To judge by
this you do if you have an Intel CPU. It's kind of over my head as a hardware geek, but I gather it prevents container-type things with privileges getting out of their boxes and changing settings system-wide. Seems like a good idea. It only seems to apply to Intel cpus, so if you're running AMD, you could disable it. In fact, if you don't have a new Intel cpu, you could disable it.