[Tails-dev] NX bit [was: Please review'n'merge feature/amd64…

Delete this message

Reply to this message
Author: Alan
Date:  
To: tails-dev
Old-Topics: [Tails-dev] Please review'n'merge feature/amd64-kernel (#5456)
Subject: [Tails-dev] NX bit [was: Please review'n'merge feature/amd64-kernel (#5456)]
Hi,

On Sat, 21 Dec 2013 18:02:54 +0100 intrigeri <intrigeri@???> wrote:
> shipping a 64-bit kernel is a pre-requisite for UEFI support, as many
> (if not all) 64-bit EFI firmwares don't support booting a 32-bit
> kernel, and we won't be supporting any (rare, and mostly obsolete)
> 32-bit UEFI hardware.
>
> The feature/amd64-kernel branch implements this: it replaces our good
> old 686-pae kernel with a 64-bit one, and adjusts various pieces of
> documentation and the test suite (I've not tested this part yet, still
> lacking a suitable setup) accordingly.
>
> Note that the code bits of this branch have been in experimental for
> many weeks now.
>
> Drawback: possibly some UX degradation inside VirtualBox, see ticket.
> But the VirtualBox guest modules have been broken since March, and
> anyway it seems obvious to me that if we had to choose between
> supporting running Tails as a guest inside VirtualBox, or running it
> on UEFI hardware, we would choose the latter.
>

If I'm not mistaken, this will remove NX bit protection on 32 bits only
CPUs supporting PAE and NX. Such hardware include, as far as I
understand: Intel Pentium 4 "prescott" and later, Intel Pentium M
"dothan" and later, Intel Core (not 2) Solo and Duo, 32 bits Intel
Atom, Via C7. This is not the most common hardware currently, but I
think it should however be thought, if it was not already.

Cheers