It matters because the way the VT tech works is that its disabled by default in the CPU, and is (usually) enabled by the BIOS. The reason you cant (usually) turn it on after the OS has booted is because the register used to turn it on (the MSR) has a lock-bit, which once set prevents any changes to the VT status until power is removed from the CPU.
BIOS's that simply ignore the VT enable stuff are less of a problem, because its possible to set the VT tech on, and lock it on (by writing 5 to register 3A) within the OS using
BIOS's that deliberately disable VT will set the register to 1 (vt off, lock on), turning off, and locking off the VT stuff. There is no way I know of to defeat this situation (short of disassembling the BIOS and 'fixing' it).
Some BIOS's even have the code to turn it on, but it is only triggered if a CMOS register is set to a certain value and there is no UI on these BIOS's to set that CMOS register. I believe some Sony BIOSs are like this, but am unsure.
The best ones of course allow you to turn it on in the BIOS - which is why Sony are talking BS when they say its for security. They only need to ship it turned off, and allow the users to turn it on at their own risk.
I understand that it IS a genuine risk (bluepill?) in that a hypervisor can install itself UNDER the OS layer, and then filter what the OS sees, invisible to the user (otherwise the virtualization is broken).
Thats why.
ps. apple ignored a bug report I made about the way the Mac Pro works... i guess its kinda understandable because it seems all MacOS virtualization products just turn it on using the MSR as needed.
Anyone can make an omelet with eggs. The trick is to make one with none.