I have an HP desktop, and I wanted to install VirtualBox, so I could run an XP VM (gotta test stuff in IE8).

Before setting this up, I went into my BIOS to check if Hardware Virtualization was on. I found the setting in the BIOS, and there was a note about it.

HP recommends keeping this setting off unless you need it

I'm paraphrasing, I forget the exact note.

I do need it, so I turned it on, but I was curious. Why does HP recommend that? What harm could come from having Hardware Virtualization on if you're not using it (to run VMs)?

  • In case someone wonders, on my machine with HP Bios 3.7, it reads "Hardware VT enables a processor feature for running multiple simultaneous Virtual Machines allowing specialized software applications to run in full isolation of each other. HP recommends that this feature remain disabled unless specialized applications are being used." Commented Mar 20, 2016 at 12:23
  • vendor agnostic: superuser.com/questions/419209/… Commented Nov 19, 2017 at 10:39

2 Answers 2


There are several attack vectors from bad drivers that can utilize VT extensions to do potentially bad things. that's why the setting is usually in the "security" section of your BIOS UI.

additionally the smaller your instruction set, the more efficient the CPU runs at a very very low level (hence last decades interest in RISC chips). having it disabled allows the CPU to cache fewer instructions and search the cache faster.


  • So is there a security risk to enabling AMD-V?
    – gen_Eric
    Commented Feb 1, 2013 at 16:21
  • 1
    yes. Installing drivers and other very-low-level software is always risky, so its probably no more risky that grabbing a driver off a non-official download site. the big differance is that a blue-pill exploit could allow a guest to affect the host and vice-versa, which should really never be true. Commented Feb 1, 2013 at 16:37
  • 1
    I disagree saying there is a security risk by enabling AMD-V. Doing a quick search on "AMD-V security" results in NO results on the first page about a security vulerability that says a great deal.
    – Ramhound
    Commented Feb 1, 2013 at 16:46
  • So, it's off by default, because there are rootkits that pretend to by hypervisors? Guess I just gotta be careful what I download! :-)
    – gen_Eric
    Commented Feb 1, 2013 at 16:49

another reason is most user kernel function are moved in VDSO (like gettimeofday).

sometimes under virtualization this fast path cannot be enabled.

so the system cannot:

gain the fast execution of these functions

avoid expensive switch from userland to kernel and return


You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .