67 lines
1.4 KiB
Bash
Executable File
67 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
# Copyright 2010, Canonical, Ltd.
|
|
# License: GPLv2
|
|
# Author: Kees Cook <kees@ubuntu.com>
|
|
set -e
|
|
|
|
export LANG=C
|
|
|
|
usage() {
|
|
echo "Usage: $0 [options]"
|
|
echo ""
|
|
echo "Options:"
|
|
echo " -h, --help show this help message and exit"
|
|
echo " --verbose Explain in detail what has been detected"
|
|
}
|
|
|
|
report() {
|
|
if [ -n "$VERBOSE" ]; then
|
|
echo "$@" >/dev/stderr
|
|
fi
|
|
}
|
|
|
|
VERBOSE=
|
|
|
|
TEMP=$(getopt -o h --long verbose,help -n check-bios-nx -- "$@")
|
|
eval set -- "$TEMP"
|
|
|
|
while :; do
|
|
case "$1" in
|
|
-h|--help) usage ; exit 0 ;;
|
|
--verbose) VERBOSE=1; shift ;;
|
|
--) shift ; break ;;
|
|
*) usage >&2 ; exit 2 ;;
|
|
esac
|
|
done
|
|
|
|
export VERBOSE
|
|
|
|
if ! uname -m | egrep -q '^(i.86|x86_64)$' ; then
|
|
report "This script is currently only useful on x86-based CPUs"
|
|
exit 0
|
|
fi
|
|
|
|
# Prepare MSR access
|
|
msr="/dev/cpu/0/msr"
|
|
if [ ! -r "$msr" ]; then
|
|
modprobe msr
|
|
fi
|
|
if [ ! -r "$msr" ]; then
|
|
echo "$0: You must be root to run this check." >&2
|
|
exit 2
|
|
fi
|
|
|
|
# Check MSR_IA32_MISC_ENABLE's bit 34, NX_DISABLE
|
|
BIT=$(rdmsr --bitfield 34:34 0x1a0 2>/dev/null || true)
|
|
if [ "$BIT" = "1" ]; then
|
|
report "FAIL: the NX bit is being filtered by the BIOS on this CPU!"
|
|
exit 1
|
|
else
|
|
if egrep -m1 -q '^flags[[:blank:]]*:.*\<nx\>' /proc/cpuinfo ; then
|
|
report "ok: the NX bit is operational on this CPU."
|
|
else
|
|
report "WARNING: the NX bit is not available for this CPU."
|
|
fi
|
|
fi
|
|
exit 0
|