Windows 10: Permanently disable VBS (Virtualization-based security)?

windows-10 hyper-v amd-ryzen virtualization-based-security

Android Studio requires Hyper-V, but installing Hyper-V also enabled VBS (Virtualization-based Security). The problem is AMD's Ryzen software doesn't run if VBS is enabled.

enter image description here

Applying the following script gave me an option to "opt-out" from VBS on the next reboot, but that does not seem to be permanent. Restarting Windows seems to enable VBS again. So, it seems that I have to run the script and press the opt-out key every time.

Is there anyway to disable VBS permanently and never ask me to disable it again?

set FREE_MOUNT_VOL_DRIVELETTER=L:
mountvol %FREE_MOUNT_VOL_DRIVELETTER% /s
copy C:\WINDOWS\System32\SecConfig.efi L:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DG" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=%FREE_MOUNT_VOL_DRIVELETTER%
mountvol %FREE_MOUNT_VOL_DRIVELETTER% /d

Local Group Policy does not seem to work. enter image description here

The Registry value EnableVirtualizationBasedSecurity already has been set to 0.

enter image description here


"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard and add a new DWORD value named EnableVirtualizationBasedSecurity and set its value to 0 " DID the trick for me.


This procedure should disable Virtualization Based Security:

  • Run gpedit.msc
  • Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard
  • Double click Turn on Virtualization Based Security
  • Select Disabled
  • Click OK
  • A reboot might be required.

As far as I understand: Either it can't be disabled unless disabling Hyper-V, or Ryzen Master is treating Hyper-V same way as VBS.

Any way OP was asking this question because he wanted to execute Ryzen Master (as well as I was today).

Heare I would print hacky solution to launch Ryzen Master without disabling Hyper-V.

Reddit user klauspost has created a patch that allows bypassing this checks in Ryzen Master. I've tested and it works on my machine and it indeed able to change CPU configuration.

The patch itself: https://github.com/klauspost/ryzen-master-vbs-patch Reddit thread: https://www.reddit.com/r/Amd/comments/gtvy2w/patch_for_amd_ryzen_master_to_work_with/

Some youtube video with tutorial how to apply patch: https://www.youtube.com/watch?v=h7xId0RO9Rk

P.S. As far as I understand: AMD don't want to cause any stability issues so they won't officially allow ti run with Hyper-V. It can cause some issues with virtualization. Hyper-V is such type of VM that is running at top of Windows, so your OS is always run inside VM.

So use this patch for your own risk. Neither I nor patch author is responsible for possible damage.

Related

Make Windows "Show icon and notifications" by default, but let you hide some
scp exec request failed on channel 0
Stop Windows 7 from searching while I’m typing in the search field, and wait for me to press Enter
Firefox extension to organise tab groups [closed]
Can I share my Internet from my laptop by bluetooth?
Why do `bind` and `.inputrc` behave differently?
How to remove window decoration under OSX?
Is my GPU dying?
How to tell `links` to ignore expired SSL certificate and proceed?
What does "C:2\" in a windows path string mean?
Filtering in foobar2000 (show .flac if available else other format)?
Chromium Render SPU tab stuck above VirtualBox task in Win10