Windows 10: Permanently disable VBS (Virtualization-based security)?
Android Studio requires Hyper-V, but installing Hyper-V also enabled VBS (Virtualization-based Security). The problem is AMD's Ryzen software doesn't run if VBS is enabled.
Applying the following script gave me an option to "opt-out" from VBS on the next reboot, but that does not seem to be permanent. Restarting Windows seems to enable VBS again. So, it seems that I have to run the script and press the opt-out key every time.
Is there anyway to disable VBS permanently and never ask me to disable it again?
set FREE_MOUNT_VOL_DRIVELETTER=L:
mountvol %FREE_MOUNT_VOL_DRIVELETTER% /s
copy C:\WINDOWS\System32\SecConfig.efi L:\EFI\Microsoft\Boot\SecConfig.efi /Y
bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DG" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=%FREE_MOUNT_VOL_DRIVELETTER%
mountvol %FREE_MOUNT_VOL_DRIVELETTER% /d
Local Group Policy does not seem to work.
The Registry value EnableVirtualizationBasedSecurity
already has been set to 0
.
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceGuard and add a new DWORD value named EnableVirtualizationBasedSecurity and set its value to 0 " DID the trick for me.
This procedure should disable Virtualization Based Security:
- Run
gpedit.msc
- Go to Local Computer Policy > Computer Configuration > Administrative Templates > System > Device Guard
- Double click Turn on Virtualization Based Security
- Select Disabled
- Click OK
- A reboot might be required.
As far as I understand: Either it can't be disabled unless disabling Hyper-V, or Ryzen Master is treating Hyper-V same way as VBS.
Any way OP was asking this question because he wanted to execute Ryzen Master (as well as I was today).
Heare I would print hacky solution to launch Ryzen Master without disabling Hyper-V.
Reddit user klauspost has created a patch that allows bypassing this checks in Ryzen Master. I've tested and it works on my machine and it indeed able to change CPU configuration.
The patch itself: https://github.com/klauspost/ryzen-master-vbs-patch Reddit thread: https://www.reddit.com/r/Amd/comments/gtvy2w/patch_for_amd_ryzen_master_to_work_with/
Some youtube video with tutorial how to apply patch: https://www.youtube.com/watch?v=h7xId0RO9Rk
P.S. As far as I understand: AMD don't want to cause any stability issues so they won't officially allow ti run with Hyper-V. It can cause some issues with virtualization. Hyper-V is such type of VM that is running at top of Windows, so your OS is always run inside VM.
So use this patch for your own risk. Neither I nor patch author is responsible for possible damage.