Why does PF_VIRT_FIRMWARE_ENABLED return false even when virtualization is enabled in the firmware?

Raymond Chen

The Is­Processor­Feature­Present function has a processor feature called PF_VIRT_FIRMWARE_ENABLED. A customer enabled virtualization in their firmware, but calling Is­Processor­Feature­Present with that feature still returned FALSE. Why is this function lying?

It’s not lying.

Even if you enable virtualization in firmware, it may not actually be available. If the operating system is running inside a virtual machine, then it cannot access the virtualization extensions because the virtualization host is using them. Checking for PF_VIRT_FIRMWARE_ENABLED will say “No virtual extensions for you.”

Even if you think that you’re not running inside a virtual machine, you could be. If Hyper-V is enabled, then the root operating system is not actually in charge. The root operating system is running inside its own virtual machine, under the control of the hypervisor.

And remember that features like Virtualization Based Security and and Windows Defender Application Guard are security features which secretly use Hyper-V to create virtual machines to isolate untrusted code into their own containers.

Bonus chatter: I dimly recall that the IBM 360 supported self-virtualization, so you could have the host hypervisor create a virtual machine, and in the virtual machine, the operating system could itself act as a hypervisor for its own little universe of virtual machines. It’s virtual machine turtles all the way down!