Hi!
I'm trying to disable Virtualization Based Security in my Windows 10 (up-to-date) machine so I can achieve nested virtualization. However, it seems to be in "Locked" mode because secure boot is enabled in the UEFI. How can i disable secure boot or just change the EFI config to disable VBS? Usually you need BIOS/UEFI access to do this stuff but according to some people on the internet it is indeed possible however I'm having trouble disabling VBS.
I tried using group policy, registry keys and editing the BCD with no success.
I ran this script here to see if nested virtualization was possible:
https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/1d4fdaefa39ea4f3f25cce3c349753bee2c88181/hyperv-tools/Nested/Get-NestedVirtStatus.ps1
It's from Microsoft and it says "NO" because "Virtualization Based Security is running". So is there any way i can manipulate those BIOS/UEFI settings?
Here is what Group Policy says about the "Disabled" option for VBS:
"The "Disabled" option turns off Virtualization Based Protection of Code Integrity remotely if it was previously turned on with the "Enabled without lock" option.
The "Enabled with UEFI lock" option ensures that Virtualization Based Protection of Code Integrity cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to "Disabled" as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI."
Thank you.
EDIT:
These docs should also probably be updated to account for VBS (e.g. the "GitHub" link should point to the Microsoft script which more up-to-date and for me actually works to detect if nested virtualization is possible on Windows 10):
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nested-virtualization
I tried running that script in that GitHub link and it says "success" but when I use the Microsoft script it says no VBS is still running. Maybe it works on Windows Server 2016?
Also note that I'm trying to use VirtualBox not Hyper-V. I tried following this guide to no avail because of VBS:
https://e-apostolidis.gr/microsoft/azure/virtualbox-on-azure-vm-for-testing-or-run-old-apps/
Related StackOverflow issue:
https://stackoverflow.com/questions/59968891/can-i-run-a-virtualbox-inside-a-azure-vm
I also tried adding/removing certain Windows features.
I get this error in VirtualBox when starting a VM:
"WHvCapabilityCodeHypervisorPresent is FALSE! Make sure you have enabled the 'Windows Hypervisor Platform' feature. (VERR_NEM_NOT_AVAILABLE).
VT-x is not available (VERR_VMX_NO_VMX)."
Maybe I should just do this on an earlier version of Windows before VBS/VBS locking came out...