|Main Archive Page > Month Archives > ubuntu-hardened archives|
On Thu, Mar 28, 2013 at 08:11:50PM +0000, Maurice McCarthy wrote:
> First of all explore your BIOS settings to see if there is an option
> to enable NX. There should be and, if not, it is likely to be a lack
> of good will by the manufacturers for not providing this in the first
> place. It happens especially in cheap computers such as my Acer One
> It means there is a fault in the BIOS set up. The manufacturers have
> or should have written new BIOS code to correct this in an update. NX
> is not enabled until after the update has been made.
Ubuntu kernels have ignored the BIOS flag for some time:
As far as I know, this feature has been merged into upstream Linus
kernels several years ago, so it should be common to every distro now.
> NX is a security feature which ought to be enabled but you may well be
> able to live without it.
> You can still try installing a PAE kernel but I don't understand how
> this would help as PAE means physical address extension. PAE code
> enables 32 bit computers to use more that 4GB memory. As you have 1GB
> then I don't see that you need it.
The extra page access control flags are (in x86 and x86-64 arches) only
enabled when running with full PAE:
To tell if your CPU supports NX, look for the 'nx' flag in /proc/cpuinfo.
The segment emulation is decent enough. If the hardware otherwise works
for you, I wouldn't bother buying a new CPU and motherboard just to get
NX. (Though I expect the other enhancements since then are compelling.)
-- ubuntu-hardened mailing list email@example.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened