laptop links about

Debian Sarge 31r0a on Asus M2442cu laptop


Hardware

processor: Intel Pentium-M (dothan) 1.6GHz, 2MB l2 cache
chipset: Intel I855pm
bios: 0206
memory: 768MB ddr
hdd: 60 GB Hitachi (IC25N060ATMR04-0) 2.5" UDMA100 4200 rpm
graphics card: ATI mobility Radeon 9000 (64MB)
dvd: Toshiba DVD SD-R6372
display: 14,1 TFT XGA (1024x768)
nic: Realtek RTL8139 100Mb
component description status information
CPU Intel Pentium-M OK temperature ~48C at 600MHz
ACPI - OK
HDD Hitachi 60 GB 4200 rpm OK hdparm -t =~27mb/s
DVD +/-RW Toshiba DVD SD-R6372 OK
Graphics card ATI M9 rev2 OK glxgears = ~1900fps
USB 3 ports USB 2.0 OK mass storage device OK, mouse OK
FireWire 1 port IEEE1394 ? not tested
Sound card AC'97 OK alsa + dmix plugin
Ethernet Realtek RTL8139 OK
WiFi Intel 2200 bg OK need to compile own driver
Modem Lucent winmodem ? not used
Touchpad Synaptics OK
PCMCIA 1 slot OK tested with compact flash card reader
LPT 1 port ? not tested
IrDA 1 port OK FIR mode

Instalation

I use Debian (Sarge) 31r0a linux. The instalation is painless :). After installation there are GRUB and 2.6 kernel (default 2.6.8), so we can download latest kernel source. We'll need following packages (with Debian Sarge 31r0a) for kernel compilation:

  gcc
  kernel-package
  kernel-source (or whatever we'll use)
  libc6-dev
  tk8.3
  libncurses5-dev
We can install these packages:
  apt-get install gcc kernel-package libc6-dev tk8.3 libncurses5-dev
  cd /usr/src/
  tar xvjf kernel-source-2.6.15.1 (unpacking kernel sources into current directory)
We can configure our own kernel by these commands:
  cd /usr/src/linux-2.6.15.1/
  make menuconfig (inwoking configuration menu dialog)
  make-kpkg clean
  make-kpkg kernel_image (making kernel image, or use your own options: man make-kpkg)

Once the kernel image is build in /usr/src/ directory, we can install it (as a root):

  dpkg -i ../kernel-image-2.6.15.1_10.00.Custom_i386.deb

We can now reboot into new kernel :-)

Files:


ACPI

I'm using hibernate and cpufreqd for power and CPU management. Both are incuded on Debian DVD's. We can install these packages:

  apt-get install hibernate cpufreqd

I don't use suspend to disk feature. I save energy (when not working) by turn off LCD backlight or suspend to RAM via /proc/acpi/sleep (ACPI sleep state 3 = suspend to RAM) by hibernate command.

Hotkeys

Laptop has 6 hotkeys under display, 6 on front side (for instant cd player) and another function keys (accessible via Fn+Fx). I use instant cd player buttons for selecting the CPU speed (600 MHz or auto, 800, 1000, 1200, 1400, 1600 MHz). We can associate them with some action by acpi daemon:

Events:
  /etc/acpi/events/hibernate
  event=button[/]sleep
  action=/usr/sbin/hibernate -F /etc/hibernate/hibernate.conf
  
  /etc/acpi/events/hotkey 
  event=hotkey ATKD .*
  action=/etc/acpi/hotkey.sh %e

Scripts:  
  #!/bin/sh
  #/etc/acpi/hotkey.sh
  case "$3" in
        00000030)       /usr/bin/amixer set PCM 1+
                        ;;
        00000031)       /usr/bin/amixer set PCM 1-
                        ;;
        00000032)       /usr/bin/amixer set PCM toggle
                        ;;
        00000050)       /etc/acpi/wlan.sh
			;;
	00000051)	/etc/acpi/touchpad.sh
			;;
	00000052)	/etc/acpi/irda.sh
			;;
        0000005c)       /etc/acpi/lan.sh
			;;
        00000040)       /etc/acpi/freqstart.sh
			;;
        00000041)       /etc/acpi/freqstop.sh && echo "800000" > \
			/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
			;;
        00000043)       /etc/acpi/freqstop.sh && echo "1000000" > \
			/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
			;;
        00000045)       /etc/acpi/freqstop.sh && echo "1200000" > \
			/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
			;;
        00000044)       /etc/acpi/freqstop.sh && echo "1400000" > \
			/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
			;;
        00000042)       /etc/acpi/freqstop.sh && echo "1600000" > \
			/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
			;;
  esac
  
  #!/bin/sh
  # /etc/acpi/freqstart.sh
  if ps -Af | grep -q 'cpufreqd'
  then
      exit 0
  else
      /etc/init.d/cpufreqd start && exit 0
  fi

  #!/bin/sh
  # /etc/acpi/freqstop.sh
  if ps -Af | grep -q 'cpufreqd'
  then
      /etc/init.d/cpufreqd stop && echo "userspace" > \
      /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor && exit 0
  else
      exit 0
  fi

  #!/bin/sh
  # /etc/acpi/lan.sh
  if ifconfig | grep -q 'eth0'
  then
      /sbin/ifdown eth0 
  else
      /sbin/ifup eth0
  fi
  
  #!/bin/sh
  # /etc/acpi/wlan.sh
  if ifconfig | grep -q 'eth1'
  then
      /sbin/ifdown eth1 && echo 0 > /proc/acpi/asus/wled
  else
      /sbin/ifup eth1 && echo 1 > /proc/acpi/asus/wled
  fi
  
  #!/bin/sh
  # /etc/acpi/touchpad.sh
  if lsmod | grep -q 'psmouse'
  then
      modprobe -r psmouse && echo 0 > /proc/acpi/asus/mled
  else
      modprobe psmouse && echo 1 > /proc/acpi/asus/mled
  fi

  #!/bin/sh
  # /etc/acpi/irda.sh

  if lsmod | grep -q 'nsc_ircc'
  then
      /etc/init.d/irda-utils stop && modprobe -r nsc_ircc ircomm_tty && echo 0 > /proc/acpi/asus/mled
  else
      /etc/init.d/irda-utils start && modprobe ircomm_tty && echo 1 > /proc/acpi/asus/mled
  fi

Files:


Graphics card

Work fine with kernel driver - DRI acceleration.


Sound card

The audio device works fine with enabled ALSA in the kernel and with the snd-intel8x0 driver. We can use alsa dmix plugin for direct mixing of multiple sound streams. We only need to create asound.conf file with propper setings, and set all program to use ALSA as output plugin (for xmms, xine, mplayer or kaffeine it's easy). We can set external player in control center/sound and multimedia/system notifications/player settings (mplayer, aplay, mpg321, etc).

Files:


PCMCIA

Works fine with cardbus yenta-compactible bridge support and pcmcia-cs package. Tested with Pretec compact flash card reader (PCMCIA ide support must be enabled in kernel configuration).


IRDA

Before configuration we have to check that following options are enabled in the kernel configuration file:

 
  CONFIG_IRDA=m
  CONFIG_IRLAN=m
  CONFIG_IRNET=m
  CONFIG_IRCOMM=m
  CONFIG_IRTTY_SIR=m
  CONFIG_IRPORT_SIR=m
  CONFIG_NSC_FIR=m

We need following packages to make IrDA works:

  irda-utils
  setserial

We can install these packages:

  apt-get install irda-tools setserial

This asks us some questions. We have to choose manual configuration in the setserial configuration dialog. After that we can edit /etc/serial.conf:

  /dev/ttyS1 uart none port 0x02f8 irq 3 baud_base 115200 spd_normal skip_test

In the irda-utils configuration dialog we choose native for IrDA device type, nsc_ircc for FIR chip type and irq=3 dma=3 io=0x2f8 dongle_id=0x09 as module option.

Files:


WiFi

We have to compile and install the latest ipw2200-1.0.10 driver and firmware from http://ipw2200.sourceforge.net. Since ipw2200-1.0.5, ipw2200 project does not include ieee80211 subsystem anymore, so we also have to compile and install it from http://ieee80211.sourceforge.net.

We can make these commands:

  cd /usr/lib/hotplug/firmware
  tar xvzf ipw2200-fw-2.4.tgz 
    
  cd /usr/src/
  tar xvzf ieee80211-1.1.8.tgz
  cd ieee80211-1.1.8
  sh remove-old (to make sure that old module is deleted)
  
  cd ..
  tar xvzf ipw2200-1.0.10.tgz
  cd ipw2200-1.0.10
  sh remove-old (to make sure that old module is deleted)

Now system is clean, we can install ieee80211:

  cd ../ieee80211-1.1.8
  make
  make install

and ipw2200:

  cd ../ipw2200-1.0.10
  make
  make install

IPsec

IPsec is an extension to the IP protocol which provides security to the IP and the upper-layer protocols. We can use it due to low security of WEP. Before instaling IPsec we have to check that following options are enabled in the kernel configuration file at least.

  #
  # Networking
  #
  CONFIG_NET=y

  #
  # Networking options
  #
  CONFIG_INET_AH=y
  CONFIG_INET_ESP=y
  CONFIG_INET_IPCOMP=y
  #
  # Cryptographic options
  #
  CONFIG_CRYPTO=y
  CONFIG_CRYPTO_HMAC=y
  CONFIG_CRYPTO_NULL=y
  CONFIG_CRYPTO_MD5=y
  CONFIG_CRYPTO_SHA1=y
  CONFIG_CRYPTO_DES=y
  CONFIG_CRYPTO_AES_586=y

We can instal it:

  apt-get install ipsec-tools racoon openssl

First we issue a 'certificate request' for our host, called 'laptop':

  mkdir /etc/racoon/certs
  cd /etc/racoon/certs
  openssl req -new -nodes -newkey rsa:1024 -sha1 -keyform PEM -keyout \
  laptop.private -outform PEM -out request.pem

This asks us some questions:

  Country Name (2 letter code) [AU]:.
  State or Province Name (full name) [Some-State]:.
  Locality Name (eg, city) []:.
  Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
  Routing & Traffic Control
  Organizational Unit Name (eg, section) []:hovado
  Common Name (eg, YOUR name) []:.
  Email Address []:.

