Whlist the HP netbook served its original purpose, of being a reasonably portable travel backup system, running applications such as VMware and then MS Word/iTunes on its limited 10"/1024x600 screen size started to be annoying. And during a bored conference call, I wondered if there was something a little bigger for my new requirement.
Yes indeed any recent ultrabook/MacAir would be satisfactory but the price point is ridiculous for something that would supplementary. So again, older machines were considered and the Asus s200/x202e became the front runner.
The Asus s200e/x202e is an 11.6" 1366x768 touchscreen notebook from 2012/13 offering up to an Core i3 3217u 1.8Ghz processor with non upgradable 4GB RAM and 500GB HDD. The model of interest, Asus s200e CT216, is a 2nd gen Core i3 1.4Ghz dual core chip with 4GB/500GB HDD with fast ethernet, integrated 802.11 b/g/n wifi and bluetooth and a SDHX card reader. The machine was relatively light being 1.4kg and thin with its not-intended-to-be-removed battery.
The newer, yet similarily named, Asus s200ha is a soldered on 32 GB eMMC storage device to be avoided.
$ lshw -short
H/W path Device Class Description
=======================================================
system X202E (ASUS-NotebookSKU)
/0 bus X202E
/0/0 memory 64KiB BIOS
/0/8 memory 512KiB L2 cache
/0/9 memory 128KiB L1 cache
/0/a memory 3MiB L3 cache
/0/b memory 4GiB System Memory
/0/b/0 memory 4GiB SODIMM DDR3 Synchronous 1333 MHz (0.8 ns)
/0/b/1 memory DIMM [empty]
/0/b/2 memory DIMM [empty]
/0/b/3 memory DIMM [empty]
/0/c processor Intel(R) Core(TM) i3-2365M CPU @ 1.40GHz
/0/100 bridge 2nd Generation Core Processor Family DRAM Controller
/0/100/2 display 2nd Generation Core Processor Family Integrated Graphics Controller
/0/100/14 bus 7 Series/C210 Series Chipset Family USB xHCI Host Controller
/0/100/14/0 usb3 bus xHCI Host Controller
/0/100/14/1 usb4 bus xHCI Host Controller
/0/100/16 communication 7 Series/C216 Chipset Family MEI Controller #1
/0/100/1a bus 7 Series/C216 Chipset Family USB Enhanced Host Controller #2
/0/100/1a/1 usb1 bus EHCI Host Controller
/0/100/1a/1/1 bus Integrated Rate Matching Hub
/0/100/1a/1/1/2 multimedia USB2.0 UVC HD Webcam
/0/100/1a/1/1/3 input Atmel maXTouch Digitizer
/0/100/1b multimedia 7 Series/C216 Chipset Family High Definition Audio Controller
/0/100/1c bridge 7 Series/C216 Chipset Family PCI Express Root Port 1
/0/100/1c.1 bridge 7 Series/C210 Series Chipset Family PCI Express Root Port 2
/0/100/1c.1/0 wlp2s0 network AR9485 Wireless Network Adapter
/0/100/1c.3 bridge 7 Series/C216 Chipset Family PCI Express Root Port 4
/0/100/1c.3/0 enp3s0 network AR8162 Fast Ethernet
/0/100/1d bus 7 Series/C216 Chipset Family USB Enhanced Host Controller #1
/0/100/1d/1 usb2 bus EHCI Host Controller
/0/100/1d/1/1 bus Integrated Rate Matching Hub
/0/100/1f bridge HM76 Express Chipset LPC Controller
/0/100/1f.2 storage 7 Series Chipset Family 6-port SATA Controller [AHCI mode]
/0/100/1f.3 bus 7 Series/C216 Chipset Family SMBus Controller
/0/1 scsi0 storage
/0/1/0.0.0 /dev/sda disk 500GB Hitachi HTS54505
$ lspci
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09)
00:14.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB xHCI Host Controller (rev 04)
00:16.0 Communication controller: Intel Corporation 7 Series/C216 Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 7 Series/C216 Chipset Family USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 7 Series/C216 Chipset Family High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 7 Series/C216 Chipset Family PCI Express Root Port 1 (rev c4)
00:1c.1 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 2 (rev c4)
00:1c.3 PCI bridge: Intel Corporation 7 Series/C216 Chipset Family PCI Express Root Port 4 (rev c4)
00:1d.0 USB controller: Intel Corporation 7 Series/C216 Chipset Family USB Enhanced Host Controller #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation HM76 Express Chipset LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 7 Series Chipset Family 6-port SATA Controller [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 7 Series/C216 Chipset Family SMBus Controller (rev 04)
02:00.0 Network controller: Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01)
03:00.0 Ethernet controller: Qualcomm Atheros AR8162 Fast Ethernet (rev 10)
$ lsusb
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 023: ID 058f:6366 Alcor Micro Corp. Multi Flash Reader # SD card reader
Bus 001 Device 005: ID 03eb:8417 Atmel Corp. # touch screen controller
Bus 001 Device 004: ID 13d3:5188 IMC Networks
Bus 001 Device 022: ID 04ca:3005 Lite-On Technology Corp.
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
>H/W path Device Class Description
=======================================================
system X202E (ASUS-NotebookSKU)
/0 bus X202E
/0/0 memory 64KiB BIOS
/0/8 memory 512KiB L2 cache
/0/9 memory 128KiB L1 cache
/0/a memory 3MiB L3 cache
/0/b memory 4GiB System Memory
/0/b/0 memory 4GiB SODIMM DDR3 Synchronous 1333 MHz (0.8 ns)
/0/b/1 memory DIMM [empty]
/0/b/2 memory DIMM [empty]
/0/b/3 memory DIMM [empty]
/0/c processor Intel(R) Core(TM) i3-2365M CPU @ 1.40GHz
/0/100 bridge 2nd Generation Core Processor Family DRAM Controller
/0/100/2 display 2nd Generation Core Processor Family Integrated Graphics Controller
/0/100/14 bus 7 Series/C210 Series Chipset Family USB xHCI Host Controller
/0/100/14/0 usb3 bus xHCI Host Controller
/0/100/14/1 usb4 bus xHCI Host Controller
/0/100/16 communication 7 Series/C216 Chipset Family MEI Controller #1
/0/100/1a bus 7 Series/C216 Chipset Family USB Enhanced Host Controller #2
/0/100/1a/1 usb1 bus EHCI Host Controller
/0/100/1a/1/1 bus Integrated Rate Matching Hub
/0/100/1a/1/1/2 multimedia USB2.0 UVC HD Webcam
/0/100/1a/1/1/3 input Atmel maXTouch Digitizer
/0/100/1b multimedia 7 Series/C216 Chipset Family High Definition Audio Controller
/0/100/1c bridge 7 Series/C216 Chipset Family PCI Express Root Port 1
/0/100/1c.1 bridge 7 Series/C210 Series Chipset Family PCI Express Root Port 2
/0/100/1c.1/0 wlp2s0 network AR9485 Wireless Network Adapter
/0/100/1c.3 bridge 7 Series/C216 Chipset Family PCI Express Root Port 4
/0/100/1c.3/0 enp3s0 network AR8162 Fast Ethernet
/0/100/1d bus 7 Series/C216 Chipset Family USB Enhanced Host Controller #1
/0/100/1d/1 usb2 bus EHCI Host Controller
/0/100/1d/1/1 bus Integrated Rate Matching Hub
/0/100/1f bridge HM76 Express Chipset LPC Controller
/0/100/1f.2 storage 7 Series Chipset Family 6-port SATA Controller [AHCI mode]
/0/100/1f.3 bus 7 Series/C216 Chipset Family SMBus Controller
/0/1 scsi0 storage
/0/1/0.0.0 /dev/sda disk 500GB Hitachi HTS54505
$ lspci
00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09)
00:14.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB xHCI Host Controller (rev 04)
00:16.0 Communication controller: Intel Corporation 7 Series/C216 Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 7 Series/C216 Chipset Family USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 7 Series/C216 Chipset Family High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 7 Series/C216 Chipset Family PCI Express Root Port 1 (rev c4)
00:1c.1 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 2 (rev c4)
00:1c.3 PCI bridge: Intel Corporation 7 Series/C216 Chipset Family PCI Express Root Port 4 (rev c4)
00:1d.0 USB controller: Intel Corporation 7 Series/C216 Chipset Family USB Enhanced Host Controller #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation HM76 Express Chipset LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 7 Series Chipset Family 6-port SATA Controller [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 7 Series/C216 Chipset Family SMBus Controller (rev 04)
02:00.0 Network controller: Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01)
03:00.0 Ethernet controller: Qualcomm Atheros AR8162 Fast Ethernet (rev 10)
$ lsusb
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 023: ID 058f:6366 Alcor Micro Corp. Multi Flash Reader # SD card reader
Bus 001 Device 005: ID 03eb:8417 Atmel Corp. # touch screen controller
Bus 001 Device 004: ID 13d3:5188 IMC Networks
Bus 001 Device 022: ID 04ca:3005 Lite-On Technology Corp.
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
The references from the Linux Laptop Wiki entry suggest that most of the functions are supported with recent distributions. All function keys work out of the box with Fedora 24 as well as the wifi LED we'll come this later.
Installation
The Asus has a UEFI BIOS with secure boot enabled for Windows. The BIOS is accessible by either theDelete
or F2
keys during poweron. The Esc
key additionally brings up boot menu, useful for forcing a boot from USB.This netbook has the 2.08 BIOS firmware installed.
The first requirement was to disable sucure boot and enable LCM (legacy control module) mode from the BIOS screens.
With a Fedora live image or netinstall image, boot the machine forcing the boot selection. There you will notice 2 options for boot additional to the original Windows 8 boot manager. Ensure that you select the option that as UEFI; this ensures that the Fedora installer has the correct environment to install the correct bootloader later - my initial installation was with non-UEFI boot image and following complete installation the machine would not boot.
If the install-setup processes forces you to create a 1MiB partition for 'bios' duing manual partitioning then you need to reboot and boot using the UEFI version.
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 976K 1.9G 1% /dev/shm
tmpfs 1.9G 1.3M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/vg-root 19G 6.4G 11G 37% /
/dev/sda10 361M 126M 213M 38% /boot
/dev/sda8 95M 8.2M 87M 9% /boot/efi
/dev/mapper/vg-export 227G 44G 172G 21% /export
/dev/mapper/vg-tmp 925M 5.6M 856M 1% /tmp
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 976K 1.9G 1% /dev/shm
tmpfs 1.9G 1.3M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/mapper/vg-root 19G 6.4G 11G 37% /
/dev/sda10 361M 126M 213M 38% /boot
/dev/sda8 95M 8.2M 87M 9% /boot/efi
/dev/mapper/vg-export 227G 44G 172G 21% /export
/dev/mapper/vg-tmp 925M 5.6M 856M 1% /tmp
To verify the correct UEFI bootloader is installed, run
efibootmgr -v
. The following output shows the dual boot setup of the original disk, having shrunk relevant partitions.$ efibootmgr -v
BootCurrent: 0004
Timeout: 0 seconds
BootOrder: 0004,0000
Boot0000* Windows Boot Manager HD(1,GPT,01f9031f-4dc3-45f8-a77a-a217e12be63d,0x800,0x96000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...6................
Boot0004* Fedora HD(8,GPT,06d2e567-a37a-4d1b-8438-3bf22a8e2531,0x17735000,0x2f800)/File(\EFI\fedora\shim.efi)
The system is now ready to boot. You can additionally verify the boot order by looking in the BIOS boot order section.BootCurrent: 0004
Timeout: 0 seconds
BootOrder: 0004,0000
Boot0000* Windows Boot Manager HD(1,GPT,01f9031f-4dc3-45f8-a77a-a217e12be63d,0x800,0x96000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...6................
