{"id":104550,"date":"2020-12-16T07:00:00","date_gmt":"2020-12-16T15:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=104550"},"modified":"2020-12-15T16:58:30","modified_gmt":"2020-12-16T00:58:30","slug":"20201216-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20201216-00\/?p=104550","title":{"rendered":"Why does PF_VIRT_FIRMWARE_ENABLED return false even when virtualization is enabled in the firmware?"},"content":{"rendered":"

The Is\u00adProcessor\u00adFeature\u00adPresent<\/code> function has a processor feature called PF_<\/code>VIRT_<\/code>FIRMWARE_<\/code>ENABLED<\/code>. A customer enabled virtualization in their firmware, but calling Is\u00adProcessor\u00adFeature\u00adPresent<\/code> with that feature still returned FALSE<\/code>. Why is this function lying?<\/p>\n

It’s not lying.<\/p>\n

Even if you enable virtualization in firmware, it may not actually be available. If the operating system is running inside a virtual machine, then it cannot access the virtualization extensions because the virtualization host is using them. Checking for PF_<\/code>VIRT_<\/code>FIRMWARE_<\/code>ENABLED<\/code> will say “No virtual extensions for you.”<\/p>\n

Even if you think that you’re not running inside a virtual machine, you could be. If Hyper-V is enabled, then the root operating system is not actually in charge. The root operating system is running inside its own virtual machine, under the control of the hypervisor.<\/p>\n

And remember that features like Virtualization Based Security and and Windows Defender Application Guard are security features which secretly use Hyper-V to create virtual machines to isolate untrusted code into their own containers.<\/p>\n

Bonus chatter<\/b>: I dimly recall that the IBM 360 supported self-virtualization, so you could have the host hypervisor create a virtual machine, and in the virtual machine, the operating system could itself act as a hypervisor for its own little universe of virtual machines. It’s virtual machine turtles all the way down!<\/p>\n","protected":false},"excerpt":{"rendered":"

It may be enabled, but it’s not enabled for you<\/I>.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-104550","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"

It may be enabled, but it’s not enabled for you<\/I>.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/104550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=104550"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/104550\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=104550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=104550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=104550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}