We have worked around the in the problem in these releases (24/Sept/2018 )
          BurnInTest V9.0 build 1011
          PerformanceTest V9.0 build 1027
          OSForensics V6.1 beta 3

          Some system CPU system information won't be collected, but it won't provoke Device Guard into crashing.