/usr/sbin/check-bios-nx is in cpu-checker 0.7-0ubuntu4.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | #!/bin/sh
# Copyright 2010, Canonical, Ltd.
# License: GPLv2
# Author: Kees Cook <kees@ubuntu.com>
set -e
export LANG=C
usage() {
echo "Usage: $0 [options]"
echo ""
echo "Options:"
echo " -h, --help show this help message and exit"
echo " --verbose Explain in detail what has been detected"
}
report() {
if [ -n "$VERBOSE" ]; then
echo "$@" >/dev/stderr
fi
}
VERBOSE=
TEMP=$(getopt -o h --long verbose,help -n check-bios-nx -- "$@")
eval set -- "$TEMP"
while :; do
case "$1" in
-h|--help) usage ; exit 0 ;;
--verbose) VERBOSE=1; shift ;;
--) shift ; break ;;
*) usage >&2 ; exit 2 ;;
esac
done
export VERBOSE
if ! uname -m | egrep -q '^(i.86|x86_64)$' ; then
report "This script is currently only useful on x86-based CPUs"
exit 0
fi
# Prepare MSR access
msr="/dev/cpu/0/msr"
if [ ! -r "$msr" ]; then
modprobe msr
fi
if [ ! -r "$msr" ]; then
echo "$0: You must be root to run this check." >&2
exit 2
fi
# Check MSR_IA32_MISC_ENABLE's bit 34, NX_DISABLE
BIT=$(rdmsr --bitfield 34:34 0x1a0 2>/dev/null || true)
if [ "$BIT" = "1" ]; then
report "FAIL: the NX bit is being filtered by the BIOS on this CPU!"
exit 1
else
if egrep -m1 -q '^flags[[:blank:]]*:.*\<nx\>' /proc/cpuinfo ; then
report "ok: the NX bit is operational on this CPU."
else
report "WARNING: the NX bit is not available for this CPU."
fi
fi
exit 0
|