2

In order to use Docker, Hyper-V on Windows and all that VM stuff, there must be two things:

  • The CPU must support virtualization
  • The virtualization must be enabled in the BIOS setup.

However, if we look at the BIOS, CPU virtualization settings it has are not very detailed. Usually, it is just one single flag, for instance "SVN mode: Enable/Disable" for AMD and that's it.

So, CPU virtualization is a technology that can be disabled for some reason. What is that reason?

Why should anybody ever disable CPU virtualization in the BIOS setup? My best bet is debugging problems or (unlikely) improving performance, but I want an expert commentary.

Related question — https://serverfault.com/questions/390012/ — probably a dup, but it is 8 years old.

enkryptor
  • 741

1 Answers1

2

For technical reasons virtualization can only be enabled early in the boot process, thus in the BIOS. It cannot be changed by the OS or other software.

There are some potential exploits associated with virtualization. There are differing opinions as to whether this is a real issue or at present mostly theoretical. It is generally not regarded as a serious issue but that may change in the future. I am sure that malware authors have looked into this.

Some manufacturers set virtualization on by default as a convenience for the user, most of whom don't know of it's existence. Some security software needs it. Others prefer to disable it by default, leaving it to the user to enable it if needed. In some cases virtualization is either permanently on or off with no option to change it.

Some people are almost paranoid about computer security. Every unexpected event is seen as a suspected virus or evidence that someone is hacking their computer. I have seen this on computer forums. Such individuals aware of the implications would probably consider it irresponsible to enable virtualization if it wasn't needed.

LMiller7
  • 2,674
  • 1
  • 12
  • 12