cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Lost_in_Space
Fanfold Paper
Posts: 9
Registered: ‎03-29-2018
Location: US
Views: 1,862
Message 11 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

I didn't bother to call the support. But I did prod and pick at the BIOS a little bit. Here are my findings:

 

1) I was able to figure out the BIOS used by Lenovo is a repackaged version of AMI BIOS

2) I was therefore able to dump the BIOS rom and view the internal settings.

 

The below image confirms the options visible in the BIOS menu

 Advanced-Config-Options.PNG

 

 

Digging further, it appears the SVM (Secure Virtual Machine Support) is disabled in the BIOS by Lenovo.

CPU-Advanced-Config.PNG

 

 

So, why is SVM disabled?

 

I think it would be possible to use the x64 cpuid instruction to enable SVM from within the OS and persist it across warm reboots (as explained in the youtube video above). I think it might even be possible to modify the BIOS rom that Lenovo provides to enable SVM across cold reboots. I am going to prod and pick at it. I want to be careful not to brick the machine. This is going to take some time.

 

But basically, it appears Lenovo is intentionally handicapping AMD Ryzen's virtualization capabilities. Why?

 

Being that no one from Lenovo has bothered to respond on this forum regarding this issue, it is very concering.

Either Lenovo doesn't care for their custoemrs.

Or they are incompenetent.

Or Both

 

I will no longer do business with Lenovo.

 

 

 

Sarexpert
Fanfold Paper
Posts: 11
Registered: ‎11-11-2017
Location: US
Views: 1,809
Message 12 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

Perhaps their motherboard design has broken virtualization.
The lack of official response is terribly troubling.
I think I will not use Lenovo products either unless they show that they care for their users enough to solve the problem or put us out of our misery..
Lost_in_Space
Fanfold Paper
Posts: 9
Registered: ‎03-29-2018
Location: US
Views: 1,787
Message 13 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

Its possible this particular motherboard (B300) has issues with SVM Mode. But neither Lenovo nor AMD has made it clear as to exactly what they are why the related options are disabled. And because they haven't revealed the technical reasons, I think this is mis-representation because the underlying processor itself supports virtualization and AMD hasn't (thus far) claimed conditions under which SVM Mode won't be functional.

 

This kind of mis-representation can be a basis for class action suit against Lenovo and AMD in US and Europe.

 

I haven't had time, but if someone else does have a look at this git:

https://github.com/tycho/cpuid

 

I couldn't get it to compile with Visual Studio. And I didn't have time to install cygwin and try.

If someone has the curiosity and time, you could try installing cygwin or try booting the desktop into Linux (using USB boot).

 

The above program will list if SVM Mode is locked in addition to being disabled. The relevant code can be found in 'feature.c'. Here are the relevan snippets:

 

{ 0x80000001, 0, REG_ECX, 0x00000004,                VENDOR_AMD                   , "secure virtual machine (SVM)"},

 

 

/* SVM Revision and Feature Identification (8000_000Ah) */
	{ 0x8000000A, 0, REG_EDX, 0x00000001,                VENDOR_AMD                   , "Nested paging"},
	{ 0x8000000A, 0, REG_EDX, 0x00000002,                VENDOR_AMD                   , "LBR virtualization"},
	{ 0x8000000A, 0, REG_EDX, 0x00000004,                VENDOR_AMD                   , "SVM lock"},
	{ 0x8000000A, 0, REG_EDX, 0x00000008,                VENDOR_AMD                   , "NRIP save"},
	{ 0x8000000A, 0, REG_EDX, 0x00000010,                VENDOR_AMD                   , "MSR-based TSC rate control"},
	{ 0x8000000A, 0, REG_EDX, 0x00000020,                VENDOR_AMD                   , "VMCB clean bits"},
	{ 0x8000000A, 0, REG_EDX, 0x00000040,                VENDOR_AMD                   , "Flush by ASID"},
	{ 0x8000000A, 0, REG_EDX, 0x00000080,                VENDOR_AMD                   , "Decode assists"},
/*	{ 0x8000000A, 0, REG_EDX, 0x00000100,                VENDOR_AMD                   , ""}, */   /* Reserved */
/*	{ 0x8000000A, 0, REG_EDX, 0x00000200,                VENDOR_AMD                   , ""}, */   /* Reserved */
	{ 0x8000000A, 0, REG_EDX, 0x00000400,                VENDOR_AMD                   , "Pause intercept filter"},
/*	{ 0x8000000A, 0, REG_EDX, 0x00000800,                VENDOR_AMD                   , ""}, */   /* Reserved */
	{ 0x8000000A, 0, REG_EDX, 0x00001000,                VENDOR_AMD                   , "PAUSE filter threshold"},
	{ 0x8000000A, 0, REG_EDX, 0x00002000,                VENDOR_AMD                   , "AMD virtual interrupt controller"},
/*	{ 0x8000000A, 0, REG_EDX, 0x00004000,                VENDOR_AMD                   , ""}, */   /* Reserved */
	{ 0x8000000A, 0, REG_EDX, 0x00008000,                VENDOR_AMD                   , "Virtualized VMLOAD/VMSAVE"},
	{ 0x8000000A, 0, REG_EDX, 0x00010000,                VENDOR_AMD                   , "Virtualized GIF"},

 

 I will look into this later this week.

joheid
What's DOS?
Posts: 1
Registered: ‎04-04-2018
Location: DE
Views: 1,718
Message 14 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

Hi all,

I just compiled an ran cpuid on my crippled ryzen 5 ideacentre. Hope the information helps to solve the issue.

kind regards

joheid

---- output of cpuid ---

CPU 0:
Maximum basic CPUID leaf: 0x0000000d

CPU vendor string: 'AuthenticAMD'

Signature: 0x00800f11
Family: 0x17 (23)
Model: 0x01 (1)
Stepping: 0x01 (1)

Local APIC: 0
Maximum number of APIC IDs per package: 8
CLFLUSH size: 64
Brand ID: 0

Base features, edx:
x87 FPU on chip
virtual-8086 mode enhancement
debugging extensions
page size extensions
time stamp counter
RDMSR and WRMSR support
physical address extensions
machine check exception
CMPXCHG8B instruction
APIC on chip
SYSENTER and SYSEXIT instructions
memory type range registers
PTE global bit
machine check architecture
conditional move instruction
page attribute table
36-bit page size extension
CLFLUSH instruction
MMX instruction set
FXSAVE/FXRSTOR instructions
SSE instructions
SSE2 instructions
max APIC IDs reserved field is valid
Base features, ecx:
SSE3 instructions
PCLMULQDQ instruction
MONITOR/MWAIT instructions
SSSE3 instructions
fused multiply-add AVX instructions
CMPXCHG16B instruction
SSE4.1 instructions
SSE4.2 instructions
MOVBE instruction
POPCNT instruction
AES instructions
XSAVE/XRSTOR instructions
OS-enabled XSAVE/XRSTOR
AVX instructions
16-bit FP conversion instructions
RDRAND instruction

MONITOR/MWAIT features:
Smallest monitor-line size: 64 bytes
Largest monitor-line size: 64 bytes
Interrupts as break-event for MWAIT, even when interrupts off

Intel Thermal and Power Management Features:
Always running APIC timer (ARAT)
Hardware Coordination Feedback Capability (APERF and MPERF)

Structured extended feature flags (ecx=0), ebx:
FSGSBASE instructions
Bit Manipulation Instructions (BMI1)
Advanced Vector Extensions 2.0 (AVX2)
Supervisor Mode Execution Protection (SMEP)
Bit Manipulation Instructions 2 (BMI2)
RDSEED instruction
Multi-Precision Add-Carry Instruction Extensions (ADX)
Supervisor Mode Access Prevention (SMAP)
CLFLUSHOPT instruction
SHA-1/SHA-256 instructions

Extended State Enumeration
Valid bit fields for lower 32 bits of XCR0:
0 - Legacy x87
1 - 128-bit SSE
2 - 256-bit AVX YMM_Hi128

Valid bit fields for upper 32-bits of XCR0:
0x00000000

Maximum size required for all enabled features: 832 bytes

Maximum size required for all supported features: 832 bytes

Features available:
0 - XSAVEOPT
1 - XSAVEC and compacted XRSTOR
2 - XGETBV with ECX=1
3 - XSAVES/XRSTORS and IA32_XSS

Extended state for 256-bit AVX YMM_Hi128 requires 256 bytes, offset 576

Maximum extended CPUID leaf: 0x8000001f

Extended features, edx:
x87 FPU on chip
virtual-8086 mode enhancement
debugging extensions
page size extensions
time stamp counter
AMD model-specific registers
physical address extensions
machine check exception
CMPXCHG8B instruction
APIC on chip
SYSCALL and SYSRET instructions
memory type range registers
PTE global bit
machine check architecture
conditional move instruction
page attribute table
36-bit page size extension
NX bit
MMX extended
MMX instructions
FXSAVE/FXRSTOR instructions
fast FXSAVE/FXRSTOR
1GB page support
RDTSCP instruction
long mode (EM64T)
Extended features, ecx:
LAHF/SAHF supported in 64-bit mode
core multi-processing legacy mode
secure virtual machine (SVM)
extended APIC space
AltMovCr8
advanced bit manipulation
SSE4A instructions
mis-aligned SSE support
3DNow! prefetch instructions
os-visible workaround
SKINIT/STGI instructions
watchdog timer
Translation cache extension
topology extensions
processor performance counter extensions
NB performance counter extensions
data access breakpoint extension
performance counter extensions
MONITORX/MWAITX instructions

Processor Name: AMD Ryzen 5 1400 Quad-Core Processor

L1 TLBs:
Data TLB (2MB and 4MB pages): 64 entries, fully associative
Instruction TLB (2MB and 4MB pages): 64 entries, fully associative
Data TLB (4KB pages): 64 entries, fully associative
Instruction TLB (4KB pages): 64 entries, fully associative

L1 caches:
Data: 32KB, 8-way associative, 1 lines per tag, 64 byte line size
Instruction: 64KB, 4-way associative, 1 lines per tag, 64 byte line size

L2 TLBs:
Data TLB (2MB and 4MB pages): 1536 entries, 2-way associative
Instruction TLB (2MB and 4MB pages): 1024 entries, 6-way associative
Data TLB (4KB pages): 1536 entries, 6-way associative
Instruction TLB (4KB pages): 1024 entries, 6-way associative

L2 cache: 512KB, 8-way, 1 lines per tag, 64 byte line size
L3 cache: 8MB, 16-way, 1 lines per tag, 64 byte line size

RAS capabilities, ebx:
MCA overflow recovery
Software uncorrectable error containment and recovery
Scalable MCA
Advanced Power Management features, edx:
Temperature Sensor
THERMTRIP
Hardware thermal control
Hardware P-state control
Invariant TSC
Read-only effective frequency interface
Connected standby
Running average power limit (RAPL)
Unaccounted for in 0x80000007:0x00000000:
eax: 0x00000000 ebx:0x00000010 ecx:0x00000000 edx:0x00000000

Physical address size: 48 bits
Linear address size: 48 bits

Core count: 8
Performance time-stamp counter size: 40 bits
Maximum core count: 16
Extended Feature Extensions:
CLZERO instruction
Instructions retired count support (IRPerf)
XSAVE always saves/restores error pointers

SVM Features and Revision Information:
Revision: 1
NASID: 32768
Features:
SVM Feature Flags:
Nested paging
LBR virtualization
SVM lock
NRIP save
MSR-based TSC rate control
VMCB clean bits
Flush by ASID
Decode assists
Pause intercept filter
PAUSE filter threshold
AMD virtual interrupt controller
Virtualized VMLOAD/VMSAVE
Virtualized GIF
Unaccounted for in 0x8000000a:0x00000000:
eax: 0x00000000 ebx:0x00000000 ecx:0x00000000 edx:0x00000800

AMD Extended Cache Topology:
32KB L1 data cache
8-way set associative
64 byte line size
Self-initializing
Shared by max 2 threads

64KB L1 code cache
4-way set associative
64 byte line size
Self-initializing
Shared by max 2 threads

512KB L2 unified cache
8-way set associative
64 byte line size
Self-initializing
Inclusive of lower cache levels
Shared by max 2 threads

4MB L3 unified cache
16-way set associative
64 byte line size
Self-initializing
WBINVD not guaranteed to invalidate lower level caches
Shared by max 4 threads

AMD Extended Topology:
Extended APIC ID: 0x00000000
Compute unit ID: 1
Cores per unit: 1
Node ID: 0
Nodes per processor: 1

-----

Lost_in_Space
Fanfold Paper
Posts: 9
Registered: ‎03-29-2018
Location: US
Views: 1,708
Message 15 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

Under

SVM Feature Flags:
Nested paging
LBR virtualization
SVM lock
NRIP save
MSR-based TSC rate control
VMCB clean bits
Flush by ASID
Decode assists
Pause intercept filter
PAUSE filter threshold
AMD virtual interrupt controller
Virtualized VMLOAD/VMSAVE
Virtualized GIF

 

It appears Lenovo has actually locked the SVM (Secure Virtual Machine) Mode in the BIOS. 

