[ubuntu-hardened] NX bit and generic-pae kernel.

Seth Arnold seth.arnold at canonical.com
Thu Mar 28 21:00:04 UTC 2013

On Thu, Mar 28, 2013 at 08:11:50PM +0000, Maurice McCarthy wrote:
> First of all explore your BIOS settings to see if there is an option
> to enable NX. There should be and, if not, it is likely to be a lack
> of good will by the manufacturers for not providing this in the first
> place. It happens especially in cheap computers such as my Acer One
> netbook.
> It means there is a fault in the BIOS set up. The manufacturers have
> or should have  written new BIOS code to correct this in an update. NX
> is not enabled until after the update has been made.

Ubuntu kernels have ignored the BIOS flag for some time:

As far as I know, this feature has been merged into upstream Linus
kernels several years ago, so it should be common to every distro now.

> NX is a security feature which ought to be enabled but you may well be
> able to live without  it.
> You can still try installing a PAE kernel but I don't understand how
> this would help as PAE means physical address extension. PAE code
> enables 32 bit computers to use more that 4GB memory. As you have 1GB
> then I don't see that you need it.

The extra page access control flags are (in x86 and x86-64 arches) only
enabled when running with full PAE:


To tell if your CPU supports NX, look for the 'nx' flag in /proc/cpuinfo.

The segment emulation is decent enough. If the hardware otherwise works
for you, I wouldn't bother buying a new CPU and motherboard just to get
NX. (Though I expect the other enhancements since then are compelling.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20130328/232b39fe/attachment.pgp>

More information about the ubuntu-hardened mailing list