Why do systems generally disable virtualization by default in BIOS settings?

I have yet to see a system whose default configuration enables MMU and directed I/O virtualization. Often this necessitates rebooting and going into the BIOS to enable it if you want, e.g., 64-bit support on your VMs.

Is there some kind of substantial processor overhead that occurs if this is switched on and you're not using virtualization? If not, then what's the reason for it being off by default?


There were some proof-of-concept rootkits like Blue Pill a while back that could own a system with VT on. After this discovery, most vendors began shipping their units with VT disabled as a general security precaution.


All the server blades we buy have virtualization enabled by default. It may be because our vendor has made a commercial decision to do so to save on so many support calls.

It is not disabled because of a processor hit, but depending on what is it being used for. It may be off by default, because enabling these features may affect peripheral access.


Note that according to this other thread, it also seems to have some impact on performances https://superuser.com/questions/545101/why-does-hp-recommend-that-i-keep-hardware-virtualization-off

It seems relevant to me, since reduced set of instructions are more efficient. I just wouldn't have thought that changing a BIOS option could directly affect this.

I got no idea whether the impact is significant or not, but considering this and the security potential flaw, having such a rarely used feature disabled by default looks like a good choice to me.


another reason is most user kernel function (like gettimeofday) are moved in VDSO.

sometimes under virtualization this fast path cannot be enabled.

so the system cannot:

gain the fast execution of these functions

avoid expensive switch from userland to kernel and return