HP Disables VT On Some Intel Laptops 258
snoukka writes "I just bought a new HP nx9420 laptop in order to use it with Linux, XEN, and windows on XEN. I was very disappointed when I noticed that the processor had this feature but VT is disabled in BIOS by HP and cannot be enabled! Disabled!? It's like buying a car with turbo and finding out after buying it that this turbo 'feature' was disabled." The forum thread goes back to last August and is still live. The latest post from an HP rep indicates that new firmware for the nx9420 should be available later this week in which the ability to switch on VT is enabled. It's not clear whether other HP products, in which VT was also disabled, will also get new firmware.
Re:VT? (Score:5, Informative)
So does Lenovo... (Score:4, Informative)
...on some of their newer Thinkpads [thinkwiki.org]. You'd think that when you're spending $2000 on a "business-class" laptop, you'd get it without any artificial limitations...
Re:VT? (Score:1, Informative)
VT [wikipedia.org]!
Re:VT? (Score:3, Informative)
(BTW, Virtualization Technology, for those whose browsers are incapable of leaving the slashdot domain.)
VT provides no perf advantage. (Score:4, Informative)
I was pretty disappointed to find that there is no perf. difference with VT enabled or disabled.
Re:So does Lenovo... (Score:5, Informative)
Re:Is this news or a whine? (Score:3, Informative)
mandelbr0t
Re:VT provides no perf advantage. (Score:5, Informative)
Re:So does Lenovo... (Score:5, Informative)
After having taken a closer look at the page I linked (because it's been changed since I read it last), I've discovered that my particular model (X60t) at least has a new BIOS out that fixes the problem. : )
This leads me to believe that, at least for Lenovo, it's just that they were presumably in a hurry to get the model released, not that it was intentional crippleware.
One Simple Solution (Score:4, Informative)
Re:VT provides no perf advantage. (Score:5, Informative)
2. From the Xen mailing list re why disk IO (for one thing) *will* be slower in a HVM domain than in a paravirtualised domain:
The reason the emulated IDE controller is quite slow is a consequence of
the emulation. The way it works is that the driver in the HVM domain
writes to the same IO ports that the real device would use. These writes
are intercepted by the hardware support in the processor and a VMEXIT is
issued to "exit the virtual machine" back into the hypervisor. The HV
looks at the "exit reason", and sees that it's an IO WRITE operation.
This operation is then encoded into a small packet and sent to QEMU.
QEMU processes this packet and responds back to HV to say "OK, done
that, you may continue". HV then does a VMRUN (or VMRESUME in the Intel
case) to continue the guest execution, which is probably another IO
instruction to write to the IDE controller. There's a total of 5-6 bytes
written to the IDE controller per transaction, and whilst it's possible
to combine some of these writes into a single write, it's not always
done that way. Once all writes for one transaction are completed, the
QEMU ide emulation code will perform the requested operation (such as
reading or writing a sector). When that is complete, a virtual interrupt
is issued to the guest, and the guest will see this as a "disk done"
interrupt, just like real hardware.
All these steps of IO intercepts takes several thousand cycles, which is
a bit longer than a regular IO write operation would take on the real
hardware, and the system will still need to issue the real IO operations
to perform the REAL hardware read/write corresponding to the virtual
disk (such as reading a file, LVM or physical partition) at some point,
so this is IN ADDITION to the time used by the hypervisor.
Unfortunately, the only possible improvement on this scenario is the
type "virtual-aware" driver that is described below.
[Using a slightly more efficient model than IDE may also help, but
that's going to be marginal compared to the benefits of using a
virtual-aware driver].
(Credit goes to Mats Petersson).
Re:Not surprised... (Score:3, Informative)
Re: Nothing new... (Score:3, Informative)
Needless to say, the laptop was returned and I called alienware the next day.
Nothing to see here. (Score:5, Informative)
It's really sad how HP features things, but disables them. I had to repair a DV9000 with the webcam built-in, because the webcam wasn't seen.
The spot for the webcam to hook up wasn't even tere. HP had installed a de-featured board instead of a fully-featured board.
This is everyday at HP. Nothing to see here, move along.
what most of you don t get about VT security issue (Score:5, Informative)
Moreover saying that an hypotetical "hypervisor exploit" would be undetectable is complete rubbish bullshit: it's not any more difficult to detect than to detect a root exploit. Anyone who consider that scanning a machine from itself is a safe way of detecting malware is a fool anyway. You take the system offline, hook it's hard disk to a known good system (or boot it using a live CD) and voila... Gameover rootkit, game over hypervisor "undetectable" malware.
(and if you want to play the "my servers can't be taken down" I'll fire back with a "what punk, you're telling me you've got a SPOF?").
What Xen buys you if you want, though, is free (from Linux) scanning / SHA1-summing / etc. of Windows systems without the Windows systems even *knowing* it is happening. Game over Windows "rootkits". Plain and simple.
I hope that by now you realize that if you run Xen/Linux then Windows under Xen using VT, it is *impossible* for a virus to act as the hypervisor and then to present you with a 'fake' Xen/Linux hypervisor that would allow you to run Windows. That's how VT in this day and Intel age works. It may change, but as of now: move along, nothing to see here.
(OK, OK, a *really* incredible virus could make you think you're running Windows using HVM though Windows would actually be running under QEMU... But that would be one heck of a hack and you'd notice QEMU's extreme slowness in emulation mode... No accelerated QEMU under Xen).
Hypervisor rootkits can't counter timing-attacks based detection either.
Windows running under Xen is way more secure than running on the bare metal. Dot.
So please, stop all the uninformed "oh my god VT is teh insecure tech!".
To me running Windows under Xen is the most secure thing that happened to Windows in ages (and, no, I wasn't that much of a VMWare fan).
Re:So does Lenovo... (Score:4, Informative)
According to the page, it's the Z and X series that are affected, not the T series.
A solution exists (Score:3, Informative)
It's nice to know that they're working on it, though, and they do have a preliminary solution for those of us who REALLY need it.
HA (Score:1, Informative)
After that I will never buy another HP.
Re:So does Lenovo... (Score:5, Informative)