  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:

We'll now 'self sign' this request:

  openssl x509 -req -in request.pem -signkey laptop.private -out laptop.public
  Signature ok
  subject=/CN=hovado
  Getting Private key

The 'request.pem' file can now be discarded.

Second we issue a 'certificate request' for our host, called 'server':

  mkdir /etc/racoon/certs
  cd /etc/racoon/certs
  openssl req -new -nodes -newkey rsa:1024 -sha1 -keyform PEM -keyout \
  server.private -outform PEM -out request.pem

This asks us some questions:

  Country Name (2 letter code) [AU]:.
  State or Province Name (full name) [Some-State]:.
  Locality Name (eg, city) []:.
  Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
  Routing & Traffic Control
  Organizational Unit Name (eg, section) []:hovado
  Common Name (eg, YOUR name) []:.
  Email Address []:.

  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:

We'll now 'self sign' this request:

  openssl x509 -req -in request.pem -signkey server.private -out server.public
  Signature ok
  subject=/CN=hovado
  Getting Private key

The 'request.pem' file can now be discarded.

Once we have a public and a private key for our hosts we can setup racoom to use them. To the /etc/racoon/racoon.conf file on 10.10.10.1 (server), we add:

  path certificate "/etc/racoon/certs";

  remote 10.10.10.2
  {
          exchange_mode main;
          my_identifier asn1dn;
          peers_identifier asn1dn;

          certificate_type x509 "server.public" "server.private";

          peers_certfile "laptop.public";
          proposal {
                  encryption_algorithm 3des;
                  hash_algorithm sha1;
                  authentication_method rsasig;
                  dh_group 2 ;
          }
  }
  sainfo anonymous
  {
  	  lifetime time 30min;
  	  encryption_algorithm 3des;
	  authentication_algorithm hmac_md5;
	  compression_algorithm deflate;
  }

And to the /etc/racoon/racoon.conf file on 10.10.10.2 (laptop), we add:

  path certificate "/etc/racoon/certs";

  remote 10.10.10.1
  {
          exchange_mode main;
          my_identifier asn1dn;
          peers_identifier asn1dn;

          certificate_type x509 "laptop.public" "laptop.private";

          peers_certfile "server.public";
          proposal {
                  encryption_algorithm 3des;
                  hash_algorithm sha1;
                  authentication_method rsasig;
                  dh_group 2 ;
          }
  }
  sainfo anonymous
  {
  	  lifetime time 30min;
  	  encryption_algorithm 3des;
	  authentication_algorithm hmac_md5;
	  compression_algorithm deflate;
  }

Now that we've added these statements to both hosts, we only need to move the key files in place. The 'server' machine needs server.private, server.public and laptop.public in /etc/racoon/certs. The 'laptop' machine needs laptop.private, laptop.public, and server.public in /etc/racoon/certs. In other words, each host needs its own public and private key and additionally, the public key of the remote. Make sure that certificate directory is owned by root and has mode 0700 or racoon may refuse to read it!

Now we have to setup our desired policy. To the /etc/ipsec-tools.conf file on 10.10.10.1 (server), we add:

  #!/usr/sbin/setkey -f

  flush;
  spdflush;

  spdadd 10.10.10.1 10.10.10.2 any -P out ipsec
      esp/transport//require;
                      
  spdadd 10.10.10.2 10.10.10.1 any -P in ipsec
      esp/transport//require;

And to the /etc/ipsec-tools.conf file on 10.10.10.2 (laptop), we add:

#!/usr/sbin/setkey -f

  flush;
  spdflush;

  spdadd 10.10.10.2 10.10.10.1 any -P out ipsec
      esp/transport//require;
                      
  spdadd 10.10.10.1 10.10.10.2 any -P in ipsec
      esp/transport//require;

We are now ready to launch racoon:

 
  cd /etc/init.d
  ./setkey start
  ./racoon start

With this configuration, we'll no longer accept any non-IPsec packets from 10.10.10.1 (10.10.10.2), and will also send only IPsec packets to that host.

To pass IPsec traffic through a firewall, we'll need the following ports/protocols open in both direction:

Files:


Change log:

19.02.2006

21.01.2006

TuxMobil - Linux on Laptops, Notebooks, PDAs and Mobile Phones Valid HTML 4.01 Transitional