i386: Geode LX and NOPL
Hi folks,
I don't think that I should file this as a Debian bugreport, because
it's not a problem that I've experienced with Debian.
And I don't think that it's appropriate to write to Debian developers
directly about it yet, because I haven't been able to test the results
of what I'm curious about here.
However: my understanding is that the Geode LX is basically an i686
CPU that lacks one instruction (a 'no operation' - noop - called
NOPL). There's a long and entertaining writeup about that here:
https://www.jookia.org/wiki/Nopl
It's an unusual CPU and didn't see wide consumer adoption except
within the OLPC (One Laptop Per Child) project, where it was used for
two of the early laptop models (XO 1.0 and XO 1.5).
Recently, Intel has begun proposing some security improvements for
i686 that make use of the NOPL instruction -- and that, I think, could
cause support for the Geode LX to fall away from many Linux operating
systems because there's a fair and very reasonable argument that
adding security features for the majority of users outweighs
supporting an old and unusual CPU.
However, to get to the point after that lengthy context: there is a
patch available on the Linux kernel mailing list that adds emulation
of NOPL instructions at the kernel level. I would be curious to know
whether anyone has tried that - I intend to, after finding some
hardware that includes a Geode LX. The patch is found at:
https://lore.kernel.org/all/20210626130313.1283485-1-marcos@orca.pet/
(note: it's unclear to me whether the NOPL emulation only works for
the Linux kernel itself, or whether it extends to enabling programs
that run on the system (aka userspace binaries) that contain NOPL
instructions to run. _if_ kernel-level NOPL emulation allows both the
kernel _and_ those programs to run correctly, then I think it could be
a neat way to provide the security properties of Intel CET on most
i686 hardware, while still also allowing OLPC laptops to run the same
software (albeit with slightly reduced security properties))
Thanks (and I'll try to remember to update this thread with any findings),
James
Reply to: