Bug#1113774: Disabling -fcf-protection in sudo for bookworm
El 02/09/2025 a las 15:58, Matthew Vernon escribió:
> Hi,
>
> I found an old d-devel thread about this from a few years ago[0], which led me to the bookworm release notes[1] which say:
>
> "Debian's support for 32-bit PC (known as the Debian architecture i386) now no longer covers any i586 processor. The new minimum requirement is i686. What this means that the i386 architecture now requires the "long NOP" (NOPL) instruction, while bullseye still supported some i586 processors without that instruction (e.g. the "AMD Geode"). "
>
> As I read it, the conclusion of that d-d thread was that these processors are not supported in Bookworm, as it only supports i686, which the CPU that the submitter of this TC bug is using is not completely i686 compatible.
>
> Regards,
>
> Matthew
>
> [0] https://lists.debian.org/debian-devel/2023/10/msg00118.html
> [1] https://www.debian.org/releases/bookworm/i386/release-notes/ch-information.en.html#i386-is-i686
Hello Matthew,
Both that VIA C3 Nehalem and this Vortex86DX3 support long NOPs natively,
and CMOV which were also introduced with the i686 in 1995. The Vortex86DX3,
in fact, supports up to SSE1.
They do not, however, support ENDBR32 which was introduced in 2020,
twenty-five years after the introduction of the original i686
(https://www.intel.com/content/www/us/en/developer/articles/technical/technical-look-control-flow-enforcement-technology.html).
If Debian bookworm advertises itself as i686-compatible, it seems reasonable
to me that it does not require instructions that were introduced long after
the original i686.
Greetings,
Marcos
Reply to: