Go Retro to Build a Spectre and Meltdown-Proof x86 Desktop

[Yeo Kheng Meng] had a question: what is the oldest x86 processor that is still supported by a modern Linux kernel? Furthermore, is it actually possible to use modern software with this processor? It’s a question that surely involves experimentation, staring into the bluescreen abyss of BIOS configurations, and compiling your own kernel. Considering Linux dropped support for the 386 in 2012, the obvious answer is a 486. This supposition was tested, and the results are fantastic. You can, indeed, install a modern Linux on an ancient desktop.

This project got its start last month at a Super Silly Hackathon where [Yeo] and [Hui Jing] installed Damn Small Linux on an ancient IBM PS/1 desktop of 1993 vintage. The hardware consists of an AMD 486 clone running at 133MHz, 64 MB of RAM, a 48x IDE CDROM drive (wow!), a floppy emulator, a Sound Blaster, 10Mbps Ethernet card, and a CompactFlash to IDE adapter. By any account, this is a pimped-out rig for 1993 that would have cost more than a car at the time. The hardware works, but can you run a modern Linux kernel on it?

[Yeo] decided to install the Gentoo x86 minimal installation, but sanity and time constraints meant compiling a kernel on a 486 wasn’t happening. That was done on a modern Thinkpad after partitioning all the drives, verifying all the compilation parameters, and configuring the kernel itself. The bootloader is LILO (Grub2 didn’t work), but for the most part, this is entirely modern software running on a 25-year-old machine. The step-by-step instructions for becoming a /g/entooman on a 486 are available on GitHub.

The entire (boring) boot process can be seen in the video below. One interesting application of this build is that the 486 does not support out-of-order execution, making this completely safe from Meltdown and Spectre attacks. It’s an impressive retrocomputing achievement that right now could not be more timely.

89 thoughts on “Go Retro to Build a Spectre and Meltdown-Proof x86 Desktop

    1. Another option, as someone mentioned on the blog, is the BSDs…

      I did my musl builds for an AMD Geode-based industrial PC due to its limited RAM, but found even then, Gentoo didn’t run that well, but so far, OpenBSD has run fantastic on the little machine. I believe they still support i386 too.

  1. “[Yeo] decided to install the Gentoo x86..”
    bwaahahaaha

    If I had any real important stuff like private keys to a lot of crypto currency for example, i’d keep em offline just to feel safe. However, if this becomes a thing, i’m plenty happy to sell some old 386, 486 hardware at ridiculously inflated prices.
    Also still have some Cyrix 5×86’s, don’t think they’ve ever been mentioned here..
    https://en.wikipedia.org/wiki/Cyrix_Cx5x86

    1. Oh jesus shit the Cyrix?? I guess you didn’t hit it with a hammer hard enough. Those things were incompatible garbage in Pentium land (the source of many of my early computing headaches). How about some Overdrives lol? I have a couple of those IOB

        1. i cashed in on the sound card revival craze a bit back and felt vindicated lol.
          I will be embarrassed if a dial up craze comes around and there I am, pants around ankles, wishing I had all those modem cards I pulled and trashed over the last 20 years…

      1. The article says AMD, I suppose it’s been edited since you posted. I think the Cyrix 5x86s, a “Pentium” upgrade for 486 motherboards (that was a fair-sized business for a couple of years) was actually just a fast 486. With “Pentium-class” performance, but none of the Pentium architecture or extra instructions.

        My second PC had an AMD 486 DX4100. I should’ve spent the extra couple of quid and bought a Pentium 66 that was going cheap at the time (since the 60 / 66 motherboards wouldn’t support the faster 3.3v Pentiums). But I felt happier round 486 hardware. Also featured the famous “writeback” cache. Where “writeback” meant “entirely made of plastic, no silicon in these chips”. I had Trading Standards out, but nothing came of it. Chinese scammers had faked up millions of “cache” SRAM chips with, as I said, no actual silicon inside. One of those Chinese money-saving optimisations we hear about.

        I noticed the speed counter on the front! Aaaah takes me back! I think they dropped those somewhere around 500MHz, the Turbo button disappearing not long before. At least some Pentiums had Turbo, to switch the bus down to 8MHz. No real reason why at that point, Turbo buttons had long since lost their connection to original IBM PC software that needed 4.77MHz or would crash.

        That 486 gave me years of happy Internetting. Back when the Internet was good!

    1. Back in the ’90’s I tried to install Linux on my “old” PC. I think it was a 25 MHz 386 with a math coprocessor (‘387). It would boot from the floppy, but when I tried to build a kernel for booting off the hard drive, it took around 40 hours to compile, and failed to boot!

      1. That reminds me of when a friend decided to install Windows 95 using a 1/2-speed CD-ROM drive. The installation took _all night_, and then when it was finished, Windows didn’t recognise the ancient CD-ROM drive!

        1. OH! The irony that only windows can cause.

          Windows 95 had three flavors – A, B and C

          Version A had lots of bugs that would cause lockups (Freezes) and I called it the 300MB mouse driver because when it would lockup the you could still move the mouse pointer around the desktop.

          Version B was just bug fixes over Version A so it was more stable but there were many hardware driver issues.

          Version C had the driver issue mostly fixed but there were still some hardware like AGP cards that would never work reliably.

      2. Yes in those days it took a lot of tinkering to get stuff going. I often copied files in place, the distributions and package management weren’t very advanced yet. It was just slackware on floppies :D

        It was very educational though!

  2. I recall a 486 booting and running a linux image off of a 1.44MB FDD in my cupboard cum comms box whose sole job was dial on demand internet when the home network needed internet access. The thing stayed up for over a year without a reboot, succumbing only to power blackouts.

    Mobile internet, adsl, cable, fibre… Kids these days don’t know how good they’ve got it….

    1. Same here. Had a passively cooled 486SX2/50 in use until 2010 as a router running Squid, thttpd, Dovecot, Qmail, BIND, Samba, and efax. I even put in a 100Base-TX ISA card as we switched from DSL to cable.

    2. I had a 486 running fli4l distro from a floppy to manage our ISDN connections and route the data to our 10BASE2 network.
      It was great at the time, since we actually had multiple computers at our house (running linux and windows) and otherwise it would’ve been a nightmare to be able to connect to the internet from all the computers.

      There was a client for windows and linux from where you could control the ISDN and see the status, so you would know if it was already connected.

      And unbelievably it is still being developed.

  3. Though isn’t the 80486+clones[Link] (Of the late release varients) got System Management Mode(SMM)?
    And isn’t the SMM vulnerable to privilege escalation via tampering with virtual address windowing (Memory Sinkhole attack – Link)?

    There are probably more… but I forgot half way in typing this.

    On the other hand… How overclockable is the architecture?
    I’m aware there will only be a reference clock as back then the RAM and CPU ran at the same speeds*. Though peripheral chipsets would of had their own clock sources and would be thrown out of sync if not tied to a common reference clock.
    Why not change out the clock source(s) with a PLL with seperate clock lines to set the system frequency above 133MHz and synchronize the chipsets?
    Also If the person whom built this PC has spare boards+RAM could datasheet search for his RAM chips for the absolute max voltage(s) to trial a small over-volt on the RAM for when the system becomes unstable at elevated System-clock references.

    *Cache was introduced (albeit rarely) on some of the later implementations and was more common on the Pentium class processors thereafter

    1. All 486s had cache, I think 8K + 8K instruction + data. On 386s it was external, and generally not present.

      From the 486 DX2’s, 486s used a clock multiplier, 2x and then 3x, and 4x for a couple at the very end. PCI would run at 25 or 33MHz, CPU would run at an integer multiple of that, ISA at 8MHz as usual, sometimes with an option for up to 12 depending on your main clock frequency.

      Over-clocking, almost no chance. That started with the Pentium Celerons 233s, IIRC. Yields were very good on the faster chips, pricing meant the 233s were popular, so Intel marked down a lot of faster chips. So you weren’t really “over”-clocking, just actual-clocking. De-underclocking. Then the whole thing took off, became something of a geek sport, and motherboards started coming with all sorts of wierd tweaking features. Same time advanced cooling arrived. All thanks to Intel’s greed.

  4. Here is the link-less version whilst the link referenced one get approved:

    Though isn’t the 80486+clones[Link-less] (Of the late release varients) got System Management Mode(SMM)?
    And isn’t the SMM vulnerable to privilege escalation via tampering with virtual address windowing (Memory Sinkhole attack – No Link)?

    There are probably more… but I forgot half way in typing this.

    On the other hand… How overclockable is the architecture?
    I’m aware there will only be a reference clock as back then the RAM and CPU ran at the same speeds*. Though peripheral chipsets would of had their own clock sources and would be thrown out of sync if not tied to a common reference clock.
    Why not change out the clock source(s) with a PLL with seperate clock lines to set the system frequency above 133MHz and synchronize the chipsets?
    Also If the person whom built this PC has spare boards+RAM could datasheet search for his RAM chips for the absolute max voltage(s) to trial a small over-volt on the RAM for when the system becomes unstable at elevated System-clock references.

    *Cache was introduced (albeit rarely) on some of the later implementations and was more common on the Pentium class processors thereafter.

    ………

  5. Could do what I did a few times. Use the AMD 586, ‘hotwired’ to force it to 4x multiplier, set the bus speed to 40Mhz. Ideally you’ll want a motherboard that has 3.3V CPU supply but those chips are 5V tolerant, especially the version with lower TDP. Just needs adequate cooling. Pretty snappy CPU at 160Mhz but it does need fast enough SRAM in the L2 cache chips.

    I had a Micron board with a 50Mhz bus speed setting and the AMD chip would run fine at 200 Mhz. Unfortunately at the time I couldn’t afford the faster L2 chips it needed so it was only stable at 200 Mhz with L2 turned off, which made it perform much worse than at 160 with L2 enabled. IIRC the L2 had to be 10ns or faster for 50 Mhz.

    50 Mhz would also need a VLB video card capable of handling the speed. I had one but don’t recall make/model. I don’t recall ever encountering a PCI 486 board with a 50 Mhz option.

    Next in the ‘unicorn zone’ would be an AMD K6-III+ with 5x multiplier with FSB clocked over 100 Mhz. They can be really fast but they (and the K6-2+) are exceptionally picky about motherboards. AMD bailed on them early so they wouldn’t compete against their own Slot A Athlon.

    1. No.

      It might use branch prediction to prefetch the opcode for the next instruction, but it doesn’t do speculative execution — it won’t *execute* the instruction until after the branch destination has been determined. Meltdown relies on the processor executing multiple instructions speculatively.

  6. If you want to ensure you are not hit by spectre/meltdown, then it’s much easier to just disable the L1/L2 cache in the CPU. Most likely it will still be faster then your 468, and as both attacks depend on timing measurements on things being in cache or not. Disabling the cache will render the attack useless.

    1. I came to say the same thing; many BIOS Setup on more recent systems have options to disable cache. No cache, then no exploit. Not to say that running without cache on these later processors isn’t painful, but as you say, they should be faster than a 486 – essentially RAM speed becoming the determining factor.

  7. Ancient ATA tops out at what- 100Mb/sec after all those overheads, assuming 486 and chipsets aren’t bottlenecking? A decent quality CF card is more than fast enough for a 486

    1. Ancient ATA (now called PATA) had several speeds. The original was ATA33 MHz then DMA66 then UDMA133 (Ultra Direct Memory Access). Then there was a UDMA233 but I never saw an implementation of it.

      A CF card is only faster on a different bus to the ATA bus. The CF specification is part of the PCMCIA specification and the PCMCIA (and now Express Card spec) runs on a PCI bus.

      From my memory (which may be wrong) 486’s had ISA (8 bit) and EISA (16 bit) buses but not PCI.

