On 27/11/2025 2:31 pm, Julian Vetter wrote: > Currently Intel CPUs in EFI mode with the "Execute Disable Bit" disabled > and the 'CONFIG_REQUIRE_NX=y' fail to boot, because this check is > performed before trampoline_setup is called, which determines if NX is > supported or if it's hidden by 'MSR_IA32_MISC_ENABLE[34] = 1' (if so, > re-enables NX). > > Signed-off-by: Julian Vetter <[email protected]>
Lovely... This isn't the only bug; there's another one from the Vates forums about AMD CPUs which I haven't gotten around to fixing yet. Do you have any more information about which system looks like this? trampoline_setup isn't executed on all EFI boots. I had a different fix in mind, but it's a little more complicated. If I do the key prep patch, would you mind trying to tackle the AMD side too? ~Andrew
