Ship a 64-bit (x86_64) instead of 32-bit userspace
Originally created by @Dr_Whax on #8183 (Redmine)
Currently, Tails ship an x86 (32-bit) userland but will load an x86_64 (64-bit) kernel if the system you’re using has 64-bit support.
Supporting the “32-bit userspace on 64-bit hardware” combination has historically caused lots of trouble, both for developers and for users (e.g. #11518 (closed), #9969 (closed), #5606 (closed)). Also, software built for 64-bit processors is more interesting from a security standpoint (e.g. it’s harder to bruteforce offsets/addresses, ASLR becomes stronger in that sense as is PIE support).
So, we have a few good reasons to consider switching our userspace to 64-bit. This implies to drop support for 32-bit hardware. Is it acceptable to do that in Tails 3.0, that we will release at some point between 2017Q2 and 2018Q1?
32-bit vs. 64-bit kernel stats among WhisperBack bug reports:
| 32-bit | % | 64-bit | % | |
| 2014Q2 | 31 | 15 | 171 | 85 |
| 2014Q3 | 53 | 18 | 244 | 82 |
| 2014Q4 | 34 | 13 | 226 | 86 |
| 2015Q1 | 30 | 10 | 243 | 89 |
| 2015Q2 | 27 | 15 | 155 | 85 |
| 2015Q3 | 36 | 14 | 213 | 86 |
| 2015Q4 | 17 | 7 | 210 | 92 |
| 2016Q1 | 32 | 8 | 349 | 91 |
| 2016Q2 | 14 | 6 | 201 | 93 |
| 2016Q3 | 18 | 7 | 215 | 92 |
Note that a good share of the 32-bit systems are virtual machines: e.g. in 2016Q1, 11 of the 32 32-bit systems were VirtualBox and VMware. It seems safe to assume that the hardware able to run Tails in a VM is most likely 64-bit, and is running a 64-bit host OS (this seems plausible given our current hardware requirements, and e.g. the VirtualBox ones are probably due to https://www.virtualbox.org/ticket/11037 that forces us to tell users to set up a 32-bit VM). So we should just ignore the 32-bit VMs when looking at these stats.
Other than those, we have (32 - 11) / (32 + 349) = 5.5% of bare metal 32-bit systems. On #8183 (comment 95275) we have analyzed these systems, and to sum up, among these 21 bare metal systems:
- 4 supports only 64-bit CPU so will still work once we switch to full 64-bit (let’s blame syslinux CPU auto-detection) => no regression
- 1 supports max. 512MB of RAM => is not supported currently
- 3 unknown
- 10 will be 10+ years old when we release Tails 3.x, and support max. 2GB of RAM => we can be that this hardware won’t last much longer
- the 3 remaining systems are from 2009 or 2012, and support max. 2GB of RAM
=> even including the 10+ years old systems in the equation, we’re talking of dropping support for 16 (4.2%) of systems that currently report bugs about Tails.
Feature Branch: feature/8183-64bit-userspace
Attachments
Related issues
- Related to #5606 (closed)
- Related to #9969 (closed)
- Related to #11638 (closed)
- Related to #11663 (closed)
- Related to #11734 (closed)
- Related to #11873 (closed)
- Related to #12163 (closed)
- Blocks #7505 (closed)
- Blocks #11829 (closed)
- Blocks #11518 (closed)