      A CF to UDMA133 converter would still be faster than any hard drive you cold find that is old enough to run on a UDMA port but would still be limited to 133MHz and not the CF cards actual higher speed.

      1. Intel Saturn was a 486 chipset that did have PCI. But in those days PCI was still very buggy. Few PCI cards used bus mastering and those that did, like the Bt848, had to implemented workarounds for specific chipsets.

        1. There was even at least one board with both 386 and 486 CPU sockets along with both VLB and PCI slots. Could only install one CPU or the other, and the 386 couldn’t use PCI cards but the 486 could use both.

          IIRC one of those models had the infamous fake L2 cache chips. It also had a COAST slot that wasn’t actually COAST compatible. There were real L2 modules for them but they were hard to find.

      2. fastest was UDMA150, no UDMA233
        PCMCIA envelops both 16 bit isa based, and later PCI based cardbus standards.
        afaik there are no UDMA capable 486 compatible HDD controllers, pio 4 was the fastest. This of course would not be a problem as 486 will struggle to reach over 10MB/s

  8. You don’t have to go all the way back to 486. Pentium M and early (pre 2013) Atom CPUs aren’t vulnerable. Those are slow by today’s standards but still perfectly capable of running modern OSes.

      1. That’s interesting, I’ve read that Pentium M (and first gen Atom which is derived from it) were excluded because they handle branching and execution differently from Intel’s standard x86 design. Raspberry Pi boards are also unaffected, btw.

        https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-worst-cpu-bugs-ever-found-affect-computers-intel-processors-security-flaw

        https://krebsonsecurity.com/2018/01/scary-chip-flaws-raise-spectre-of-meltdown/

        https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

        1. Depends on what you call a “standard x86”.

          The Pentium M (mobile) had a standard Pentium core with the previous generation of Front Side Bus (FSB). The older and slower FSB consumed far less power prolonging battery time for mobile devices.

          1. Every Pentium M machine I’ve used also had to have a non-PAE Linux kernel because even though the CPU supported PAE, the mainboard’s memory controller didn’t report that to the kernel and it would either panic or refuse to boot with some distros. I had to use special non-PAE versions of Debian-based distros (Slackware always worked fine since its 32 bit build had support for 486 and up).

    1. There was a Celeron M based bar till we’ve looked at (a one-off per call type rolling contract), the CPU had no cache what so ever… Yep, No cache and it was passively cooled.
      It was paired with a GM915 and a stick of desktop 1GB DDR2, and as usual had more RS232 ports than anyone around here could of dreamed of (something like 16 ports on the board with only 7 of them in use: 6X peripheral + 1X touchscreen).

      Anyone here whom made embedded PCs for touchscreen displays and bar tills know what model of Celeron M it was?
      I’m sure I’ll find out when the next one needs a beer dissolved off of the casing and screen some point within the year.

  9. One thing to note about trying to run Linux on any of the pre-Pentium Pro CPUs: Linux kernels tend to be compiled these days requiring PAE (“Physical Address Extension”) support. You won’t be able to boot e.g. stock Ubuntu on a Pentium or lower because of this.

    Incidentally, some of the earliest Pentium M processors *claim* not to support it, but actually do. This bit me in the past trying to install to a laptop. It refused to boot without a special “-forcepae” kernel param in the bootloader, triggering an override to the detected CPUID, and everything worked fine afterwards.

    FreeBSD and the rest don’t support PAE on 32-bit, instead saying “if you need more than 4gb RAM, go x86_64 already!”

    1. I ran into that installing Lubuntu onto an old laptop with the first generation PAE supporting Intel CPU. It just neglects to inform the outside world that it has PAE. Sort of pointless to run a PAE requiring kernel on them since none of the chipsets compatible with those CPUs can support more than 4 gig RAM.

      Despite the “light” build of Ubuntu it was still really slow, even with RAM maxed out and a higher RPM hard drive installed. Had much difficulty getting it to download and install updates.

  10. “…but sanity and time constraints meant compiling a kernel on a 486 wasn’t happening.”

