| component | description | status | information |
|---|---|---|---|
| CPU | Intel Pentium-M | OK | temperature ~48C at 600MHz |
| ACPI | - | OK | |
| HDD | Hitachi 60 GB 4200 rpm | OK | hdparm -t =~27mb/s |
| DVD +/-RW | Toshiba DVD SD-R6372 | OK | |
| Graphics card | ATI M9 rev2 | OK | glxgears = ~1900fps |
| USB | 3 ports USB 2.0 | OK | mass storage device OK, mouse OK |
| FireWire | 1 port IEEE1394 | ? | not tested |
| Sound card | AC'97 | OK | alsa + dmix plugin |
| Ethernet | Realtek RTL8139 | OK | |
| WiFi | Intel 2200 bg | OK | need to compile own driver |
| Modem | Lucent winmodem | ? | not used |
| Touchpad | Synaptics | OK | |
| PCMCIA | 1 slot | OK | tested with compact flash card reader |
| LPT | 1 port | ? | not tested |
| IrDA | 1 port | OK | FIR mode |
I use Debian (Sarge) 31r0a linux. The instalation is painless :). After installation there are GRUB and 2.6 kernel (default 2.6.8), so we can download latest kernel source. We'll need following packages (with Debian Sarge 31r0a) for kernel compilation:
gcc kernel-package kernel-source (or whatever we'll use) libc6-dev tk8.3 libncurses5-devWe can install these packages:
apt-get install gcc kernel-package libc6-dev tk8.3 libncurses5-dev cd /usr/src/ tar xvjf kernel-source-2.6.15.1 (unpacking kernel sources into current directory)We can configure our own kernel by these commands:
cd /usr/src/linux-2.6.15.1/ make menuconfig (inwoking configuration menu dialog) make-kpkg clean make-kpkg kernel_image (making kernel image, or use your own options: man make-kpkg)
Once the kernel image is build in /usr/src/ directory, we can install it (as a root):
dpkg -i ../kernel-image-2.6.15.1_10.00.Custom_i386.deb
We can now reboot into new kernel :-)
Files:
I'm using hibernate and cpufreqd for power and CPU management. Both are incuded on Debian DVD's. We can install these packages:
apt-get install hibernate cpufreqd
I don't use suspend to disk feature. I save energy (when not working) by turn off LCD backlight or suspend to RAM via /proc/acpi/sleep (ACPI sleep state 3 = suspend to RAM) by hibernate command.
Laptop has 6 hotkeys under display, 6 on front side (for instant cd player) and another function keys (accessible via Fn+Fx). I use instant cd player buttons for selecting the CPU speed (600 MHz or auto, 800, 1000, 1200, 1400, 1600 MHz). We can associate them with some action by acpi daemon:
Events:
/etc/acpi/events/hibernate
event=button[/]sleep
action=/usr/sbin/hibernate -F /etc/hibernate/hibernate.conf
/etc/acpi/events/hotkey
event=hotkey ATKD .*
action=/etc/acpi/hotkey.sh %e
Scripts:
#!/bin/sh
#/etc/acpi/hotkey.sh
case "$3" in
00000030) /usr/bin/amixer set PCM 1+
;;
00000031) /usr/bin/amixer set PCM 1-
;;
00000032) /usr/bin/amixer set PCM toggle
;;
00000050) /etc/acpi/wlan.sh
;;
00000051) /etc/acpi/touchpad.sh
;;
00000052) /etc/acpi/irda.sh
;;
0000005c) /etc/acpi/lan.sh
;;
00000040) /etc/acpi/freqstart.sh
;;
00000041) /etc/acpi/freqstop.sh && echo "800000" > \
/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
;;
00000043) /etc/acpi/freqstop.sh && echo "1000000" > \
/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
;;
00000045) /etc/acpi/freqstop.sh && echo "1200000" > \
/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
;;
00000044) /etc/acpi/freqstop.sh && echo "1400000" > \
/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
;;
00000042) /etc/acpi/freqstop.sh && echo "1600000" > \
/sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed
;;
esac
#!/bin/sh
# /etc/acpi/freqstart.sh
if ps -Af | grep -q 'cpufreqd'
then
exit 0
else
/etc/init.d/cpufreqd start && exit 0
fi
#!/bin/sh
# /etc/acpi/freqstop.sh
if ps -Af | grep -q 'cpufreqd'
then
/etc/init.d/cpufreqd stop && echo "userspace" > \
/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor && exit 0
else
exit 0
fi
#!/bin/sh
# /etc/acpi/lan.sh
if ifconfig | grep -q 'eth0'
then
/sbin/ifdown eth0
else
/sbin/ifup eth0
fi
#!/bin/sh
# /etc/acpi/wlan.sh
if ifconfig | grep -q 'eth1'
then
/sbin/ifdown eth1 && echo 0 > /proc/acpi/asus/wled
else
/sbin/ifup eth1 && echo 1 > /proc/acpi/asus/wled
fi
#!/bin/sh
# /etc/acpi/touchpad.sh
if lsmod | grep -q 'psmouse'
then
modprobe -r psmouse && echo 0 > /proc/acpi/asus/mled
else
modprobe psmouse && echo 1 > /proc/acpi/asus/mled
fi
#!/bin/sh
# /etc/acpi/irda.sh
if lsmod | grep -q 'nsc_ircc'
then
/etc/init.d/irda-utils stop && modprobe -r nsc_ircc ircomm_tty && echo 0 > /proc/acpi/asus/mled
else
/etc/init.d/irda-utils start && modprobe ircomm_tty && echo 1 > /proc/acpi/asus/mled
fi
Files:
Work fine with kernel driver - DRI acceleration.
The audio device works fine with enabled ALSA in the kernel and with the snd-intel8x0 driver. We can use alsa dmix plugin for direct mixing of multiple sound streams. We only need to create asound.conf file with propper setings, and set all program to use ALSA as output plugin (for xmms, xine, mplayer or kaffeine it's easy). We can set external player in control center/sound and multimedia/system notifications/player settings (mplayer, aplay, mpg321, etc).
Files:
Works fine with cardbus yenta-compactible bridge support and pcmcia-cs package. Tested with Pretec compact flash card reader (PCMCIA ide support must be enabled in kernel configuration).
Before configuration we have to check that following options are enabled in the kernel configuration file:
CONFIG_IRDA=m CONFIG_IRLAN=m CONFIG_IRNET=m CONFIG_IRCOMM=m CONFIG_IRTTY_SIR=m CONFIG_IRPORT_SIR=m CONFIG_NSC_FIR=m
We need following packages to make IrDA works:
irda-utils setserial
We can install these packages:
apt-get install irda-tools setserial
This asks us some questions. We have to choose manual configuration in the setserial configuration dialog. After that we can edit /etc/serial.conf:
/dev/ttyS1 uart none port 0x02f8 irq 3 baud_base 115200 spd_normal skip_test
In the irda-utils configuration dialog we choose native for IrDA device type, nsc_ircc for FIR chip type and irq=3 dma=3 io=0x2f8 dongle_id=0x09 as module option.
Files:
We have to compile and install the latest ipw2200-1.0.10 driver and firmware from http://ipw2200.sourceforge.net. Since ipw2200-1.0.5, ipw2200 project does not include ieee80211 subsystem anymore, so we also have to compile and install it from http://ieee80211.sourceforge.net.
We can make these commands:
cd /usr/lib/hotplug/firmware
tar xvzf ipw2200-fw-2.4.tgz
cd /usr/src/
tar xvzf ieee80211-1.1.8.tgz
cd ieee80211-1.1.8
sh remove-old (to make sure that old module is deleted)
cd ..
tar xvzf ipw2200-1.0.10.tgz
cd ipw2200-1.0.10
sh remove-old (to make sure that old module is deleted)
Now system is clean, we can install ieee80211:
cd ../ieee80211-1.1.8 make make install
and ipw2200:
cd ../ipw2200-1.0.10 make make install
IPsec is an extension to the IP protocol which provides security to the IP and the upper-layer protocols. We can use it due to low security of WEP. Before instaling IPsec we have to check that following options are enabled in the kernel configuration file at least.
