Why does PF_VIRT_FIRMWARE_ENABLED return false even when virtualization is enabled in the firmware?
IsProcessorFeaturePresent function has a processor feature called
ENABLED. A customer enabled virtualization in their firmware, but calling
IsProcessorFeaturePresent with that feature still returned
FALSE. Why is this function lying?
It’s not lying.
Even if you enable virtualization in firmware, it may not actually be available. If the operating system is running inside a virtual machine, then it cannot access the virtualization extensions because the virtualization host is using them. Checking for
ENABLED will say “No virtual extensions for you.”
Even if you think that you’re not running inside a virtual machine, you could be. If Hyper-V is enabled, then the root operating system is not actually in charge. The root operating system is running inside its own virtual machine, under the control of the hypervisor.
And remember that features like Virtualization Based Security and and Windows Defender Application Guard are security features which secretly use Hyper-V to create virtual machines to isolate untrusted code into their own containers.
Bonus chatter: I dimly recall that the IBM 360 supported self-virtualization, so you could have the host hypervisor create a virtual machine, and in the virtual machine, the operating system could itself act as a hypervisor for its own little universe of virtual machines. It’s virtual machine turtles all the way down!