check-bios-nx

Paul Graydon paul at paulgraydon.co.uk
Tue May 11 03:41:28 UTC 2010 

 From the information provided it's a bit uncertain what we're dealing 
with.  The dmidecode information suggests (possibly?) that the CPU is 
underclocked, as it's maximum speed is 3.4Ghz.  If that's the case, 
given its Family 15 , model 4, stepping 1, which means we're looking for 
CPUID string of 0F41 on the processorfinder site (15=0F in hex) it would 
be this one:

http://processorfinder.intel.com/details.aspx?sSpec=SL7KD

If, however, it actually is a 3Ghz chip then it'll be this one:

http://processorfinder.intel.com/details.aspx?sSpec=SL7PU

If underclocked then the CPU isn't capable of NX.  If it's not 
underclocked it is!

Here's a gotcha of NX bit protection as I understand it: You need to be 
running a 64bit kernel of some description for it to work, or be using a 
PAE kernel, as it operates in bit number 63.

e.g. on my workstation, running 2.6.32-21-generic-pae:
$ sudo check-bios-nx --verbose
This CPU has nx in the flags, so the BIOS is not disabling it.

I'm going to make a slight assumption here and presume that as it's a 
workstation masquerading as a server that it's not in a live internet 
serving environment?  If so it's not worth fussing about.  If, on the 
other hand, it is visible to the great unwashed masses, it may well be 
worth switching to a PAE kernel or installing a 64bit version of Ubuntu 
on there.  In a live environment any extra protection you can get is 
worth it, especially if it's easy to achieve!