    Why not? Once you select all your options you can just walk away and come back days later. This has me thinking about getting a 486 and trying it. Setting all the kernel options and make flags shouldn’t take any longer than on a new machine. It’s just ASCII menus and a text editor. The only real challenge would be finding a 486 compatible live cd that is modern enough to run the build.

    Then I could point a webcam at it, live-cast it through Youtube and see how many people actually watch it!

    Now I wish I had saved one of my old 486 motherboards from way back when. :-(

  11. I have a Cannon innova 486 computer in my closet.
    I was looking for manuals when my internet was down,
    So I called customer support,
    They said:
    That product is not
    [lowers glasses]
    Cannon

  12. If you really really wanted a 486 to be usable then I think maybe an old-school Linux guru working completely from scratch, not even a source based distro like Gentoo might be able to do it.

    I am thinking no udev or whatever is used for hardware abstraction these days. Just manually created node files referencing static hardware in /dev. Of course, no systemd. I saw SELinux in those long bootup messages, could removing that speed it up? Probably no Pulse Audio, just raw ALSA. Get the number of modules down to bare minimum, better yet, compile those modules into the kernel so that it isn’t taking so much time inventorying them all.

    I am thinking this would be something that would look like a Linux distro from 1997 even though it would use source code from today.

    This will probably break fancy desktop managers that require some form of hardware abstraction to handle usb hardware coming and going but so what? Do you have usb ports anyway? Just use a simple old-school window manager.

    I suspect that modern application software would still run.

    Anyway… I am positive that this install is far from optimal for a 486. I am watching the video now and see how just sshing in while playing an mp3 causes the mp3 to stutter. And that is at 133MHz?

    I used to have a 486 66MHz in my college dorm living room. It ran web and ftp servers. It also had X and was wired into the stereo. I used to play MP3s all the time on that thing while browsing the net and chatting with friends on AIM plus ICQ. And that was in X! I also sometimes started the music from the bedroom via ssh.

    This was actually part of what convinced me to switch to Linux in the first place. I built this thing originally just to be a server. It’s location lead me to use it for the other stuff too. My Pentium 75 running Windows 95 or 98 would just about go to pieces if I tried to listen to music and do anything else at the same time!

  13. Interesting. Few notes of my own. Laptop 486 ran different voltages in some systems. Knew a few people that changes out timing crystals for more speed. What about a distributed system with dual 133mhz 486s. I wonder how many it would take to work as well as a modern system.
    What about the Transmeta CPU,

  14. I still doubt that the specter/meltdown techniques are suitable for a general non-machine/os/browser combination specific attack.

    If it turns out to be possible and used, I’ll revert some tasks perhaps back to some beige boxes.

  15. I’d love to see someone make some kind of 486 SOC that runs at 2.5Ghz or something crazy like that and make a pi-like device out of it. Perhaps with an FPGA it could be done.

    1. A FPGA, a power plant to run the FPGA and liquid nitrogen to cool it lol. FPGAs are fast but not power efficient. Even then your average FPGA tops out at about 300MHz.

      The SoC would be good though even with the industry standard 386

  16. Really surprised that they say it has an AMD CPU in it. I know that these were Intel SX 33 and DX2 66 compatible. Judging by the case this had the A motherboard in it that had the CPU soldered to the motherboard. The B boards had 2 5 1/4in drive slots, one hidden behind a pop out plastic panel and an “Overdrive” socket for CPU upgrades.

  17. The AMD 5×86 133 was totslly different than the Cyrix but came out in 1995 I think, not 1993 as stated…and it was dirt cheap at computer shows and fit into existing 486 boards. Just make sure you set the voltage jumpers correctly. For that system to be truly pimped by standards back then, you would be rocking Simm expanders and buying printer memory chips to expand the system cache at 1/4 the cost of what they charged for the same part as a PC part. I had four of those systems set aside for a Beowulf cluster at the time.

    https://en.m.wikipedia.org/wiki/Am5x86

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s