vmx disabled by bios

English Install/Boot/Login
1

Since Tumbleweed has updated to the 5.6.x kernel I have been getting a message at boot

vmx (outside text) disabled by bios

This causes a pause in boot for about five seconds and then boot continues as normal.
What does it mean?
Should I be concerned about anything?

2

Hi
Can you show the output from;


lscpu
cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT
3 
lscpu
Architecture:                    x86_64
CPU op-mode(s):                  32-bit, 64-bit
Byte Order:                      Little Endian
Address sizes:                   36 bits physical, 48 bits virtual
CPU(s):                          2
On-line CPU(s) list:             0,1
Thread(s) per core:              1
Core(s) per socket:              2
Socket(s):                       1
NUMA node(s):                    1
Vendor ID:                       GenuineIntel
CPU family:                      6
Model:                           23
Model name:                      Intel(R) Core(TM)2 Duo CPU     T6670  @ 2.20GHz
Stepping:                        10
Frequency boost:                 enabled
CPU MHz:                         1916.798
CPU max MHz:                     2201.0000
CPU min MHz:                     1200.0000
BogoMIPS:                        4389.01
L1d cache:                       64 KiB
L1i cache:                       64 KiB
L2 cache:                        2 MiB
NUMA node0 CPU(s):               0,1
Vulnerability Itlb multihit:     KVM: Vulnerable
Vulnerability L1tf:              Mitigation; PTE Inversion
Vulnerability Mds:               Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
Vulnerability Meltdown:          Mitigation; PTI
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1:        Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2:        Mitigation; Full generic retpoline, STIBP disabled, RSB filling
Vulnerability Tsx async abort:   Not affected
Flags:                           fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse
                                 36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx lm constan
                                 t_tsc arch_perfmon pebs bts rep_good nopl cpuid aperfmperf pni dtes64
                                  monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm pti
                                  dtherm ida


cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT
**GRUB_CMDLINE_LINUX_DEFAULT**="splash=silent resume=/dev/disk/by-uuid/8ea5af04-ab10-4476-9148-ff20e95e88f
e mitigations=auto quiet"
4

Hi
Is virtualization (VT-x) disabled in the BIOS? This is the vmx flag, since you also show in the lscpu output;


Vulnerability Itlb multihit:     KVM: Vulnerable

If you enable VT-x, does this output disappear?

5

Thanks, yes . . . enabling virtualisation in the BIOS and the message disappears.

It’s a pretty old computer and I have never had virtualisation enabled in the BIOS before - and hadn’t seen that message right up until the latest kernel installed.
And even when the message was there - it didn’t seem to have any impact on running tumbleweed.
Nice to know what the message relates to though.
Thanks again

6

now . . .

lscpu
Architecture:                    x86_64
CPU op-mode(s):                  32-bit, 64-bit
Byte Order:                      Little Endian
Address sizes:                   36 bits physical, 48 bits virtual
CPU(s):                          2
On-line CPU(s) list:             0,1
Thread(s) per core:              1
Core(s) per socket:              2
Socket(s):                       1
NUMA node(s):                    1
Vendor ID:                       GenuineIntel
CPU family:                      6
Model:                           23
Model name:                      Intel(R) Core(TM)2 Duo CPU     T6670  @ 2.20GHz
Stepping:                        10
Frequency boost:                 enabled
CPU MHz:                         1263.563
CPU max MHz:                     2201.0000
CPU min MHz:                     1200.0000
BogoMIPS:                        4388.93
Virtualization:                  VT-x
L1d cache:                       64 KiB
L1i cache:                       64 KiB
L2 cache:                        2 MiB
NUMA node0 CPU(s):               0,1
Vulnerability Itlb multihit:     KVM: Mitigation: Split huge pages
Vulnerability L1tf:              Mitigation; PTE Inversion; VMX EPT disabled
Vulnerability Mds:               Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
Vulnerability Meltdown:          Mitigation; PTI
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1:        Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2:        Mitigation; Full generic retpoline, STIBP disabled, RSB filling
Vulnerability Tsx async abort:   Not affected
Flags:                           fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse
                                 36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx lm constan
                                 t_tsc arch_perfmon pebs bts rep_good nopl cpuid aperfmperf pni dtes64
                                  monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm
                                  pti tpr_shadow vnmi flexpriority vpid dtherm ida
7

Hi
Your call at the end of the day of course, probably need to read up on them all and decide :wink:

At least the KVM one is resolved…

8

Hi
I see:- “Vulnerability Spec store bypass: Vulnerable”, if you add the following to your kernel boot options (YaST bootloader), does it remove the vulnerable entry?


spec_store_bypass_disable=prctl