# # Networking # CONFIG_NET=y # # Networking options # CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y # # Cryptographic options # CONFIG_CRYPTO=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_AES_586=y
We can instal it:
apt-get install ipsec-tools racoon openssl
First we issue a 'certificate request' for our host, called 'laptop':
mkdir /etc/racoon/certs cd /etc/racoon/certs openssl req -new -nodes -newkey rsa:1024 -sha1 -keyform PEM -keyout \ laptop.private -outform PEM -out request.pem
This asks us some questions:
Country Name (2 letter code) [AU]:. State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits Pty Ltd]:. Routing & Traffic Control Organizational Unit Name (eg, section) []:hovado Common Name (eg, YOUR name) []:. Email Address []:. Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
We'll now 'self sign' this request:
openssl x509 -req -in request.pem -signkey laptop.private -out laptop.public Signature ok subject=/CN=hovado Getting Private key
The 'request.pem' file can now be discarded.
Second we issue a 'certificate request' for our host, called 'server':
mkdir /etc/racoon/certs cd /etc/racoon/certs openssl req -new -nodes -newkey rsa:1024 -sha1 -keyform PEM -keyout \ server.private -outform PEM -out request.pem
This asks us some questions:
Country Name (2 letter code) [AU]:. State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits Pty Ltd]:. Routing & Traffic Control Organizational Unit Name (eg, section) []:hovado Common Name (eg, YOUR name) []:. Email Address []:. Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
We'll now 'self sign' this request:
openssl x509 -req -in request.pem -signkey server.private -out server.public Signature ok subject=/CN=hovado Getting Private key
The 'request.pem' file can now be discarded.
Once we have a public and a private key for our hosts we can setup racoom to use them. To the /etc/racoon/racoon.conf file on 10.10.10.1 (server), we add:
path certificate "/etc/racoon/certs";
remote 10.10.10.2
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "server.public" "server.private";
peers_certfile "laptop.public";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}
}
sainfo anonymous
{
lifetime time 30min;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
And to the /etc/racoon/racoon.conf file on 10.10.10.2 (laptop), we add:
path certificate "/etc/racoon/certs";
remote 10.10.10.1
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "laptop.public" "laptop.private";
peers_certfile "server.public";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}
}
sainfo anonymous
{
lifetime time 30min;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
Now that we've added these statements to both hosts, we only need to move the key files in place. The 'server' machine needs server.private, server.public and laptop.public in /etc/racoon/certs. The 'laptop' machine needs laptop.private, laptop.public, and server.public in /etc/racoon/certs. In other words, each host needs its own public and private key and additionally, the public key of the remote. Make sure that certificate directory is owned by root and has mode 0700 or racoon may refuse to read it!
Now we have to setup our desired policy. To the /etc/ipsec-tools.conf file on 10.10.10.1 (server), we add:
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 10.10.10.1 10.10.10.2 any -P out ipsec
esp/transport//require;
spdadd 10.10.10.2 10.10.10.1 any -P in ipsec
esp/transport//require;
And to the /etc/ipsec-tools.conf file on 10.10.10.2 (laptop), we add:
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 10.10.10.2 10.10.10.1 any -P out ipsec
esp/transport//require;
spdadd 10.10.10.1 10.10.10.2 any -P in ipsec
esp/transport//require;
We are now ready to launch racoon:
cd /etc/init.d ./setkey start ./racoon start
With this configuration, we'll no longer accept any non-IPsec packets from 10.10.10.1 (10.10.10.2), and will also send only IPsec packets to that host.
To pass IPsec traffic through a firewall, we'll need the following ports/protocols open in both direction:
Files:
19.02.2006
21.01.2006