VMX enabled in bios, but showing "not supported" in HWINFO

didz

Member
Using the latest stable version. Why do you think its not showing enabled here?

1670629400019.png

You can see it is enabled in bios...

1670629384619.png

So its either a HWINFO bug, or a bios bug... how do we get to the bottom of this?

Update: i do have hyper-v / core isolation enabled, could this cause it?
 

Attachments

  • HWiNFO64.DBG
    1.9 MB · Views: 1
Yes, it's due to Hyper-V which intentionally masks presence of this feature.
Thank you Martin. Is this the same for SMX? And I notice TME is also shown to be supported and enabled... is this certain? Unfortunately there is no option for this in the bios...
 
Virtualization can mask/fake any parameter and there's no way how to circumvent this and access real hardware parameters when the Hypervisor doesn't want to.
Try without Hyper-V to see what's real in your system.
 
Yes, it's due to Hyper-V which intentionally masks presence of this feature.

Ok Martin, I tried with HVCI disabled, and yet the result is the same, hwinfo isn't detecting VMX, which is enabled in the bios. How do we go about rectifying this issue?
HVCI Disabled.jpg
 
Last edited:
Are you sure Hyper-V is completely disabled? Sometimes even after disabling HVCI, Hyper-V can remain active. The main window of HWiNFO should tell you whether Hyper-V is active.
 
Are you sure Hyper-V is completely disabled? Sometimes even after disabling HVCI, Hyper-V can remain active. The main window of HWiNFO should tell you whether Hyper-V is active.
Look in the screenshot, says HVCI disabled. I disabled secureboot. That shuts down HVCI. Its installed as an optional feature, but not active... windows system information and hwinfo both say disabled. I'll disable everything regardless when I have the time just to confirm what actually happens.
 
Last edited:
Hyper-V can be active regardless of HVCI or Secure Boot state. Check the "Turn Windows features on or off".
 
Hyper-V can be active regardless of HVCI or Secure Boot state. Check the "Turn Windows features on or off".
Appears that this turns out to not be true. Turns out Hyper-V was already disabled in optional features. So, I disabled "Windows Hypervisor Platform" instead, all device guard features via group policy, and secure boot, and the result is the same. Bcdedit hypervisorlaunchtype is also set to the default "auto". HWINFO is not listing VMX.
 
Msinfo states,

security available: base virtualization support, secure boot, dma protection, secure memory overite, uefi code readonly, smm security mitigations 1.0, mode based execution control, apic virtualization
services running 'credential guard, hypervisor enforced code integrity, hardware-enforce stack protection (kernel-mode)

When I disable virtualization based security it shows none running.

What do you want me to look for in task manager?
 
This is quite odd as "Hypervisor Enforced Code Integrity" (HVCI) implies Virtualization is active.
 
This is quite odd as "Hypervisor Enforced Code Integrity" (HVCI) implies Virtualization is active.
No, because I reiterate, when I disable virtualization based security, (and secure boot) under "services running" it shows none running.
 
Appears you are right, perhaps after enabling HVCI windows does a hellufa job to ensure it can't be bypassed. I ran hwinfo inside hirens boot cd, which is based on a windows 10 x64 pe environment, bypassing windows hvci, which allows to detect these hidden features. Does green signify they are enabled, or merely present?

Hwinfo.png
 
Yes, I believe when Hyper-V is active it intentionally masks availability of VMX so that no one else attempts to take over/enable it.
Green=enabled. Red=present but disabled, Grey=not present
 
As noteted above, HWINFO (and coreinfo64) state SMX (aka TXT) is enabled, the latter at least says is 'capable'. However, windows event viewer states "Event 220, System Guard enabled but not supported. Reason: TXT is disabled by the BIOS in MSR_FEATURE_CONTROL."

How can it be disabled in the bios and still in the green? Partial but not full implementation? Improper detection? A software imposed limitation to promote VPRO?
 
Last edited:
Even Viewer probably means that SGX is disabled via MSR, not TXT. There are several features on top of SMX/TXT. MSR_FEATURE_CONTROL doesn't seem to be capable of disabling TXT.
 
Even Viewer probably means that SGX is disabled via MSR, not TXT. There are several features on top of SMX/TXT. MSR_FEATURE_CONTROL doesn't seem to be capable of disabling TXT.
Ok, but System Guard is not loading, which depends on TXT/SMX. Theoretically if the bit was disabled in the bios, windows should still load SMX? Are those features on top of SMX necessary for it to function properly? Can you name those features?
 
SMX is a feature, there's nothing to load AFAIK. SGX can be independently disabled by BIOS. I'm not sure if further details can be disclosed in public, so I'd recommend to check with Microsoft or Mainboard vendor.
 
Back
Top