If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
ARM architecture support
For a non-openSUSE specific overview, you can check:
- Armv8-A Architecture support in GNU toolchain (ARM website)
- Armv8-A Architecture support in LLVM toolchain (ARM website)
- Table of Arm Architecture features vs Kernel Versions (Arm website)
On openSUSE, the various arm functions can be:
- if package version support it, and option is enabled at build time (and your hardware support it)
- if package version does not support it
- if option is disabled at build time
- 1 ARMv8.0 mandatory features
- 2 Additional/Optional ARMv8 features
- 2.1 ARMv8.1 - PAN (Privileged Access Never)
- 2.2 ARMv8.1 - LSE (Large System Extension) atomics
- 2.3 ARMv8.2 - SVE (Scalable Vector Extension)
- 2.4 ARMv8.2 - FP16/FPHP (Half-precision Floating Point)
- 2.5 ARMv8.3 - PAuth (Pointer Authentication)
- 2.6 ARMv8.3/8.4 - NV (Nested Virtualization)
- 2.7 ARMv8.5 - BTI (Branch Target Identification)
- 3 Optional 32-bit support on Armv8.x
- 4 Armv6/7 information
ARMv8.0 mandatory features
ARMv8.0 - FP (Floating point)
ARMv8.0 - SIMD (Single Instruction Multiple Data)
Additional/Optional ARMv8 features
Here are options which are optional for ARMv8.0, or part of later architectures (8.1, 8.2, etc.). Some of the options can be detected at runtime and used only if available, with minor overhead, and thus can be safely enabled, but others would break older hardware and are not enabled by default, but can be used manually, if required.
ARMv8.1 - PAN (Privileged Access Never)
PAN is an additional security mechanism against possible software attacks. It prevents the kernel or hypervisor from accessing user-space (EL0) memory directly. This option will cause any unprotected (not using copy_to_user et al) memory access to fail with a permission fault.
ARMv8.1 - LSE (Large System Extension) atomics
The atomic instructions can be used as an alternative to Load-exclusive/Store-exclusive (ldx/stx) instructions (ARMv8.0), to improve the implementation of atomic memory updates in very large systems.
With GCC 9.3.1+, you can enable/disable out-of-line atomics with -moutline-atomics and -mno-outline-atomics that choose the correct path at runtime.
With GCC 10.1+, out-of-line atomics are enabled by default, so Tumbleweed have it enabled since snapshot 20200602.
ARMv8.2 - SVE (Scalable Vector Extension)
SVE is the next-generation SIMD instruction set for AArch64, which includes a scalable vector length.
With GCC8+, you can enable SVE support by adding +sve to -march=xyz or to -mcpu=xyz. It is not enabled by default since SVE is only supported on ARMv8.2+ hardware.
ARMv8.2 - FP16/FPHP (Half-precision Floating Point)
FP16 is a half precision floating point format (on 16 bits), optional on ARMv8.2.
With GCC7+, you can enable FP16 support by adding +fp16 to -march=xyz or to -mcpu=xyz. It is not enabled by default since FP16 is only supported on some ARMv8.2+ hardware.
ARMv8.3 - PAuth (Pointer Authentication)
On ARMv8.3 hardware and newer, it allows to sign and authenticate pointers against secret keys. The purpose of this pointer authentication is to mitigate ROP attacks and other potential buffer-overrun-style attacks.
For more information, you can watch the video from SUSE Labs 2019 about Pointer Authentication: https://www.youtube.com/watch?v=iW3mXDSijSQ
Pointer Authentication - User-space support
User-space support is enabled on Tumbleweed and Leap 15.2 kernels. To use it, you just need to pass -mbranch-protection=pac-ret[+leaf] or -mbranch-protection=standard (which also enables BTI) option to GCC (older GCC can use -msign-return-address, but this is deprecated in GCC9).
Pointer Authentication - Kernel-space support
Kernel-space support has been merged in kernel 5.7 and thus is not supported in Leap yet, but it is enabled by default on Tumbleweed, since snapshot 20200612.
ARMv8.3/8.4 - NV (Nested Virtualization)
Patches for Nested Virtualization on ARMv8.3+ are not included in upstream kernel yet.
ARMv8.5 - BTI (Branch Target Identification)
On ARMv8.5 hardware and newer, it allows to sign and authenticate Branch Target against secret keys.
With GCC9+, you can enable BTI support by adding -mbranch-protection=bti or -mbranch-protection=standard (which also enable Pointer Auth). But User-space & Kernel support are both queued for kernel 5.8. So, no openSUSE version can handle it yet.
Optional 32-bit support on Armv8.x
Some Armv8.x SoCs does support 32-bit
Some Armv8.x SoCs do not support 32-bit, at all
Some Armv8.x SoCs support 32-bit only in userspace
Some Armv8.x SoC, such as the N1SDP, support 32-bit only in userspace.
On such a system, if you try to start qemu with kvm enabled with a 32-bit kernel, you will get the following error:
qemu-system-aarch64: can't apply global host-arm-cpu.aarch64=off: 'aarch64' feature cannot be disabled unless KVM is enabled and 32-bit EL1 is supported
OBS and osc do not support those newest hardware to build for armv6/7 inside KVM, yet. See: https://github.com/openSUSE/obs-build/issues/574 But you can build for armv6/7 in a chroot.
ARM 32-bit KVM host support removed in kernel 5.7
Arm 32-bit KVM host support has been removed in kernel 5.7 with commit 541ad0150ca4aa663a2
So, you need to use Leap if you need 32-bit KVM host support.