Boot0004* Fedora HD(8,GPT,06d2e567-a37a-4d1b-8438-3bf22a8e2531,0x17735000,0x2f800)/File(\EFI\fedora\shim.efi)
Post Installation
Same setup as for the HP Mini which was from a netinstall image; using a Spin we end up with more installed but we still have install:gcc-c++ autoconf automake libtool valgrind
kernel-devel sysfsutils
yp-tools ypbind ypserv autofs
strace nmap aircrack-ng wireshark wireshark-gtk
nfs-utils telnet-server samba vsftpd ftp
lshw macchanger
ImageMagick-c++-devel exiv2 exiv2-devel ffmpegthumbnailer-devel perl-ExtUtils-MakeMaker gimp
gstreamer-ffmpeg gstreamer-plugins-bad gstreamer-plugins-ugly gstreamer1-vaapi
lame sox qpdf
libva libva-intel-driver libva-utils libvdpau-va-gl
ffmpeg mplayer mpv youtube-dl mozilla-openh264 vlc
libimobiledevice-utils
mediawriter livecd-tools
rfkill simple-mtpfs gvfs-fuse gvfs-afc ifuse gnome-screenshot gparted
kernel-devel sysfsutils
yp-tools ypbind ypserv autofs
strace nmap aircrack-ng wireshark wireshark-gtk
nfs-utils telnet-server samba vsftpd ftp
lshw macchanger
ImageMagick-c++-devel exiv2 exiv2-devel ffmpegthumbnailer-devel perl-ExtUtils-MakeMaker gimp
gstreamer-ffmpeg gstreamer-plugins-bad gstreamer-plugins-ugly gstreamer1-vaapi
lame sox qpdf
libva libva-intel-driver libva-utils libvdpau-va-gl
ffmpeg mplayer mpv youtube-dl mozilla-openh264 vlc
libimobiledevice-utils
mediawriter livecd-tools
rfkill simple-mtpfs gvfs-fuse gvfs-afc ifuse gnome-screenshot gparted
grub option
The default grub config location renamins the same (/etc/default/grub
) however the installed boot time config is: /boot/efi/EFI/fedora/grub.cfg
- this file location is where you can add the missing hibernation resume flag for the kernel (and disable the graphical boot): resume=/dev/mapper/vg-swap plymouth.enable=0
.Touchpad
The touchpad and drivers obeys a wide range of gestures; 2 fingers scroll (either pull down/up together or 1 static and up/down on the other), 3 finger tap to simluate middle mouse button and 2 finger tap for right-click.Wifi LED
Using the Fn-F2 hotkey to enable/disable WiFi works; however the LED appears only to be activated when you first toggle the h/w WiFi state; that is, even if WiFi is enabled (and you are connected to a wireless network) from a cold boot, the WiFi LED will not be lit - you have to hit the Fn-F2 twice (turn off/turn on) to force the LED on.This is the case when he machine is cold booted or resume'd from suspend or hibernate.
$ dnf -y install rfkill
# force the system to recognise and LED will represent the state of Wifi
$ rfkill block bluetooth
$ rfkill unblock bluetooth
To focrce a stable state on startup, the following # force the system to recognise and LED will represent the state of Wifi
$ rfkill block bluetooth
$ rfkill unblock bluetooth
rfkill
script below's could be executed in /etc/rc.d/rc.local
. Check systemctl status rc-local
to verify status.Note that we are forcing the bluetooth. This is because it appears the WiFi and Bluetooth on the Asus is highly connected - is the WiFi and bluetooth device on the same card/module? Certainly, if bluetooth is disabled from the BIOS the WiFi LED will not operate even though WiFi is usable.
To automate the toggle above after a suspend/hibernate, we can use the hooks provided by
systemd-suspend.service
to run user defined actions following a suspend/hibernate. Previously it was possible to use /etc/pm/sleep.d for something similar.# /usr/lib/systemd/system-sleep/wifi-led.sh
#!/bin/bash
LOG=/tmp/systemd.suspend.log
if [ "${1}" == "pre" ]; then
echo "suspending at $(date)" > $LOG
elif [ "${1}" == "post" ]; then
echo " resumed at $(date)" >> $LOG
/usr/bin/asus-wifi-led.sh
fi
#!/bin/bash
LOG=/tmp/systemd.suspend.log
if [ "${1}" == "pre" ]; then
echo "suspending at $(date)" > $LOG
elif [ "${1}" == "post" ]; then
echo " resumed at $(date)" >> $LOG
/usr/bin/asus-wifi-led.sh
fi
# /usr/bin/asus-wifi-led.sh
#!/bin/sh
#
# really need to figure out to get the result for the h/w device
#0: asus-wlan: Wireless LAN
# Soft blocked: yes
# Hard blocked: no
#1: asus-bluetooth: Bluetooth
