On 04/10/19 23:56, Sean Christopherson wrote: > Always lock IA32_FEATURE_CONTROL if it exists, even if the CPU doesn't > support VMX, so that other existing and future kernel code that queries > IA32_FEATURE_CONTROL can assume it's locked. Possibly stupid question: why bother locking it? It makes sense to lock the MSR bits to _off_ in the firmware, but if the BIOS hasn't locked it, why should the OS? It seems to me that locking introduces a lot of complication. Paolo
