VMXON is the instruction which turns on Intel VT extensions[1]. This instruction can be enabled and disabled by setting a bit in a CPU register. Moreover, this CPU register itself can be locked so that no changes can be made until the CPU is power-cycled. In detail, the register is the IA32_FEATURE_CONTROL (0x3A) MSR. The relevant bits are: bit 0 Lock bit (0 = unlocked, 1 = permanently locked) bit 1 Enable VMXON in Intel Safer Mode Extensions (SMX) bit 2 Enable VMXON in normal operation So to find out if VT is possible with the CPU, use CPUID (in practice, check if "vmx" is in /proc/cpuinfo flags). To find out if VT can be turned on in the host, check bit 2 in the above register. There is a handy tool called msr-tools[2] which you can use: # ./rdmsr 0x3a ff03 (bit 2 is clear, so VT is _not_ enabled on this host). It seems that the BIOS locks the register (by writing 1 to bit 0). To find out if the BIOS has locked the register, use rdmsr again and look at the lowest bit. In the example above you can see that the BIOS disabled VT and locked the register. Once the register is locked, the only way around it is to reboot. If the register is unlocked you can enable VT by writing a 1 to bit 2. If you don't want to use the msr-tools, then direct access to the register can be had through /dev/cpu/<id>/msr. For example this is an strace of rdmsr 0x3a: open("/dev/cpu/0/msr", O_RDONLY) = 3 pread(3, "\3\377\0\0\0\0\0\0", 8, 58) = 8 However you need to be root to open /dev/cpu/0/msr. On machines which don't support the IA32_FEATURE_CONTROL MSR you will get an EIO error: pread(3, 0x7ffff81ec810, 8, 58) = -1 EIO (Input/output error) Rich. Notes: [1] I don't think this is possible with AMD's Pacifica extensions. I'm not sure if it's possible to disable these in the BIOS & lock them. [2] http://www.kernel.org/pub/linux/utils/cpu/msr-tools/ Sources: * linux/drivers/kvm/vmx.c: function vmx_disabled_by_bios * "Intel® Trusted Execution Technology Preliminary Architecture Specification" section 2.1.2 (http://download.intel.com/technology/security/downloads/31516803.pdf) -- Emerging Technologies, Red Hat http://et.redhat.com/~rjones/ 64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421 "[Negative numbers] darken the very whole doctrines of the equations and make dark of the things which are in their nature excessively obvious and simple" (Francis Maseres FRS, mathematician, 1759)