# Soft blocked: yes <-- this must match # Hard blocked: no #2: phy0: Wireless LAN # Soft blocked: yes <-- this or # Hard blocked: yes <-- this ARG0=$(basename $0) RFKILL=/usr/sbin/rfkill if [ ! -x $RFKILL ]; then echo "$ARG0: rfkill: command not found" exit 10 fi PHYS_IDX=$($RFKILL list | awk '/phy0: Wireless LAN/ { print $1 }' | tr -d ':') if [ -z $PHYS_IDX ]; then echo "$ARG0: no phy0 Wireless LAN found" exit 1 fi $RFKILL list $PHYS_IDX | grep -q "Hard blocked: no" HWDEV_BLOCKED=$? # turn off the LED first $RFKILL block bluetooth if [ $HWDEV_BLOCKED -eq 0 ]; then # h/w on, force bluetooh status to be the same toggle ok, check the wifi toggle BLOCK=0 #$RFKILL unblock bluetooth fi $RFKILL list $PHYS_IDX | grep -q "Soft blocked: yes" HWDEV_BLOCKED=$? if [ $HWDEV_BLOCKED -eq 0 ]; then BLOCK=1 #$RFKILL block bluetooth fi if [ $BLOCK -eq 0 ]; then $RFKILL unblock bluetooth fi
#!/bin/sh
#
# really need to figure out to get the result for the h/w device
#0: asus-wlan: Wireless LAN
# Soft blocked: yes
# Hard blocked: no
#1: asus-bluetooth: Bluetooth
# Soft blocked: yes <-- this must match # Hard blocked: no #2: phy0: Wireless LAN # Soft blocked: yes <-- this or # Hard blocked: yes <-- this ARG0=$(basename $0) RFKILL=/usr/sbin/rfkill if [ ! -x $RFKILL ]; then echo "$ARG0: rfkill: command not found" exit 10 fi PHYS_IDX=$($RFKILL list | awk '/phy0: Wireless LAN/ { print $1 }' | tr -d ':') if [ -z $PHYS_IDX ]; then echo "$ARG0: no phy0 Wireless LAN found" exit 1 fi $RFKILL list $PHYS_IDX | grep -q "Hard blocked: no" HWDEV_BLOCKED=$? # turn off the LED first $RFKILL block bluetooth if [ $HWDEV_BLOCKED -eq 0 ]; then # h/w on, force bluetooh status to be the same toggle ok, check the wifi toggle BLOCK=0 #$RFKILL unblock bluetooth fi $RFKILL list $PHYS_IDX | grep -q "Soft blocked: yes" HWDEV_BLOCKED=$? if [ $HWDEV_BLOCKED -eq 0 ]; then BLOCK=1 #$RFKILL block bluetooth fi if [ $BLOCK -eq 0 ]; then $RFKILL unblock bluetooth fi
firewalld
Historically I've just disabled firewalld since it blocks most services and my machines have never been mobile. However with the Asus its a little different as it's mobile and I'd expect to be connecting this to various networks that I don't necessarily trust.The
firewalld
offers different zones/profiles that can be tied to different network interfaces; the ones that are of interest: drop
, block
, public
(default) and trusted
.For example, the machine will expose a 'public' NFS mount, I don't really want this to be accessible when I'm connected to public WiFi but I also don't want to have to manually disable the NFS service/reconfig. This is where I can configure the network interface to belong to different zones: for the wired interface that is explicitly used only for home (eth0 vs eth0dhcp - the latter being used for wired networks I don't know, like hotels) I can set this network interface to be
trusted
which essentially means everything is accepted.For the default zone, I want to block the ICMP requests too and we have 2 options:
DROP
# DROP all pings
$ firewall-cmd --get-default-zone
public
$ firewall-cmd --permanent --zone=public \
--direct --add-rule \
ipv4 filter INPUT 0 -p icmp \
--icmp-type echo-request -j DROP
$ firewall-cmd --reload
$ firewall-cmd --get-default-zone
public
$ firewall-cmd --permanent --zone=public \
--direct --add-rule \
ipv4 filter INPUT 0 -p icmp \
--icmp-type echo-request -j DROP
$ firewall-cmd --reload
firewalld block
# block all pings
#$ for i in $(firewall-cmd --get-icmptypes); do
#firewall-cmd --permanent --add-icmp-block=$i
#done
#$ firewall-cmd --reload
$ firewall-cmd --permanent --add-icmp-block=echo-request
$ firewall-cmd --info-zone public
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks: echo-request
rich rules:
The difference between the 2 options is subtle - the DROP (which appears to be set for all zones now matter which --zone you specify) means the kernel will ignore and not generate any response. For the second option, the kernel will block the reject but respond to the client.#$ for i in $(firewall-cmd --get-icmptypes); do
#firewall-cmd --permanent --add-icmp-block=$i
#done
#$ firewall-cmd --reload
$ firewall-cmd --permanent --add-icmp-block=echo-request
$ firewall-cmd --info-zone public
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks: echo-request
rich rules:
Additional services to allow can be added via the
--add-service=
param where all known system services (with description and ports) are listed under /usr/lib/firewalld/services
.To add an known NetworkManger interface to a zone, either update the
/etc/sysconfig/networking-scripts/ifcfg-*
adding ZONE=trusted
or via the gui NetworkManager interface; confirm this is in effect: nmcli connection show enp3s0 | grep connection.zone
Additionally, you may wish to add the VMware virtual devices (host only and NAT) to the trusted zone so interfaces work.
$ firewall-cmd --permanent --zone=trusted --add-interface=vmnet1
$ firewall-cmd --permanent --zone=trusted --add-interface=vmnet8
$ firewall-cmd --permanent --zone=trusted --add-interface=vmnet8
Dual Monitor Support
The HDMI and VGA port can be used to connect an additional monitor and using the Fn-F8 hotkeys we can cycle to sending the screen to the HDMI/VGA but also extending our X session onto the HDMI/VGA display. The options: send to HDMI/VGA (turn off internal screen), mirror to HDMI/VGA, extend to HDMI/VGA.Furthermore, if you are sending the screen to external (at least the VGA port) X will choose the optimal resolution - when using my desktop monitor, the 1920x1200 resolution was selected.
The only issue I've encountered is coming back from a screen blank, the external HDMI/VGA screen will be scrabmled and Fn-F8 will be needed to set up the screens as required.
Intel Graphics HD3000 Hardware Acceleration
The Asus s200e's 2nd gen i3 graphics chip is a HD3000 - whilst it is a low end chip, it still allows for hardware acceleration for some tasks, such as video decoding for h264 streams (ie mp4 aka h264) or assisted (compositing?) drawing of the screen.Before we try to configure the sytem with the correct utils/libs it is important to understand that there a many h/w accel API available: furthermore some interfaces are vendor specific (CUDA for nvidia chips and QuickSync for intel chips) but some APIs can act as a fascade/bridge. The main APIs that will be interest: VA-API, VDPAU.
Once we understand the API confusion, then we need to understand that applications must be developed to use such APIs to take advantage of the h/w. For the Intel HD3000, Intel themselves have contributed greatly with their opensource video drivers with VA-API and QuickSync being the main interfaces to their chips.
$ dnf -y install libva libva-utils libva-intel-driver libvdpau-va-gl
Note that we are also installing a VDPAU package - this is to provide a bridge for applications that only support the VDPAU api wrapping the calls to VA-API calls.To verify that the system successfully installed components:
$ vainfo
libva info: VA-API version 0.39.3
libva info: va_getDriverName() returns 0
libva info: Trying to open /usr/lib64/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_0_39
libva info: va_openDriver() returns 0
vainfo: VA-API version: 0.39 (libva 1.7.2)
vainfo: Driver version: Intel i965 driver for Intel(R) Sandybridge Mobile - 1.7.2
vainfo: Supported profile and entrypoints
VAProfileMPEG2Simple : VAEntrypointVLD
VAProfileMPEG2Main : VAEntrypointVLD
VAProfileH264ConstrainedBaseline: VAEntrypointVLD
VAProfileH264ConstrainedBaseline: VAEntrypointEncSlice
VAProfileH264Main : VAEntrypointVLD
VAProfileH264Main : VAEntrypointEncSlice
VAProfileH264High : VAEntrypointVLD
VAProfileH264High : VAEntrypointEncSlice
VAProfileH264StereoHigh : VAEntrypointVLD
VAProfileVC1Simple : VAEntrypointVLD
VAProfileVC1Main : VAEntrypointVLD
VAProfileVC1Advanced : VAEntrypointVLD
VAProfileNone : VAEntrypointVideoProc
The support entrypoints above give you the list of h/w accelerated functionality mpeg2,h264,vc1.libva info: VA-API version 0.39.3
libva info: va_getDriverName() returns 0
libva info: Trying to open /usr/lib64/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_0_39
libva info: va_openDriver() returns 0
vainfo: VA-API version: 0.39 (libva 1.7.2)
vainfo: Driver version: Intel i965 driver for Intel(R) Sandybridge Mobile - 1.7.2
vainfo: Supported profile and entrypoints
VAProfileMPEG2Simple : VAEntrypointVLD
VAProfileMPEG2Main : VAEntrypointVLD
VAProfileH264ConstrainedBaseline: VAEntrypointVLD
VAProfileH264ConstrainedBaseline: VAEntrypointEncSlice
VAProfileH264Main : VAEntrypointVLD
VAProfileH264Main : VAEntrypointEncSlice
VAProfileH264High : VAEntrypointVLD
VAProfileH264High : VAEntrypointEncSlice
VAProfileH264StereoHigh : VAEntrypointVLD
VAProfileVC1Simple : VAEntrypointVLD
VAProfileVC1Main : VAEntrypointVLD
VAProfileVC1Advanced : VAEntrypointVLD
VAProfileNone : VAEntrypointVideoProc
Why It Matters
