No Windows 7 XP Mode For Sony Vaio Z Owners

Voyager529 writes "While virtually every Core 2 Duo processor supports the hardware virtualization technology that powers the Windows 7 XP Mode, The Register UK reports that the Core 2 Duo processors in the Sony Vaio Z series laptops had the virtualization features intentionally crippled in the BIOS. Senior manager for product marketing Xavier Lauwaert stated that the QA engineers did this to make the systems more resilient against malicious code. He also stated that while they are considering enabling VT in some laptop models due to the backlash, the Z series are not among those being retrofitted."

Lenovo does the same thing

[Renegade88]

The virtual technology extensions of my Lenovo Thinkpass T400 has also been intentionally crippled. Sony isn't the only company making bad decisions with higher-end laptops.

Re:Why does it matter what the BIOS supports?

[Anonymous Coward]

Since DOS died the BIOS has been little more than a glorified POST. So why can't the OS just enable any features that the BIOS doesn't? Its not like any modern OS uses the BIOS once its up and running anyway - just some information the BIOS may have provided which the OS can double check for itself anyway.

IIRC the BIOS sets the CPU VT flag on powerup (ie, disabled) - once flag is set, it can't be cleared until next cold boot. However, I have an SZ series, there are tools out there to modify the bios settings to not set the flag (it works), I've successfully got linux KVM running :D (following http://forum.notebookreview.com/showthread.php?t=189228)

Re:Why does it matter what the BIOS supports?

[ripnet]

It matters because the way the VT tech works is that its disabled by default in the CPU, and is (usually) enabled by the BIOS. The reason you cant (usually) turn it on after the OS has booted is because the register used to turn it on (the MSR) has a lock-bit, which once set prevents any changes to the VT status until power is removed from the CPU.

BIOS's that simply ignore the VT enable stuff are less of a problem, because its possible to set the VT tech on, and lock it on (by writing 5 to register 3A) within the OS using /dev/msr (linux) or cpuinfo (windows). The Mac Pro (early 2008) behaves like this. This is obviously bad for security, as the malware can simply enable it!

BIOS's that deliberately disable VT will set the register to 1 (vt off, lock on), turning off, and locking off the VT stuff. There is no way I know of to defeat this situation (short of disassembling the BIOS and 'fixing' it).

Some BIOS's even have the code to turn it on, but it is only triggered if a CMOS register is set to a certain value and there is no UI on these BIOS's to set that CMOS register. I believe some Sony BIOSs are like this, but am unsure.

The best ones of course allow you to turn it on in the BIOS - which is why Sony are talking BS when they say its for security. They only need to ship it turned off, and allow the users to turn it on at their own risk.

I understand that it IS a genuine risk (bluepill?) in that a hypervisor can install itself UNDER the OS layer, and then filter what the OS sees, invisible to the user (otherwise the virtualization is broken).

Thats why.

ps. apple ignored a bug report I made about the way the Mac Pro works... i guess its kinda understandable because it seems all MacOS virtualization products just turn it on using the MSR as needed.

Linux BIOS Project is now Coreboot

[Anonymous Coward]

Just an fyi, the LinuxBIOS project was renamed Coreboot [coreboot.org].

6 out of 11 is not "virtually every"

[Anonymous Coward]

Only 6 out of 11 of the 45nm Core2 duo chips support VT according to info on intel.com. That's not "virtually every".

Not nitpicking for the sake of it, just don't want people to assume that the Core2 they're intending to buy supports VT. Best to check.

Re:It's Sony

[nschubach]

Then start hating on Lenovo as well. They show you the option, but don't let you change it. I think you're just looking for ways to hate on Sony:
http://forums.lenovo.com/lnv/board/message?board.id=ideaPad&thread.id=11293&page=2 [lenovo.com]

I'm sure there are other manufacturers doing this as well.

Not virtually all C2D's

[GreenEnvy22]

The first line of this summary is quite wrong. Intel has LOTS of Core2Duo's that do not support Intel VT. A quick look through their processor matrix will confirm this. Still, it's common practise for laptop manufacturers to disable things like VT on their consumer models. My Toshiba satellite has it disabled (not changeable in BIOS), but the pro version of it (same mainboard and cpu) has the option. I'm sure there is some way to get it working via a hex editor or something, but then we're into voiding warranties (if the bios gets fubared).

Re:What? Malicious code??

[tolan-b]

My old-ish Vaio (has a Core Duo, not the later Core 2 Duo) has VT disabled too, no BIOS setting to re-enable it, bery annoying and very pointless.

Re:Sony has ALWAYS Gimped laptops...