I am trying to explore if there is a way to make hidden BIOS options visible.

 

AMI's Aptio V based BIOS (used in this system) supports BIOS signing. If this feature was locked with a Lenovo Key (or signature), then it would be extremely difficult to crack the BIOS.

 

The extreme option is to overwrite the BIOS with your own version -- which is very risky. It can brick the system.

Or unsolder the NVRAM chip on the motherboad and install your own NVRAM. Which is also the solution if you've bricked the system. But then again very risky unless you know what you are doing.

 

Btw, we users shouldn't have to indulge in trickery and extreme methods to overcome this obvious functionality crippling by Lenovo.

 

Why is Lenovo silent on this matter? And for months on end ..!!!

Lost_in_Space
Fanfold Paper
Posts: 9
Registered: ‎03-29-2018
Location: US
Views: 1,706
Message 16 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

For the curious (and the brave), here is the AMI's Aptio V datasheet.


https://ami.com/ami_downloads/Aptio_V_Data_Sheet.pdf

Highlighted
langers2k
Paper Tape
Posts: 1
Registered: ‎04-05-2018
Location: GB
Views: 1,664
Message 17 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

Hitting the same problem here.

 

I've spoken to Lenovo support who initally claimed there is no AMD-V support on this machine. I then pointed out the 'device guard' option and was told it's actually the Ryzen 5 1400 that's the issue and I should change it for a Ryzen 5 1700 or above. I don't think this CPU exists so I believe it's a typo and they mean the Ryzen 7 1700.

 

I then contacted AMD support who state the Ryzen 5 1400 does support AMD-V. No surprises here as linux and windows both claim the CPU supports virtualization but that it's disabled in the bios.

 

Back to Lenovo support, they now claim that it's the combination of the Ryzen 5 1400 and their chipset (B300?) that's actually the issue. Again suggesting I change the CPU to a Ryzen 5 (7?) 1700 or above. I'm waiting for AMD to get back to me but this very much feels like Lenovo's problem.

carrot13
What's DOS?
Posts: 1
Registered: ‎04-05-2018
Location: US
Views: 1,645
Message 18 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

I have the Ryzan 7 1700 version of this system and it also does not have bios virtualization support in the bios. Should be a nice system but I primarily bought it for virtualization and development so it just sits for the most part. I will have to seriously reconsider buying a Lenovo system in the future.

Lost_in_Space
Fanfold Paper
Posts: 9
Registered: ‎03-29-2018
Location: US
Views: 1,635
Message 19 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

You can download AMDs own tool that will tell you if the processor supports SVM/Virtualization.

Its available here:

https://support.amd.com/en-us/search/utilities?k=virtualization

 

On my system:

 

AMD-Hyper-V.PNG

 

Based on responses from different users and my own experience, I have to conclude that Lenovo is both incompetent and lying.

 

 

Aguywhocodes
What's DOS?
Posts: 2
Registered: ‎04-14-2018
Location: CA
Views: 1,492
Message 20 of 40

Re: ideacentre 720-18ASU Desktop: how to enable AMD-V (virtualization)

Tried the AMD utility and got the same result.

 

The Lenovo company from which I used to purchase hardware has really changed.  You really got a stable and yet we performing product.  In the past I was able to steer individuals from purchasing another piece of hardware to buy Lenovo.

 

Not anymore.  

 

I'll won't be recommending Lenovo in the future, as I've already suggested to someone else who is happy with his Dell AMD Ryzen 7.  They have virtualization enabled and paid less.

 

Disabling a feature for what I can only assume is to ensure a capible PC only serves a selected market is just a... dirty sales tactic.

Check out current deals!


Shop current deals

Top Kudoed Authors