Whilst the Asus is faster than my previous HP netbook (clock speed is lower but the atom vs i3 is not a contest) graphics handling within s/w (ie on CPU only) is going to be drain. This is where the GPU can assist greatly and it is not only limited to decoding video but the GPU can also assist in rendering the screen. This of course is not news but it can be confusing and annoying to see what useful GPU accerlation is available.Firefox and Chrome
Right now the biggest CPU intensive task for your browser is likely to be watching YouTube. Unfortuntably, neither browser provides h/w decode. You can easily see the CPU spike when viewing 720 or 1080 files from YouTube.One important note: YouTube will stream video as a WebM (v8 or v9) stream instead of h264. The reason for this is a result of patents; WebM was developed as a patent/royalty free format whereas h264 is not. Secondly, whilst v8/v9 formats have been available since ~2010 it is still rare to find GPU capable of h/w decoding these formats but many GPUs support h264 h/w encode/decode.
Whilst you can force Firefox to serve h264 files instead of WebM via a plugin, this is still no use to us since Firefox does NOT support h/w decode. Looking at
about:support
may simply confuse you.Chrome also has no h/w decode support for h264 even though in various forums, there have been references to h/w decode code in Chrome but currently disabled due to the lack of a subsystem maintainer.
Movie Players
The usual candidates here are:mplayer
, mpv
(fork of mplayer2), vlc
and whatever graphic tool fedora ships. vlc has a graphical interface that has h/w decode options but I found these options were just ignored and the CPU was used for decoding.mplayer
mplayer is an old favourite but it doesn't support VA-API; it does however support VDPAU and luckily the libvdpau-va-gl library provides a wrapper. When used to view a sample 1020 mp4:$ mplayer -ss 5 -endpos 20 sample.mp4
$ mplayer -ss 5 -endpos 20 -vo vdpau -vc ffh264vdpau sample.mp4
the results showed the non GPU h/w assisted decode would jump the CPU to ~85% (that's most of one core). Using the VDPAU h/w decode for the same file resulted in ~7.5%.$ mplayer -ss 5 -endpos 20 -vo vdpau -vc ffh264vdpau sample.mp4
To force mplayer to use VDPAU h/w decoding for the supported files types:
# ~/.mplayer/config
vo=vdpau,
vc=ffmpeg12vdpau,ffwmv3vdpau,ffvc1vdpau,ffh264vdpau,ffodivxvdpau
Trying to update the system file /etc/mplayer/mplayer.conf didn't seem to work with the same values.vo=vdpau,
vc=ffmpeg12vdpau,ffwmv3vdpau,ffvc1vdpau,ffh264vdpau,ffodivxvdpau
mpv
This is a new tool for me but it seems to keep to the mplayer feel but improving itself (move the mouse over the playback window and you get an OSD play/stop/etc panel!). One of the big improvementsmpv
makes over mplayer
is its support for h/w decoding APIs. For this asus, VA-API is available.$ mpv --hwdec no --start 5 --lenght 15 sample.mp4
$ mpv --hwdec vaapi -vo vaapi --start 5 --length 15 sample.mp4
$ mpv --hwdec vaapi -vo opengl --start 5 --length 15 sample.mp4
Again the same file used in the mplayer 'benchmark' was again. The above options force no h/w decode, VA-API decode with rendering via VA-API (the $ mpv --hwdec vaapi -vo vaapi --start 5 --length 15 sample.mp4
$ mpv --hwdec vaapi -vo opengl --start 5 --length 15 sample.mp4
mpv
documents say threre should be no reason to use this except for trying to save battery life on a 'crappy machine') and VA-API decode with rendering through opengl. The results were pretty much as expected afer seeing the mplayer results: ~75% CPU, 5% CPU and 6.5% CPU respectively.Forcing h/w decoding by default can be achieved:
# /etc/mpv/mpv.conf
hwdec=vaapi
vo=vaapi
hwdec=vaapi
vo=vaapi
Furthermore,
mpv
can use the youtube-dl
seemlessly to play YouTube videos - you can simply pass the URL to mpv
. You can further configure youtube-dl
to select certain streams (ie nothing more than 720 given the size of the Asus screen)ffmpeg
It is no real surprise that themplayer
and mpv
numbers are similar since they both use ffmpeg
to some degree. ffmpeg
supports a wider range of h/w assisted APIs for decode/encode including Intel Quick Sync as well as VA-API.For my installation however I was unsuccesful in getting the Intel QSV to work:
# use intel quick sync vid encoding for HD 3000 h/w accelerated encoding
$ ffmpeg -i foo.avi -c:v h24_qsv -preset:v faster foo-iQSV.mp4
...
