Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Kernel PTI disabled

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 7 Posters 23.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      revengineer
      last edited by

      Question regarding kernel PTI. In the advanced options, I do NOT check the box "Disable the kernel PTI." My understanding is that in this case kernel PTI is ENABLED. Yet under system information on the dashboard, Kernel PRI is listed as DISABLED. Is this a bug in pfsense or in my head?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What hardware are you running?

        Steve

        1 Reply Last reply Reply Quote 0
        • C
          cosmoxl
          last edited by

          I'm running with a AMD A6-7400K Radeon R5 and it looks like Kernel PTI isn't supported?  The option is unchecked, as default.

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            The CPU (being AMD) is not vulnerable to meltdown etc so whatever you select in the options makes no difference to the kernel.

            1 Reply Last reply Reply Quote 0
            • S
              Stugots
              last edited by

              I noticed this as well on my APU2.

              PC Engines APU2C4

              1 Reply Last reply Reply Quote 0
              • R
                revengineer
                last edited by

                Thank you for the responses and the key pointer. I totally "forgot" that the pfsense instance in question is indeed running on an AMD APU, which is not sensitive to the metldown bug addressed by this setting. Case closed.

                1 Reply Last reply Reply Quote 0
                • P
                  pablot
                  last edited by

                  But what happens if on an AMD processos (FX-8350) you have an emulated Westmere E56xx/L56xx/X56xx (Nehalem-C) CPU?

                  I have PTI DISABLED (no matter if I put or not the check in the advanced option) so it detects the real CPU instead of the emulated one?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Seems like it's not emulating it very well then if the host CPU can still be detected.

                    Does it emulate the Meltdown vulnerabilities?  ;)  If not you probably don't need PTI anyway.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • J
                      jgaleajgalea.com
                      last edited by

                      If your vendor, HP in my case, has released a BIOS upgrade for Spectre/Meltdown do you need to enable Kernel PTI? Does it matter?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Enabling it in pfSense prevents users/processes access the memory regions of other users/processes by exploiting the Meltdown vulnerability.

                        As I understand it that only affects users/processes running in pfSense not pfSense as a VM. You need to be looking for a fix in the hypervisor for that.

                        In general Meltdown/Spectre has minimal impact for most pfSense use cases where there are not multiple users with different privilege levels running on the firewall. IMO  ;)

                        Still better to have it available than not though.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.