[vintagepc]

They do this with desktop VAIOs too... We have one here at the office that the owner could not get to dual-boot Linux and Windows... in fact, the manual even states that if you dual boot, your machine's features will be crippled... So we made the smart choice, did a linux-only install.
I think I speak for many of us when I say,
"F*ck you, Sony!".

AMD vs. Intel

[Britz]

Lots of cheap Intel processors don't even have Intel VT, while most of the AMD processors in the same price range have it enabled. While I like the fact that some of the new Pentium processors run really cool, I would never consider buying a new processor without virtualization support. Yet most of the current cheap machines (laptops and boxen) that come with Intel use processors without virtualization. Kinda limits your choices. But then again I always liked AMD better.

Re:Lenovo does the same thing

[zdzichu]

Are you sure? My T400 (bought year ago) have VT switch in BIOS from day one. My earlier z61t hadn't, and required over a year of email exchange to get VT toggle in new BIOS.

Re:What? Malicious code??

[schon]

There are a few proof-of-concept rootkits that work by installing a thin hypervisor in hyperprivileged mode

No, there is one that the creators claim to operate like this.

This is virtually undetectable to the OS

No, it's claimed to be undetectable, but when challenged [zdnet.com], the creators won't let anyone examine it to see. [zdnet.com]

Re:flash

[Chaxid]

I actually reflashed my Vaio VGN-FW285J in order to enable Intel VT-x which was deliberately disabled by Sony. It irked me to no end that they disabled this feature, since I would not have bought the laptop if I'd known they'd disabled it. The procedure on how to reflash is on my blog, along with links on how to do it for Sony's other Vaio laptops (such as the "Z" series). The blog post is here: http://linux.com/community/blogs/sonys-crippled-intel-vt-support.html [linux.com] Credit should of course go to those fine folks who took the time to reverse engineer the BIOS, such as Igor Levicki who did this for the FW series' AMI BIOS. I hope Sony realizes they are making a big mistake.

Re:Not Just Sony... Intel Marketing to blame

[rsborg]

Intel charges more for chips with VT enabled, they use it as an up sell. Many laptop manufacturers are choosing not to pay the extra, especially on low end laptops with razor thin margins. This isn't just a Sony problem. As any Apple fanboy can tell you, Apple pays for the good stuff.

Here's some more evidence that the "Apple Tax" is just a higher price for quality goods:
http://blog.fosketts.net/2009/08/07/macs-beat-pcs-intel-vt/ [aconcreter...acsbeatpcs]

Re:Lenovo does the same thing

[Creepy]

incorrect, the T9400 does support Vt.

Intel Chips are massively hit-and-miss when it comes to Vt - I suggest checking wiki [wikipedia.org] before buying. I tried to find a laptop in the $1000 range with Vt support, hardware GPU (the graphics work I do requires about a class 3 GPU here [notebookcheck.net]), and at least 720p. You almost can't find it - either they have Vt or they have hardware GPU. I get discounts from Dell, Toshiba, and IBM, but by the time I specced them out to my minimum they were $300-500 over budget. I finally found a 30% off coupon code for laptops over $1100 from HP and bought one of those (and 30% off brought it back to my $1000 budget - Dell with my discount and their sale was $400 over budget). Sony and Apple were out of my budget range from the start.

Re:The real reason

[Creepy]

yep - Virtualbox uses QEMU [qemu.org] if Vt-x or AMD-V isn't present. I've got a year old Quad-Core 8400 that doesn't support Vt-x because Intel doesn't include it in consumer grade chips (I made sure my laptop had it, though). I think this is going to bite Intel's ass just like the Intel GMA graphics thing did when they used a software timer and Vista Aero required a hardware timer.

Re:What? Malicious code??

[DJRumpy]

Read a bit further down. They indicated that these processors were specifically crippled by Intel to offer a cheaper price which is why they couldn't be enabled in Bios. The Sony on the other hand doesn't even show an option to enable VT when the processor does support VT.

"Actually, not every dual core mobile processor supports VT. Here are the specs for the p7450 in the y450. http://processorfinder.intel.com/details.aspx?sSpec=SLB54 [intel.com]

You'll notice there is no mention of VT support. But if you look at the p8600 here:
http://processorfinder.intel.com/details.aspx?sSpec=SLB3S [intel.com]

It actually does have VT support as already mentioned here. Intel purposely removed VT support on some OEM spec processors to make them available at cheaper prices to go into laptops that probably won't need VT.
Apple actually paid intel to include VT support in a p7350 processor that doesn't normally have it. "