No Windows 7 XP Mode For Sony Vaio Z Owners

Voyager529 writes "While virtually every Core 2 Duo processor supports the hardware virtualization technology that powers the Windows 7 XP Mode, The Register UK reports that the Core 2 Duo processors in the Sony Vaio Z series laptops had the virtualization features intentionally crippled in the BIOS. Senior manager for product marketing Xavier Lauwaert stated that the QA engineers did this to make the systems more resilient against malicious code. He also stated that while they are considering enabling VT in some laptop models due to the backlash, the Z series are not among those being retrofitted."

Re:Why does it matter what the BIOS supports?

Since DOS died the BIOS has been little more than a glorified POST. So why can't the OS just enable any features that the BIOS doesn't? Its not like any modern OS uses the BIOS once its up and running anyway - just some information the BIOS may have provided which the OS can double check for itself anyway.

IIRC the BIOS sets the CPU VT flag on powerup (ie, disabled) - once flag is set, it can't be cleared until next cold boot. However, I have an SZ series, there are tools out there to modify the bios settings to not set the flag (it works), I've successfully got linux KVM running :D (following http://forum.notebookreview.com/showthread.php?t=189228)

Re:Why does it matter what the BIOS supports?

[ripnet]

It matters because the way the VT tech works is that its disabled by default in the CPU, and is (usually) enabled by the BIOS. The reason you cant (usually) turn it on after the OS has booted is because the register used to turn it on (the MSR) has a lock-bit, which once set prevents any changes to the VT status until power is removed from the CPU.

BIOS's that simply ignore the VT enable stuff are less of a problem, because its possible to set the VT tech on, and lock it on (by writing 5 to register 3A) within the OS using /dev/msr (linux) or cpuinfo (windows). The Mac Pro (early 2008) behaves like this. This is obviously bad for security, as the malware can simply enable it!

BIOS's that deliberately disable VT will set the register to 1 (vt off, lock on), turning off, and locking off the VT stuff. There is no way I know of to defeat this situation (short of disassembling the BIOS and 'fixing' it).

Some BIOS's even have the code to turn it on, but it is only triggered if a CMOS register is set to a certain value and there is no UI on these BIOS's to set that CMOS register. I believe some Sony BIOSs are like this, but am unsure.

The best ones of course allow you to turn it on in the BIOS - which is why Sony are talking BS when they say its for security. They only need to ship it turned off, and allow the users to turn it on at their own risk.

I understand that it IS a genuine risk (bluepill?) in that a hypervisor can install itself UNDER the OS layer, and then filter what the OS sees, invisible to the user (otherwise the virtualization is broken).

Thats why.

ps. apple ignored a bug report I made about the way the Mac Pro works... i guess its kinda understandable because it seems all MacOS virtualization products just turn it on using the MSR as needed.

6 out of 11 is not "virtually every"

Only 6 out of 11 of the 45nm Core2 duo chips support VT according to info on intel.com. That's not "virtually every".

Not nitpicking for the sake of it, just don't want people to assume that the Core2 they're intending to buy supports VT. Best to check.

Re:What? Malicious code??

[schon]

There are a few proof-of-concept rootkits that work by installing a thin hypervisor in hyperprivileged mode

No, there is one that the creators claim to operate like this.

This is virtually undetectable to the OS

No, it's claimed to be undetectable, but when challenged, the creators won't let anyone examine it to see.

Re:flash

[Chaxid]

I actually reflashed my Vaio VGN-FW285J in order to enable Intel VT-x which was deliberately disabled by Sony. It irked me to no end that they disabled this feature, since I would not have bought the laptop if I'd known they'd disabled it. The procedure on how to reflash is on my blog, along with links on how to do it for Sony's other Vaio laptops (such as the "Z" series). The blog post is here: http://linux.com/community/blogs/sonys-crippled-intel-vt-support.html Credit should of course go to those fine folks who took the time to reverse engineer the BIOS, such as Igor Levicki who did this for the FW series' AMI BIOS. I hope Sony realizes they are making a big mistake.