OSDev.org

Hi,
I was trying boot my kernel to bare metal machine over PXE, But I got issue about lock bit in MSR. According to the Intel there is IA32_FEATURE_CONTROL MSR to control VMXON instruction and Bit 0 is the lock bit that uses by OEM for disabling/enabling Virtualization in BIOS. After protected mode initialization I've checked IA32_FEATURE_CONTROL (0x3a) and that got 0x5 (the lock bit set) but It should be 0x0. Is that bios depended issue? I have checked this in few machine (Lenovo Thinkpad, Acer)

Result:

It's locked by the BIOS. You'll need to change the BIOS settings to enable it.

Octocontrabass wrote:It's locked by the BIOS. You'll need to change the BIOS settings to enable it.

I changed Virtualization feature as enabled.

Value 5 in the MSR is OK. Bit 2. enabled (VMX), bit 0. enabled (lock). So you can use VMX but you can't disable VMX.
If bit 0. disabled and bit 2. enabled (value 4), execution of VMXON would cause #GP. Some old firmwares forgot to set bit 0 and let only bit 2 enabled, in that case it was easy to fix it by enabling also bit 0 prior execution of VMXON.
Value 1 would mean you can't use VMX because bit 2. disabled (VMX) and bit 0. enabled (lock) so you can't change the value of MSR to the desired value 5
Value 0 would mean firmware didn't touch the MSR and let it in the state after poweron/reset