The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/

ARM architecture support

Jump to: navigation, search

For a non-openSUSE specific overview, you can check:

On openSUSE, the various arm functions can be:

  • Supported:
    • if package version support it, and option is enabled at build time (and your hardware support it)
  • Unsupported:
    • if package version does not support it
    • if option is disabled at build time

ARMv8.0 mandatory features

ARMv8.0 - FP (Floating point)

Version: 15.1+ Enabled by default.


ARMv8.0 - SIMD (Single Instruction Multiple Data)

Version: 15.1+ Enabled by default.


Additional/Optional ARMv8 features

Here are options which are optional for ARMv8.0, or part of later architectures (8.1, 8.2, etc.). Some of the options can be detected at runtime and used only if available, with minor overhead, and thus can be safely enabled, but others would break older hardware and are not enabled by default, but can be used manually, if required.

ARMv8.1 - CRC32

Version: 15.1+ Disabled by default.


CRC32 is an extension optional in ARMv8.0, mandatory in ARMv8.1, to compute a Cyclic Redundancy Check (CRC) calculation. With GCC, you need to pass +crc to -march flag.

When supported by your hardware, you should fine this line in the kernel log:

CPU features: detected: CRC32 instructions

ARMv8.1 - PAN (Privileged Access Never)

Version: 15.1+ Enabled by default.


PAN is an additional security mechanism against possible software attacks. It prevents the kernel or hypervisor from accessing user-space (EL0) memory directly. This option will cause any unprotected (not using copy_to_user et al) memory access to fail with a permission fault.

When supported by your hardware, you should fine this line in the kernel log:

CPU features: detected: Privileged Access Never

ARMv8.1 - LSE (Large System Extension) atomics

Version: Tumbleweed Fully enabled by default.


The atomic instructions can be used as an alternative to Load-exclusive/Store-exclusive (ldx/stx) instructions (ARMv8.0), to improve the implementation of atomic memory updates in very large systems.

With GCC 9.3.1+, you can enable/disable out-of-line atomics with -moutline-atomics and -mno-outline-atomics that choose the correct path at runtime.

With GCC 10.1+, out-of-line atomics are enabled by default, so Tumbleweed have it enabled since snapshot 20200602.

If you want to test it with qemu and your host does not support it, use -cpu max and disable kvm (slow), please note that you need qemu 3.0, or later.

When supported by your hardware, you should fine this line in the kernel log:

CPU features: detected: LSE atomic instructions

ARMv8.2 - SVE (Scalable Vector Extension)

Version: 15.1+ Disabled by default, requires gcc8 with explicit option.


SVE is the next-generation SIMD instruction set for AArch64, which includes a scalable vector length.

With GCC8+, you can enable SVE support by adding +sve to -march=xyz or to -mcpu=xyz. It is not enabled by default since SVE is only supported on ARMv8.2+ hardware.

If you want to test it with qemu and your host does not support it, use -cpu max and disable kvm (slow), please note that you need qemu 3.1, or later.

When supported by your hardware, you should fine those lines in the kernel log:

CPU features: detected: Scalable Vector Extension
SVE: maximum available vector length 256 bytes per vector
SVE: default vector length 64 bytes per vector

ARMv8.2 - FP16/FPHP (Half-precision Floating Point)

Version: 15.1+ Disabled by default, requires gcc7 with explicit option.


FP16 is a half precision floating point format (on 16 bits), optional on ARMv8.2.

With GCC7+, you can enable FP16 support by adding +fp16 to -march=xyz or to -mcpu=xyz. It is not enabled by default since FP16 is only supported on some ARMv8.2+ hardware.

ARMv8.3 - PAuth (Pointer Authentication)

On ARMv8.3 hardware and newer, it allows to sign and authenticate pointers against secret keys. The purpose of this pointer authentication is to mitigate ROP attacks and other potential buffer-overrun-style attacks.

For more information, you can watch the video from SUSE Labs 2019 about Pointer Authentication: https://www.youtube.com/watch?v=iW3mXDSijSQ

When supported by your hardware, you should fine those lines in the kernel log:

CPU features: detected: Address authentication (architected algorithm)
CPU features: detected: Generic authentication (architected algorithm)

If you want to test it with qemu and your host does not support it, use -cpu max and disable kvm (slow), please note that you need qemu 4.0, or later.

Pointer Authentication - User-space support

Version: 15.2+ Disabled by default.


User-space support is enabled on Tumbleweed and Leap 15.2 kernels. To use it, you just need to pass -mbranch-protection=pac-ret[+leaf] or -mbranch-protection=standard (which also enables BTI) option to GCC (older GCC can use -msign-return-address, but this is deprecated in GCC9).

It is highly recommended to use GCC 10.2 and later to enable Pointer Authentication, because it includes lots of fixes!

Pointer Authentication - Kernel-space support

Version: Tumbleweed Enabled by default


Kernel-space support has been merged in kernel 5.7 and thus is not supported in Leap yet, but it is enabled by default on Tumbleweed, since snapshot 20200612.

ARMv8.3/8.4 - NV (Nested Virtualization)

Patches for Nested Virtualization on ARMv8.3+ are not included in upstream kernel yet.

ARMv8.5 - BTI (Branch Target Identification)

Version: Tumbleweed BTI enabled in kernel, but not yet in userspace


On ARMv8.5 hardware and newer, it allows to sign and authenticate Branch Target against secret keys.

With GCC9+, you can enable BTI support by adding -mbranch-protection=bti or -mbranch-protection=standard (which also enable Pointer Auth). User-space & Kernel support are enabled since snapshot 20200821 (kernel 5.8). Tumbleweed has enabled the BTI config options in the kernel, but userspace did not enable it yet:

CONFIG_ARM64_BTI=y
CONFIG_ARM64_BTI_KERNEL=y
CONFIG_CC_HAS_BRANCH_PROT_PAC_RET_BTI=y

If you want to test it with qemu and your host does not support it, use -cpu max and disable kvm (slow), please note that you need qemu 4.0, or later.

Optional 32-bit support on Armv8.x

Some Armv8.x SoCs does support 32-bit

Some Armv8.x SoCs support 32-bit, such as Ampere eMAG, HoneyComb_LX2K and more. Thus, you can use it to build and run 32-bit in userspace and kernel.

When supported by your hardware, you should fine those lines in the kernel log:

kernel: CPU features: detected: 32-bit EL0 Support
kernel: CPU features: detected: 32-bit EL1 Support


Some Armv8.x SoCs do not support 32-bit, at all

Some Armv8.x SoCs do not support 32-bit at all, such as ThunderX and ThunderX2 machines.


Some Armv8.x SoCs support 32-bit only in userspace

Some Armv8.x SoC, such as the N1SDP, support 32-bit only in userspace.

When supported by your hardware, you should fine this line in the kernel log:

kernel: CPU features: detected: 32-bit EL0 Support

On such a system, if you try to start qemu with kvm enabled with a 32-bit kernel, you will get the following error:

 qemu-system-aarch64: can't apply global host-arm-cpu.aarch64=off: 'aarch64' feature cannot be disabled unless KVM is enabled and 32-bit EL1 is supported

OBS and osc do not support those newest hardware to build for armv6/7 inside KVM, yet. See: https://github.com/openSUSE/obs-build/issues/574 But you can build for armv6/7 in a chroot.

Armv6/7 information

ARM 32-bit KVM host support removed in kernel 5.7

Arm 32-bit KVM host support has been removed in kernel 5.7 with commit 541ad0150ca4aa663a2

So, you need to use Leap if you need 32-bit KVM host support.