Jim Tarvid wrote:
> Fascinating in a perverse way. The NX (no execute bit) is a tacit 
> concession that Von Neumann architecture is a mistake. Not sure how 
> much performance is lost by using it and even less sure if anybody 
> actually uses it. It may be called something else in the BIOS (perhaps 
> data protection or enhanced virus protection). 
> http://kerneltrap.org/node/3240
>
> Burroughs large systems incorporated an NX like feature in its memory 
> mapping scheme. http://www.groupsrv.com/computers/about487.html
>
> I suspect this discussion is academic since Intel's support of the NX 
> bit has not been consistent which could lead to a coding nightmare.
>
> I've put this conversation back on the ubuntu-server list, perhaps 
> someone else has wisdom.
>
> Jim
>
> On Mon, May 10, 2010 at 10:13 PM, Mike.lifeguard 
> <mike.lifeguard at gmail.com <mailto:mike.lifeguard at gmail.com>> wrote:
>
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA1
>
>     On 10-05-10 10:49 PM, Jim Tarvid wrote:
>     > Why not post /proc/cpuinfo and hwinfo --cpu here? You may have
>     talked me
>     > into investing a little in this box.
>
>     Sure thing:
>
>     mikelifeguard at binnie:~$ cat /proc/cpuinfo
>     processor       : 0
>     vendor_id       : GenuineIntel
>     cpu family      : 15
>     model           : 4
>     model name      : Intel(R) Pentium(R) 4 CPU 3.00GHz
>     stepping        : 1
>     cpu MHz         : 2992.688
>     cache size      : 1024 KB
>     physical id     : 0
>     siblings        : 2
>     core id         : 0
>     cpu cores       : 1
>     apicid          : 0
>     initial apicid  : 0
>     fdiv_bug        : no
>     hlt_bug         : no
>     f00f_bug        : no
>     coma_bug        : no
>     fpu             : yes
>     fpu_exception   : yes
>     cpuid level     : 5
>     wp              : yes
>     flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge
>     mca cmov pat
>     pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc
>     pebs
>     bts pni dtes64 monitor ds_cpl cid xtpr
>     bogomips        : 5985.37
>     clflush size    : 64
>     cache_alignment : 128
>     address sizes   : 36 bits physical, 32 bits virtual
>     power management:
>
>     processor       : 1
>     vendor_id       : GenuineIntel
>     cpu family      : 15
>     model           : 4
>     model name      : Intel(R) Pentium(R) 4 CPU 3.00GHz
>     stepping        : 1
>     cpu MHz         : 2992.688
>     cache size      : 1024 KB
>     physical id     : 0
>     siblings        : 2
>     core id         : 0
>     cpu cores       : 1
>     apicid          : 1
>     initial apicid  : 1
>     fdiv_bug        : no
>     hlt_bug         : no
>     f00f_bug        : no
>     coma_bug        : no
>     fpu             : yes
>     fpu_exception   : yes
>     cpuid level     : 5
>     wp              : yes
>     flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge
>     mca cmov pat
>     pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc
>     pebs
>     bts pni dtes64 monitor ds_cpl cid xtpr
>     bogomips        : 5985.46
>     clflush size    : 64
>     cache_alignment : 128
>     address sizes   : 36 bits physical, 32 bits virtual
>     power management:
>
>     mikelifeguard at binnie:~$ sudo hwinfo --cpu
>     01: None 00.0: 10103 CPU
>      [Created at cpu.304]
>      Unique ID: rdCR.j8NaKXDZtZ6
>      Hardware Class: cpu
>      Arch: Intel
>      Vendor: "GenuineIntel"
>      Model: 15.4.1 "Intel(R) Pentium(R) 4 CPU 3.00GHz"
>      Features:
>     fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,ht,tm,pbe,constant_tsc,pebs,bts,pni,dtes64,monitor,ds_cpl,cid,xtpr
>      Clock: 2992 MHz
>      BogoMips: 5984.79
>      Cache: 1024 kb
>      Units/Processor: 2
>      Config Status: cfg=new, avail=yes, need=no, active=unknown
>
>     02: None 01.0: 10103 CPU
>      [Created at cpu.304]
>      Unique ID: wkFv.j8NaKXDZtZ6
>      Hardware Class: cpu
>      Arch: Intel
>      Vendor: "GenuineIntel"
>      Model: 15.4.1 "Intel(R) Pentium(R) 4 CPU 3.00GHz"
>      Features:
>     fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,ht,tm,pbe,constant_tsc,pebs,bts,pni,dtes64,monitor,ds_cpl,cid,xtpr
>      Clock: 2992 MHz
>      BogoMips: 5985.34
>      Cache: 1024 kb
>      Units/Processor: 2
>      Config Status: cfg=new, avail=yes, need=no, active=unknown
>
>     mikelifeguard at binnie:~$ sudo dmidecode -t 4
>     # dmidecode 2.9
>     SMBIOS 2.31 present.
>
>     Handle 0x0004, DMI type 4, 35 bytes
>     Processor Information
>            Socket Designation: WMT478/NWD
>            Type: Central Processor
>            Family: Unknown
>            Manufacturer: GenuineIntel
>            ID: 41 0F 00 00 FF FB EB BF
>            Version: Intel(R) Pentium(R) 4 CPU 3.00GHz
>            Voltage: 1.8 V
>            External Clock: 100 MHz
>            Max Speed: 3400 MHz
>            Current Speed: 3000 MHz
>            Status: Populated, Enabled
>            Upgrade: Socket 478
>            L1 Cache Handle: 0x0005
>            L2 Cache Handle: 0x0006
>            L3 Cache Handle: Not Provided
>            Serial Number: Not Specified
>            Asset Tag: Not Specified
>            Part Number: Not Specified
>
>     Thanks for the help,
>     - -Mike
>     -----BEGIN PGP SIGNATURE-----
>     Version: GnuPG v1.4.10 (GNU/Linux)
>
>     iEYEARECAAYFAkvovVUACgkQst0AR/DaKHuC2wCgwnY+k4CB6l3g6ikqj5XrTOn7
>     KZIAnAm4Um5w2FdZ56QqESOg4iiTAOWt
>     =XcjA
>     -----END PGP SIGNATURE-----
>
>
>
>
> -- 
> Rev. Jim Tarvid, PCA
> Galax, Virginia
> http://ls.net
> http://drupal.ls.net
> http://crossleft.org
>
>

More information about the ubuntu-server mailing list