Should I enable VT-x/AMD-v in VirtualBox?

Ineedhelp · February 10, 2023, 11:54pm

Hello. I found out that VT-x/AMD-V boxes are unchecked by default in VirtualBox machines menu for both Gateway and Workstation VMs. Should I check this option or only leave PAE/NX checked?

Another question. Is it safe to update VirtualBox to version 7? Are Whonix VMs ok with new version of VirtualBox or users should stay on version 6?

Patrick · February 12, 2023, 4:26pm

Pointless exercise (no need) to show a point: Try to enable the VT-X/AMD-V box. It’s grayed out right? Meaning, you cannot make any changes there anyhow.

VT-X/AMD-V is already enabled. No changes required. To see that VT-X/AMD-V is already enabled, here are some commands that work out of the box on Linux based operating systems such as Debian or Kicksecure.

vboxmanage showvminfo Whonix-Gateway-XFCE

vboxmanage showvminfo Whonix-Gateway-XFCE | grep -i vt

vboxmanage showvminfo Whonix-Gateway-XFCE --machinereadable | grep -i vt

(For Windows, generally speaking (not specifically about this topic) running vboxmanage could be a bit more cumbersome due to how PATH works on Windows but that’s unspecific to this topic and unspecific to Whonix.)

Ineedhelp · February 12, 2023, 4:32pm

No, it is not grayed out, it is just unchecked. But in both GW and WS I can type lscpu and it shows my physical processor. Can it be a bug? Should I check VT-X/AMD-V in VirtualBox machine settings ?

Patrick · February 13, 2023, 12:19pm

Define bug. Well, it’s not related to this forum thread. You could call it an issue / bug but it’s expected. I.e. a “known issue”.

It’s documented here:

This chapter specifically:
Protocol Leak and Fingerprinting Protection‎ chapter Hardware Identifiers in Whonix wiki

Not so fast. Please try above commands including grep first and post the output here.

That’s weird.

Patrick · February 13, 2023, 12:28pm

Also please post the output of this:

vboxmanage showvminfo Whonix-Gateway-XFCE --machinereadable | grep -i hwvirt

And.

vboxmanage showvminfo Whonix-Gateway-XFCE --machinereadable | grep -i paravirt

Patrick · February 13, 2023, 12:56pm

Also the exact wording of that box is Enable Nested VT-x/AMD-V?
The keyword here is Nested.

Clearly, no. Do not enable this. There’s no need for it. You can completely ignore this.

Why would it be grayed out for some? See this.

Exception: That is unless you are interested in nested virtualization. If so, see: