Wednesday, January 14, 2009

OpenSUSE 11.1/Vista/Ubuntu Part 1: Choosing and Installing OpenSUSE

I've decided to write about my usage of OpenSUSE and Vista on my new machine. In this post I'll discuss choosing and installing OpenSUSE.

Introduction: I Want 64 Bits

When I got my new dual core, 2.53 GHz laptop with 4GB of RAM, it came with a 32 bit operating system: Vista Home Premium 32 bit.

Now nearly nobody really needs a 64 bit operating system these days, not yet. But since I need simultaneous access to multiple operating systems, short of carrying more than one notebook around, the simplest answer is to use virtual machines. Modern operating systems are RAM hungry, so to run these multiple virtual machines, I plan on bringing the RAM up to 8GB as soon as it becomes less than insanely expensive. For now 4GB of RAM will be enough.

Now I should note here that the copy of Vista as installed on this machine dutifully reports all 4GB of RAM, which normally 32 bit Vista does not. 32 bit Vista normally can't use all 4GB of RAM because it is using some of that address space for other things. I was surprised to see all 4GB available, and double checking I confirmed that it was, indeed 32 bit Vista. It must be the case that Vista has been configured with PAE (Processor Address Extension) enabled. This extends the virtual address space, leaving room in the address space for all the physical RAM and Vista's other memory address uses. So I have plenty of RAM to run three or four copies of Windows XP on virtual machines if I want to, and performance isn't bad.

Still, I expect that virtual machine performance would be better under a 64 bit operating system rather than a 32 bit one and I expect to upgrade to more RAM later so I can allocate enough memory to run larger virtual machines. Unfortunately Microsoft doesn't provide an 32 to 64 bit upgrades for users with 32 bit Vista that comes with the machine. To find out whether 64 bit makes a difference, I'd have to shell out for a brand new license. Rather than do that, I decided to install 64 bit Linux. But which one?

Choosing OpenSUSE over Ubuntu

I've been using Ubuntu as my main operating system for the past several years. Before that I'd used Debian (which I'd downloaded over a modem in 1996), than SUSE, and after that Mandrake (now Mandriva). I'd been a happy KDE user before switching to Ubuntu; there are still some KDE features I missed, but after a couple of years I'm pretty satisfied with Gnome.

Given this, it was logical for me to go for Ubuntu 8.10 64 bit, however I ran into a problem with the installer: it showed only a white screen after booting. Using the Alt-F2 keystroke, I brought up a shell window and saw that Ubiquity, the Ubuntu installer, was running. A little Googling showed that others trying to install 8.10 on recent hardware had the same issue. One of the answers was to give the installer boot argument "vga=771", which is hexadecimal 0x303. To make a long story short, this is supposed to tell the kernel that the display is 800x600 with 256 colors. Unfortunately, this didn't work.

Now I am generally happy with Ubuntu, but there are certain things about it that have been thorns in my side over the years. One is that every time there is a kernel update, it seems to break some hardware I use. Oddly enough, the stock Debian kernels seem to be OK most of the time. So I wasn't looking forward to solving this one. Perhaps there was a problem in Ubuntu's 64 bit kernel.

So I decided to research who had successfully used Linux on my laptop model, the Asus F8VA-C1. It turns out that OpenSUSE is reported to work completely with this hardware. I'd been happy with SUSE before it became part of one of the Evil Empire's satellites, so I decided to give OpenSUSE 11.1 a whirl; in the meantime I'd get a chance to look at developments in KDE.

Installing OpenSUSE

I personally hate distro reviews that focus on installation, which is the least important aspect of an operating system... provided it works. However there were some noteworthy occurances in installing OpenSUSE 11.1.

I opted for the net install of OpenSUSE, rather than downloading the full DVD, figuring I wanted to install a minimal system. SUSE's install screen is a beautiful, emerald green, not that it matters. The installation process, while tarted up in all kinds of GUI makeup, is in function and spirit not far removed from the ancient Red Hat text based installers of the late early 2000s.

The net install is probably a mistake, unless you have your own repository to install from. On the plus side, the display on the laptop was being driving correctly, and the wifi card was dectected and configured flawlessly. The download speed was extremely erratic. Sometimes a seven megabyte package would download in under a minute, then a 100K package would take two or three minutes. Then the downloads stopped entirely, and (using the Alt-F1 key) I got a shell console and figured out that the wireless card had somehow become unconfigured. Bizarre. I manually restarted wpa_supplicant and things resumed at their snail's pace. So netinstall is not for beginners.

Finally, the installation process simply halted. The net install runs like this: download a package, install the package; download another package, install that package; repeat for 2000+ packages in a basic installation. For some reason, after it downloaded grub (the boot loader that starts the operating system at power up), it installed it, hanging at "100%".

Bugger this. It'd taken about four hours to reach this point, and I wasn't going to spend another four hours to get to the same impasse. Instead I downloaded the DVD installation. After going through the same preliminaries, I was surprised to find that the DVD install took just as long; it was downloading the packages over the network. Apparently I'd missed an option about whether to use the local copies or to download, and it chose to download by default.

In any case, it was late at night, after spending hours on the net install, so I decided to let the net install run all night. If the wifi didn't turn off mysteriously, it should be done in the morning. In the morning, I discovered that the installation process was hung.... once again on grub, the boot loader. Switching to a command console and running "top", the process that was using the most CPU was, indeed "grub". Odd, that the installer would run grub at this point. Every Linux installer I'd ever used set up booting at the very end. It makes sense, especially if you're dual booting. Why screw up booting over a half installed OS? So I simply killed the grub process, and the installation continued.

WHen it finally finished, I rebooted with trepidation. Would interrupting the grub installation make the system unbootable? Nope. Everything starts up fine. After all the time it took, I'd have been seriously peeved if it didn't.

I now had a (more or less) functional copy of OpenSUSE 11.1.

Conclusions, Part 1

Linux reviews usually overemphasize the installation process. First of all, it's a very small part of the user experience. Also, getting Linux onto the hard disk and booted was never all that difficult, even in back in 1996. What was hard was getting the X window GUI to work, and getting the sound card working with a kernel. Those were real headaches, but fortunately these things have been painless for many years now. You might not get 3D acceleration working on every video card, but most people don't need it.

Still, when an installer simply doesn't work, that's an important detail.

Hardware support is both the great strength and weakness of Linux. If you have an old piece of hardware lying around, say an old USB wifi adapter, chances are you can plug it into a Linux box and it will work. If it was designed to work on a PC, you can usually use it on Mac hardware running Linux. Device manufacturers don't support Linux, so Linux developers build drivers that last.

On the other hand new hardware presents a problem to the Linux user. Manufacturers don't bother creating Linux drivers, so often you'll have to wait until somebody with the skills figures out how to get it working. Still most of the time, even on newly purchased systems, Linux installation is straightforward. This particular laptop, however, is the exception.

My laptop's hard ware, while relatively new, is far from exotic. It has the Intel PM45 chipset, which is fairly standard on high end notebooks these days. The PM45 chipset is pretty much what you want to have if you really want to run Vista reasonably well (more on this in upcoming installments). The F8VA has an ATI Mobility Radeon HD 3650 graphics adapter. Basic 2D operation should work (actually 3D seems to work fine under OpenSUSE).

Still, the Ubuntu installer issues are pretty much what you expect for hardware that has been out for less than a year; it's to OpenSUSE's credit that it handles the hardware more or less perfectly. What is a real concern is that OpenSUSE's installer hangs.

Most people, even those accustomed to installing Linux, would not have got OpenSUSE installed, and as it was it took an unconscionable amount of time. I don't ask that an installer be beautiful; it just has to work. It has never been that difficult to get Linux running, so long as the installation program does what it is supposed to, and OpenSUSE's does not.

It makes me wonder about the priorities and overall quality of the distribution, that the installer should look good, but not do the job. It turns out that this is not entirely limited to OpenSUSE's installer. OpenSUSE 11.1 is quite admirable in certain respects, especially it's visual polish which is on par with any other modern operating system. It has a number of serious shortcomings that lead me to think that it wasn't very well tested before release.

Next: OpenSUSE 11.1 and KDE 4

Unbricking an ASUS F8VA after Changing BIOS Settings

Recently I acquired an ASUS F8VA Laptop with Vista Home Premium on it. I'll be reviewing Linux and Vista on this device, but first I'm going to note it is possible to brick the thing with BIOS settings, which I promptly did. I'll post directions for getting out of that mess first, in case any other people encounter similar problems.

My plan was to set aside the Vista disk and buy a new disk to run 64 bit Ubuntu. For some reason this laptop comes with only 32 bit Vista, and I plan to run very large virtual machines on it. As soon as 8GB of RAM becomes less the $200, I'm installing it. In the meantime I started to poke around in the BIOS as is my usual custom. I came across this innocent sounding entry: "Intel TXT(LT) [Disabled]". The help text in this machine's BIOS are really utterly useless; typically the text will be something like "Choose enable to use Intel TXT(LT) feature." No explanation of what this might be or whether it's a good or bad idea. Googling brought up this explanation:

Intel Trusted Execution Technology for safer computing, formerly code named LaGrande Technology, is a versatile set of hardware extensions to Intel® processors and chipsets that enhance the digital office platform with security capabilities such as measured launch and protected execution. Intel Trusted Execution Technology provides hardware-based mechanisms that help protect against software-based attacks and protects the confidentiality and integrity of data stored or created on the client PC. It does this by enabling an environment where applications can run within their own space, protected from all other software on the system. These capabilities provide the protection mechanisms, rooted in hardware, that are necessary to provide trust in the application's execution environment. In turn, this can help to protect vital data and processes from being compromised by malicious software running on the platform.

OK, that sounds interesting. It sounds like a kind of hardware based choot jail. This laptop has a recent processor and the new Intel PM45 chipset. Actually, the hardware on this system is so new it's a bit of chore getting Linux running. What would Vista make of this being enabled? If Vista wouldn't boot, I could just F2 back to BIOS setup, right?

Wrong. This feature requires a TPM (Trusted Platform Module) chip to work properly, and if it's not there then the system will not only not boot, it won't let you get back to the BIOS settings to turn that pesky feature off. That wouldn't be exactly secure, would it? Curiously, you can boot ASUS's Splashtop environment, even though you aren't allowed into BIOS settings and can't boot the OS. I'll get back to that at the moment, but for now I'll get right to the unbricking process.

The aim of this procedure is to clear the BIOS settings by removing the motherboard battery for a few minutes. This battery provides the tiny amount of power needed to maintain the BIOS settings and to run the motherboard clock while the system is turned off. It is a large button or watch style battery, typically a CR2032, and usually lasts for many years before it needs replacing. It's also usually fairly easy to access. Usually. Not here. The battery lies between the DVD drive and the video card. You're going to have to disassemble the laptop to get at it.

You will need a small phillips head screwdriver. You might be able to use a jeweler's screwdriver but a precision screwdriver slightly larger would be ideal. You will need something like a small common or flathead screwdriver to release the keyboard. Then you'll need something to act like a pair of tweezers (tweezers are ideal, but the swiss army type are too short) or alternatively a very thin, sharp thing to pry with, like an old fashioned razorblade or (if you work on Macs) a really thin putty knife.

This procedure will void your warranty. It will also almost certainly cause a small amount of cosmetic damage to your laptop, unless you are experienced, careful, and have the appropriate tools and workspace. I chose to do this because I don't care how the laptop looks and can't be bothered waiting weeks for an RMA replacement.

(0) Prepare a work area. A large towel on the table will protect your laptop case, and provide a contrasting color to make finding those tiny screws easier.

(1) Remove the power sources from the machine. Unplug the power adapter, then turn the machine over and remove the battery. If you have trouble figuring out how to remove your battery, you should stop here!

(2) Remove the DVD drive. It is secured with two screws, one located on the bottom of the machine roughly an inch behind the DVD eject button. The other is further towards the centerline of the machine near some vent holes. I find laying out the screws on the table in the same physical relationship they have on the laptop makes reassembly faster. Pull the drive out and set it aside.

(3) Remove the hard disk. The cover is secured by three screws. Set aside the cover in your screw layout with the screws in the holes. Once the cover has been removed, the hard disk can be extracted by pulling it away from the connector, then up.

At this point let me note that I didn't completely disasemble my laptop, because doing so would require removing the strip that contains the buttons abovethe keyboard. This would probably be neater and easier, but I didn't have anything handy that woudl do it without leaving some really nasty dings in the plastic. So I opted to get the laptop apart enough that I could reach the battery with a pair of tweezers from the video card side. For that reason we'll remove the video card cover.

(4) Locate and remove the video card cover. It's a large cover located adjacent to the power adapter plug, and has your Vista sticker on it. It's held on by three or so small screws. Remove the cover, put the screws into the holes for safekeepign, and set it aside in your screw layout area.

(5) Remove the screws that would have been visible before you started removing covers and set them aside, including one that secures a little right angle cover along the rear next to the modem port. Set them and the right angle cover aside in your layout area.

(6) Remove the screw next to the wireless card, which was underneath the hard disk cover. The wireless card has black and white antenna wires attached to it. You can see that the screw next to it secures the plastic back to something below. It's been a few days, but I don't think it's necessary to remove the wireless card itself. If you do, you'll have to remember to put it back and the antenna wires; the gold connectors on the end just push on and pull off.

(7) Remove the two screws in the rear of the machine.

(8) Turn the machine over.

(9) Free the keyboard. If you look at the space above the top row of keys, you'll see four black plastic clips. They work just like the bolt attached to a doorknob; they are spring backed with a trianglular cross section, which means the pop put of the way when the keyboard is pressed down on them, but won't allow the keyboard to be pried up. Using your small flat screwdriver, push the rightmost clip back, and insert a swiss army knifeblade or similar to the right of the clip. Use the blade to gently pry up the keyboard so the top edge clears the rightmost clip.

Keeping the knife in place, push back the second clip from the right and pry up so the keyboard clears that. Repeat until the keyboard clears all four clips.

(10) Remove the keyboard. The keyboard is now attached to the computer by a thin ribbon cable. On the computer side, the cable is locked into the connector by a white strip of plastic on the connector. That strip moves a fraction of a mm in (towards the rear of the computer) to lock and out (towards the front) to unlock. Unlock the cable and gently pull it out. The keyboard is now free. Set it aside.

(11) Remove all the screws under the keybaord and set them aside.

(12) (optional) Remove any screws under panel above the keyboard that has the LEDS and buttons. I didn't opt for a complete disasembly, which would make the next steps easier. Presumably, the remaining screws are under this panel. The thin silver plastic strips to the left and right of the buttons are held in by friction (I believe). You could pry out these strips with a knife or a sharpened metal putty knife (if you work on Macs you have such a thing). The thing is that unless you have the putty knife prying tool, you're going to gouge the soft plastic. After removing this, you'd fiddle around, and presumably discover the remaining screws holding things together. Someday you'll want to do this, when the backlight of your notebook starts acting flaky. This is normally where the inverter board that powers the backlight lives.

(13) Locate the battery. If you sight down the DVD bay, you'll see the battery, which is about the size of a US quarter, in its black pastic holder, at the right of the far end of the bay. It's actually closer to the video card, but it's easier to spot this way.

(14) Gently pry apart the black bottom plastic half of the chassis from the top, from the DVD side. If you opted for complete disassembly, I guess it should just come apart at this point. If not, you're aim here is to bend the plastic enough so you can reach in to the battery from the video card side. IMPORTANT: you don't need to force this enough to break the plastic. If it doesn' t easily pry open an inch or so near the battery, look for a screw you missed. Put someting in the gap like a paperback book to keep it pried open.

(15) Remove the battery. You don't pry the battery out; it has a spring clip. If the computer is upside down, just reach in with a screwdriver and fiddle the clip and the battery will drop out.

(16) Wait for a few minutes.

(17) Replace the battery. This step takes the most dexterity. However, you aren't going to be able to send the computer back in this state, are you? So you're just going to have to fumble at it. Turn the computer right side up (otherwise you'll be fishing the battery out as it falls). Tear of a small piece of paper to insulate the battery where you'll be grasping it with your tweezers (unless you have plastic tweezers), then carefully grasp the battery by as little edge as you can manage. From the video card side, place the battery in its holder, the minus (slightly smaller side) should face toward the motherboard. It will probably drop in a bit crooked, but a little is OK. Then push the battery down with a small screwdriver until it snaps audibly into place. Fish out the piece of paper.

(18) Reassemble the computer in reverse order. The trickiest bit is getting the keyboard ribbon cable plugged back in. These connectors are zero force; you don't have to jam anything. On the minus side, there's no friction to hold the cable in place when you let go of it, until you've pushed in the locking bar, and the stiff plastic cable will want to hop out. If you have a third set of hands hold the keyboard, you can hold the cable in place while you push in the locking bar with a small screwdriver. If you removed your wifi card, remember to put it back in and plug the antenna in.

(19) Put the battery and AC power back in, and reboot, holding down the F2 key to return to BIOS setup. You'll need to set the date.

You have now undone what five seconds of curiosity did to your computer.

Remarks and Conclusion.

If you mess around with BIOS settings, you have to be prepared for some trouble. However, the BIOS writers who put it there also decided to (a) make BIOS settings inaccessible once you changed that setting and (b) not to bother including any help text to that effect. I think it's pretty bad that users can set a BIOS settings that requires a significant hardware fix.

The whole thing is pointless from a security standpoint. This exercise proves it is not difficult for a motivated person to remove the TPM hardware and circumvent the BIOS settings. In fact there is are even simpler ways to get around this, if the point is protecting the data on the hard drive. The drive can be removed and popped into an identical computer with TPM turned off in the BIOS.

Another curious aspect of this is that while it is impossible to boot to the OS or access BIOS settings, it is possible to access Splashtop, as fast booting Linux environment that ASUS has rebranded "ExpressGate". So presumably, ExpressGate is trusted by the BIOS whereas the operating system is not. Now I've noticed a number of interesting things about ExpressGate/Splashtop. One is that my USB keyboard doesn't work. I presume the idea is that ExpressGate is an isolated, self-contained environment, and so can be trusted in ways the main operating system cannot. One of the things that is possible, I believe, is to reflash the BIOS from ExpressGate, although I expect that function is probably disabled in this kind of situation.

Still, while ExpressGate/Splashtop is supposed to be isolated, and can be run from motherboard flash memory, on this machine it is not. It is in a "hidden" partition on the same disk as the operating system. "Hidden" is a misnomer; the partition isn't in any way hidden from the operating system, it's just a notation that the operating system isn't supposed to mount the filesystem in it. The partition is perfectly visible in a disk utility.

It seems to me that the kind of paranoia that locks owners out of BIOS settings is strongly undermined by trusting an operating system on the same hard disk as the user's data and OS, especially when anyone can take the hard disk out and alter the Splashtop system. Since it is Linux, it could even be modified to do something like boot the main operating system in a virtual environment, logging all the user's keystrokes.