VMware Workstation

 View Only
Expand all | Collapse all

AMD + Nested virtualization

  • 1.  AMD + Nested virtualization

    Posted Oct 23, 2024 05:22 PM

    Hi, have issues enabling nested virtualization on a new AMD laptop recentrly bought.

    The problematic laptop is  LENOVO P16V G1 AMD Ryzen™ 9 PRO (7940HS)

    Tested with Windows 11 pro all updates and latest updates using Lenovo Vantage

    Installed Wmware Workstation Pro 17.6.1

    Disabled Core isolation, after that ran the following commands in a CMD with admin rights

    powershell.exe Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Hypervisor
    powershell.exe Disable-WindowsOptionalFeature -Online -FeatureName "Microsoft-Hyper-V"
    bcdedit /set hypervisorlaunchtype off
    dism /online /disable-feature /featurename:Microsoft-hyper-v-all
    bcdedit /set vsmlaunchtype off
    powercfg /powerthrottling disable /path "C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe"

    Usually the procedure does the trick and nested virtualization is available, but not this time.

    Tried installing Windows10 and here everything works as expected, but must be missing something on the Windows11 setup.

    Any tips?



  • 2.  RE: AMD + Nested virtualization

    Posted Oct 25, 2024 07:49 PM

    Hello, 


    I have struggled to get it to work and in the end I needed to disable core isolation and memory integrity in system settings.

    Hope that helps.

    br,

    Mladen




  • 3.  RE: AMD + Nested virtualization

    Posted Oct 25, 2024 07:49 PM

    Hello,


    You need to disable core isolation and memory integrity in system settings.

    Br,

    Mladen




  • 4.  RE: AMD + Nested virtualization

    Posted Oct 28, 2024 03:44 AM

    Hi, thanks for the tip.

    Unfortunately for me memory integration was already disabled.

    Actually tried enabling and disabling it, but the issue persists.

    Any tips regarding debugging the issue?




  • 5.  RE: AMD + Nested virtualization

    Posted Oct 28, 2024 01:22 PM

    You can check if you succeeded changing required settings by looking at System information (msinfo).

    Virtualization-based security should be disabled.

    I remember that it was not easy to get this turned off, but don't remember the exact steps.

    It had to do with these two settings (core isolation and memory integrity), but also DeviceGuard, CredentialGuard and SystemGuard. These are configured through registry (check this for more info https://answers.microsoft.com/en-us/windows/forum/all/i-cant-disable-virtualizationbasedsecurity-vbs-why/80de9fb6-8b0b-4e06-a83e-27a95badea49) or search for "how to disable virtualisation based security".

    Hope that helps,

    Mladen




  • 6.  RE: AMD + Nested virtualization

    Posted Nov 15, 2024 09:48 AM

    Having same issue.   Were you able to disable VBS?




  • 7.  RE: AMD + Nested virtualization

    Posted Nov 18, 2024 05:58 AM

    Hi, still not found a solution.




  • 8.  RE: AMD + Nested virtualization

    Posted Nov 19, 2024 08:59 AM

    Hi, 

    have you done all these changes:

    1. turn off memory integrity (core isolation in windows settings)
    2. disable Virtual Machine Platform (in windows features)
    3. add registry entry (location: HKLM\system\currentcontrolset\control\deviceguard\, new DWORD-32 "DisableVirtualizationBasedSecurity" with a value of 0)
    4. In administator CMD window run "bcdedit /set hypervisorlaunchtype off"

    check by running msinfo32 if VBS is off.

    Hope that helps




  • 9.  RE: AMD + Nested virtualization

    Posted Dec 05, 2024 09:03 AM

    Hi,

    Can confirm core isolation is disabled

    Virtual Machine Platform is disabled

    Registry keys modified

    C:\Windows\System32>REG QUERY  HKLM\system\currentcontrolset\control\deviceguard\ -v EnableVirtualizationBasedSecurity

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\deviceguard
        EnableVirtualizationBasedSecurity    REG_DWORD    0x0


    C:\Windows\System32>REG QUERY  HKLM\system\currentcontrolset\control\deviceguard\ -v DisableVirtualizationBasedSecurity

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\deviceguard
        DisableVirtualizationBasedSecurity    REG_DWORD    0x0

    bcdedit command has been executed
    C:\Windows\System32>bcdedit /set hypervisorlaunchtype off
    The operation completed successfully.

    C:\Windows\System32>

    Machine rebooted, but the issue persists.




  • 10.  RE: AMD + Nested virtualization

    Posted Dec 08, 2024 08:37 AM
    And what is the status of Virtualization-based security
    (start>run>"msinfo32")?



    It should be "Not enabled", otherwise nested virtualization will not work.




  • 11.  RE: AMD + Nested virtualization

    Posted Dec 10, 2024 07:57 AM

    As you might have guessed 'Virtual Based Security' was running.

    Found a reference in this article https://learn.microsoft.com/en-us/answers/questions/2118859/unable-to-disable-virtual-based-security-in-window

    After running the dgreadiness with -disable flag, rebooting and verifying disabling Virtual based security is 'Enabled, but not running'.

    I am able to use nested virtualization., and it seems to be persistant between reboots.




  • 12.  RE: AMD + Nested virtualization

    Posted Dec 11, 2024 09:58 AM

    Not too persistant.. Had to reapply after december windows patch...




  • 13.  RE: AMD + Nested virtualization

    Posted Dec 12, 2024 05:00 PM
    Hello,



    Which version of Windows do you have?
    I am on 23H2 and did not have to do any changes in BIOS nor did the VBS come
    back after installing monthly CU's



    Br,

    Mladen




  • 14.  RE: AMD + Nested virtualization

    Posted Dec 13, 2024 02:30 AM

    Windows 11 23H2 (now with december CU). 24H2 still not made available.

    The VBS started up again after monthly CU.

    As mentioned bafore, never had this issure on Intel laptops (done it on 10+ Lenovo laptops), but on this AMD Ryzen I am stumped by VBS.