There is a Bitlocker DMA protection and then there is Kernel DMA protection. the latter is better and enabled by default on capable hardware, the former is only suggested to be used when hardware doesn't support Kernel DMA protection.
I want to know what is this DMA protection in Group Policy?
I know it's not Bitlocker DMA protection because it's located somewhere else in Group Policy. so I need confirmation and preferably reference from some official documentation that show this is indeed Kernel DMA protection and not a 3rd type of DMA protection.
I use Windows 11 22H2
Kernel DMA Protection requires new UEFI firmware support. This support is anticipated only on newly introduced, Intel-based systems shipping with Windows 10 version 1803 (not all systems). Virtualization-based Security (VBS) is not required.
To see if a system supports Kernel DMA Protection, check the System Information desktop app (MSINFO32). Systems released prior to Windows 10 version 1803 do not support Kernel DMA Protection, but they can leverage other DMA attack mitigations as described in BitLocker countermeasures.
the part where it says VBS is not required makes me think this isn't Kernel DMA protection. because as you can see in the screenshot, in order to use any of the options, we have to first enable VBS.