Why would vendors by default set hardware assisted virtualization off? I have a Lenovo Thinkpad X201 (64bit) but it seems this is the case with other vendors too. I want to run some virtual machines so I'm enabling it but I'm wondering if there are negative repercussions to this that I need to watch out for in the future.
Asked
Active
Viewed 1.1k times
4 Answers
12
I believe it is for security reasons. A rogue hypervisor can install itself and then run the main OS, the main OS can't tell that it's running under a hypervisor (sometimes considered ring -1). It could potentially be the ultimate virus. So you have to enable explicitly if you know you want to run a hypervisor.
Keith
- 8,293
1
I believe another reason is power-efficiency, as shutting down any parts of the processor that do not need to be used will use less power, which is especially desirable on an laptop.
paradroid
- 23,297
0
According to this other thread, there are 2 main reasons : Why does HP recommend that I keep Hardware Virtualization off?
- A security proof of concept (blue pill) may allow a guest to attack his host using virtualisation instructions.
- It also seems to have some impact on performances
It seems relevant to me, since reduced set of instructions are more efficient. I just wouldn't have thought that changing a BIOS option could directly affect this.
I got no idea whether the impact is significant or not, but considering this and the security potential flaw, having such a rarely used feature disabling by default looks like a good choice to me.
-3
From Wikipedia: "With hardware-assisted virtualization, the VMM can efficiently virtualize the entire x86 instruction set by handling these sensitive instructions using a classic trap-and-emulate model in hardware, as opposed to software."
VMM = Virtual Machine Monitor.
My guess: It's off by default because hardware-assisted virtualization incurs very high CPU loads, which in turn requires a lot more power than normal operation. You may also see performance degradation if it's always running on extremely high load. Remember, your Thinkpad isn't a server-grade system.
aqua
- 493