The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/

ARM architecture support

Jump to: navigation, search

For a non-openSUSE specific overview, you can check:

On openSUSE, the various arm functions can be:

  • Supported:
    • if package version support it, and option is enabled at build time (and your hardware support it)
  • Unsupported:
    • if package version does not support it
    • if option is disabled at build time

ARMv8.0 mandatory features

ARMv8.0 - FP (Floating point)

Version: 15.1+ Enabled by default.


ARMv8.0 - SIMD (Single Instruction Multiple Data)

Version: 15.1+ Enabled by default.


Additional/Optional ARMv8 features

Here are options which are optional for ARMv8.0, or part of later architectures (8.1, 8.2, etc.). Some of the options can be detected at runtime and used only if available, with minor overhead, and thus can be safely enabled, but others would break older hardware and are not enabled by default, but can be used manually, if required.

ARMv8.1 - PAN (Privileged Access Never)

Version: 15.1+ Enabled by default.


PAN is an additional security mechanism against possible software attacks. It prevents the kernel or hypervisor from accessing user-space (EL0) memory directly. This option will cause any unprotected (not using copy_to_user et al) memory access to fail with a permission fault.


ARMv8.1 - LSE (Large System Extension) atomics

Version: Tumbleweed Fully enabled by default.


The atomic instructions can be used as an alternative to Load-exclusive/Store-exclusive (ldx/stx) instructions (ARMv8.0), to improve the implementation of atomic memory updates in very large systems.

With GCC 9.3.1+, you can enable/disable out-of-line atomics with -moutline-atomics and -mno-outline-atomics that choose the correct path at runtime.

With GCC 10.1+, out-of-line atomics are enabled by default, so Tumbleweed have it enabled since snapshot 20200602.

ARMv8.2 - SVE (Scalable Vector Extension)

Version: 15.1+ Disabled by default, requires gcc8 with explicit option.


SVE is the next-generation SIMD instruction set for AArch64, which includes a scalable vector length.

With GCC8+, you can enable SVE support by adding +sve to -march=xyz or to -mcpu=xyz. It is not enabled by default since SVE is only supported on ARMv8.2+ hardware.


ARMv8.2 - FP16/FPHP (Half-precision Floating Point)

Version: 15.1+ Disabled by default, requires gcc7 with explicit option.


FP16 is a half precision floating point format (on 16 bits), optional on ARMv8.2.

With GCC7+, you can enable FP16 support by adding +fp16 to -march=xyz or to -mcpu=xyz. It is not enabled by default since FP16 is only supported on some ARMv8.2+ hardware.

ARMv8.3 - PAuth (Pointer Authentication)

On ARMv8.3 hardware and newer, it allows to sign and authenticate pointers against secret keys. The purpose of this pointer authentication is to mitigate ROP attacks and other potential buffer-overrun-style attacks.

For more information, you can watch the video from SUSE Labs 2019 about Pointer Authentication: https://www.youtube.com/watch?v=iW3mXDSijSQ

Pointer Authentication - User-space support

Version: 15.2+ Disabled by default.


User-space support is enabled on Tumbleweed and Leap 15.2 kernels. To use it, you just need to pass -mbranch-protection=pac-ret[+leaf] or -mbranch-protection=standard (which also enables BTI) option to GCC (older GCC can use -msign-return-address, but this is deprecated in GCC9).

Pointer Authentication - Kernel-space support

Version: Tumbleweed Enabled by default


Kernel-space support has been merged in kernel 5.7 and thus is not supported in Leap yet, but it is enabled by default on Tumbleweed, since snapshot 20200612.

ARMv8.3/8.4 - NV (Nested Virtualization)

Patches for Nested Virtualization on ARMv8.3+ are not included in upstream kernel yet.

ARMv8.5 - BTI (Branch Target Identification)

On ARMv8.5 hardware and newer, it allows to sign and authenticate Branch Target against secret keys.

With GCC9+, you can enable BTI support by adding -mbranch-protection=bti or -mbranch-protection=standard (which also enable Pointer Auth). But User-space & Kernel support are both queued for kernel 5.8. So, no openSUSE version can handle it yet.

Optional 32-bit support on Armv8.x

Some Armv8.x SoCs does support 32-bit

Some Armv8.x SoCs support 32-bit, such as Ampere eMAG, HoneyComb_LX2K and more. Thus, you can use it to build and run 32-bit in userspace and kernel.


Some Armv8.x SoCs do not support 32-bit, at all

Some Armv8.x SoCs do not support 32-bit at all, such as ThunderX and ThunderX2 machines.


Some Armv8.x SoCs support 32-bit only in userspace

Some Armv8.x SoC, such as the N1SDP, support 32-bit only in userspace.

On such a system, if you try to start qemu with kvm enabled with a 32-bit kernel, you will get the following error:

 qemu-system-aarch64: can't apply global host-arm-cpu.aarch64=off: 'aarch64' feature cannot be disabled unless KVM is enabled and 32-bit EL1 is supported

OBS and osc do not support those newest hardware to build for armv6/7 inside KVM, yet. See: https://github.com/openSUSE/obs-build/issues/574 But you can build for armv6/7 in a chroot.

Armv6/7 information

ARM 32-bit KVM host support removed in kernel 5.7

Arm 32-bit KVM host support has been removed in kernel 5.7 with commit 541ad0150ca4aa663a2

So, you need to use Leap if you need 32-bit KVM host support.