Un-allowed DMA capable bus/device(s) detected

Solution 1:

Microsoft provides this documentation about this message.

Both the blacklist and whitelist are in your registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DmaSecurity. I’m not aware of an automated process to check this, though creating one should be pretty easy.

A typical candidate that exists on most systems is “PCI-to-PCI Bridge”. Curiously, “PCI Express Root Complex” is both in AllowedBuses and UnallowedBuses.

Solution 2:

If there are more people trying to solve this.. I was lazy so I created a small PS script which generates .reg file (with all found PCI devices) in tmp directory and then imports it silently.

$tmpfile = "$($env:TEMP)\AllowBuses.reg"
'Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DmaSecurity\AllowedBuses]'`
| Out-File $tmpfile
(Get-PnPDevice -InstanceId PCI* `
| Format-Table -Property FriendlyName,InstanceId -HideTableHeaders -AutoSize `
| Out-String -Width 300).trim() `
-split "`r`n" `
-replace '&SUBSYS.*', '' `
-replace '\s+PCI\\', '"="PCI\\' `
| Foreach-Object{ "{0}{1}{2}" -f '"',$_,'"' } `
| Out-File $tmpfile -Append
regedit /s $tmpfile

From there you can start removing added entries via regedit one by one while refreshing system info page and checking which entry makes it incompatible again.. It is faster than adding entries manually :) For me it was missing entry for "PCI Express Downstream Switch Port"

You might need to change permissions for this key though (add your user or group as owner of the key), since also Microsoft has it in their guide here:

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker

Solution 3:

In my case, the I just needed to white-list my graphics card. Here is the process I followed to do this.

Find the problem device

1. Open up your computer and physically disconnect all optional devices from your motherboard (eg HDDs, SSDs, PCIe cards)
2. Start up the computer and run the System Information report again to see if the error has disappeared
3. If the error is still present, then my instructions probably won't help you
4. If the error is absent, add just one of the devices you removed
5. Repeat from step 2

Eventually you may find that re-adding one particular device causes the error to appear. Make note of which device it is.

Check if it has external DMA

See BitLocker drive encryption in Windows 10 for OEMs to determine whether your device has external DMA. If it does, then proceed at your own risk. Otherwise, you're ok to proceed.

Get the device ids

1. Open Device Manager

2. Find the device

3. Double-click it

4. Go to Details tab

5. Set Property to Parent

6. Copy the value

   

White-list the device

1. Open Regedit
2. Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DmaSecurity\AllowedBuses
3. Grant yourself access to modify the registry key
   1. Right-click AllowedBuses and go to Permissions
   2. Make yourself the owner
      1. Press Advanced
      2. Next to Owner, make note of what it says (mine said SYSTEM)
      3. Next to Owner, press Change
      4. Enter your username (eg your Microsoft account email address)
      5. Press OK
   3. Grant yourself access
      1. Press Add
      2. Enter your username (eg your Microsoft account email address)
      3. Press OK
      4. Select your user
      5. Tick Full Control
      6. Press OK
4. Under AllowedBuses, create a new String Value
   1. Set its name to something that easily identifies the device, such as NVIDIA GeForce GTX 1050
   2. Paste in the value you copied from Device Manager, but strip off everything after PCI\VEN_####&DEV_####
5. Restart your computer
6. Run System Information
7. Confirm that the error is now gone
8. Go back into the registry and undo the permission changes you made