wikiActivating the Intel VT Virtualization Feature
The Intel VT-x Virtualization Features (previously called VT) can be activated and deactivated in the BIOS for many systems.
Problem
Even when the features have been activated, the virtualization features are not available in the operating system. This will generate an error message indicating that Hardware Virtualization Support is not available.
Solution
Changing this BIOS setting requires the server to be turned off and on again. Only then will the new setting take effect.
Background: When the computer is turned on, the BIOS must either enable or disable the CPU's VT-x function. The selected setting is then locked to prevent this function setting from being changed during operation.[1]
Example: Intel SR2500 server
The BIOS settings can be changed from Advanced --> Processor Configuration --> Intel(R) Virtualization Technology.
The following information will be displayed in the right column of this view:
Intel (R) Virtualization Technology allows a platform to run multiple operating systems and applications in independent partitions. Note: A change to this option requires the system to be powered off and then back on before the setting will take effect.
Here is a screenshot of what the message looks like on the screen:
After saving the configuration settings, the server must be turned off and back on again.
Example: Supermicro Server with a X7DBE mainboard
The BIOS settings can be changed from Advanced --> Advanced Processor Options --> Intel(R) Virtualization Technology.
The following information will be displayed in the right column of this view:
One power-cycle will occur after changed the setting.
Here is a screenshot of what the message looks like on the screen:
Manually turning the power off and back on is not required for this server. The server will do this automatically.
Testing the Configuration under Linux
Manual switching off and on is not necessary with this server. This is done automatically by the server itself.
Does the CPU support VT-x?
On a Linux system, you can test if the CPUs will support VT-x with the help of the /proc/cpuinfo utility. If the vmx settings are listed among the flags, the CPU will support VT-x, in principle:[2]
root@grml~# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model 15 : model name : Intel(R) Xeon(R) CPU 5110 @ 1.60GHz stepping : 6 cpu MHz : 1595.896 cache size : 4096 KB physical id : 0 siblings : 2 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 10 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni dtes64 monitor ds_cpl vmx tm2 ssse3 cx16 xtpr pdcm dca lahf_lm tpr_shadow bogomips : 3193.78 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: [...]
Do the BIOS settings permit VT-x usage?
If the BIOS will permit the usage of VT-x can be determined with the help of the rdmsr (read msr) utility from the msr-tools tool package[3] MSR stands for machine-specific register, although sometimes model-specific register is used.[4] MSRs are used to set specific values for the hardware in use or to transfer values between the BIOS and the kernel.
The VT-x lock function is stored in the IA32_FEATURE_CONTROL machine-specific register (MSR address 0x3a).[5] This MSR contains the following three bits:[6]
- Bit 0: lock bit
- Bit 1: activate VMXON in SMX mode
- Bit 2: activate VMXON outside of SMX mode
The BIOS must set bits 1 and 2, or all three bits (including bit 0) so that VT-x support will be enabled.
The Linux Live CD from grml 64 for May 2009 will be used in this example. The msr-tools will be installed by means of the apt-get update and subsequent apt-get install msr-tools commands. So that rdmsr can access the MSRs, the msr kernel module will have to be installed.
Example 1: Deactivation of Intel VT-x in the BIOS
If Intel VT-x has been deactivated in the BIOS (or the server was not turned off and back on after the settings were activated), the rdmsr 0x3a command will return 1 (meaning that only bit 0 has been set).
root@grml ~ # modinfo msr filename: /lib/modules/2.6.28-grml64/kernel/arch/x86/kernel/msr.ko license: GPL description: x86 generic MSR driver author: H. Peter Anvin <hpa@zytor.com> srcversion: 645F15590C9CD893B156AD6 depends: vermagic: 2.6.28-grml64 SMP preempt mod_unload root@grml ~ # modprobe msr root@grml ~ # rdmsr 0x3a 1 root@grml ~ #
Example 2: Activation of Intel VT-x in the BIOS
With the example server (an Intel SR2500), the rdmsr 0x3a command returns 5 if Intel VT-x has been activated in the BIOS (bits 0 and 2 have been set).
root@grml ~ # modinfo msr filename: /lib/modules/2.6.28-grml64/kernel/arch/x86/kernel/msr.ko license: GPL description: x86 generic MSR driver author: H. Peter Anvin <hpa@zytor.com> srcversion: 645F15590C9CD893B156AD6 depends: vermagic: 2.6.28-grml64 SMP preempt mod_unload root@grml ~ # modprobe msr root@grml ~ # rdmsr 0x3a 5 root@grml ~ #
References
- ↑ Verifying that Intel VT-x is Enabled and Locked at Boot (VMware Communities)
- ↑ 9.3. Verifying virtualization extensions (Red Hat Enterprise Linux 6 Virtualization Administration Guide)
- ↑ msr-tools (packages.debian.org)
- ↑ Processor register (en.wikipedia.org)
- ↑ c't Hotline: Have the CPU Virtualization Features been enabled?
- ↑ Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 3C: System Programming Guide, Part 3 Chapter '23.7 ENABLING AND ENTERING VMX OPERATION' (page 5 of the pdf file)
 |
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|