[h264_qsv @ 0x1e5aa80] Error initializing an internal MFX session
$ ffmpeg -i foo.avi -c:v h24_qsv -preset:v faster foo-iQSV.mp4
...
[h264_qsv @ 0x1e5aa80] Error initializing an internal MFX session
Using VA-API encoding the machine is typically 100-120% utilised (just over 1x core).
# typically 100-120% of cpu (just over 1x core)
$ ffmpeg -vaapi_device /dev/dri/renderD128 \
-hwaccel vaapi \
-i foo.mpg \
-vf 'format=nv12,hwupload' -c:v h264_vaapi \
-y -c:a copy \
foo-hwenc.mp4
To determine what h/w decode support is available in the current ffmpeg build:$ ffmpeg -vaapi_device /dev/dri/renderD128 \
-hwaccel vaapi \
-i foo.mpg \
-vf 'format=nv12,hwupload' -c:v h264_vaapi \
-y -c:a copy \
foo-hwenc.mp4
$ ffmpeg -hwaccels
ffmpeg version 3.1.5 Copyright (c) 2000-2016 the FFmpeg developers
built with gcc 6.2.1 (GCC) 20160916 (Red Hat 6.2.1-2)
...
libavutil 55. 28.100 / 55. 28.100
libavcodec 57. 48.101 / 57. 48.101
libavformat 57. 41.100 / 57. 41.100
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 47.100 / 6. 47.100
libavresample 3. 0. 0 / 3. 0. 0
libswscale 4. 1.100 / 4. 1.100
libswresample 2. 1.100 / 2. 1.100
libpostproc 54. 0.100 / 54. 0.100
Hardware acceleration methods:
vdpau
qsv
vaapi
Of course you have to provde an Intel h/w decode supported video stream.ffmpeg version 3.1.5 Copyright (c) 2000-2016 the FFmpeg developers
built with gcc 6.2.1 (GCC) 20160916 (Red Hat 6.2.1-2)
...
libavutil 55. 28.100 / 55. 28.100
libavcodec 57. 48.101 / 57. 48.101
libavformat 57. 41.100 / 57. 41.100
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 47.100 / 6. 47.100
libavresample 3. 0. 0 / 3. 0. 0
libswscale 4. 1.100 / 4. 1.100
libswresample 2. 1.100 / 2. 1.100
libpostproc 54. 0.100 / 54. 0.100
Hardware acceleration methods:
vdpau
qsv
vaapi
Some other sample numbers:
s/w decode/s/w encode = 380%
s/w decode/VA-API encode = 230%
QSV decode/VA-API encode = 253%
VADPAU decode/VA-API encode = 87%
VA-API decode/VA-API encode = 45%
Other useful conversion:s/w decode/VA-API encode = 230%
QSV decode/VA-API encode = 253%
VADPAU decode/VA-API encode = 87%
VA-API decode/VA-API encode = 45%
$ ffmpeg -i foo.flac -ab 320k -map_metadata 0 -ide3v2_version 3 foo.mp3
will convert the flac file to mp3, copying all metadata.
screencast
recordmydesktop
has worked for me previously but with the Asus generated files have partially corrupted output.Using
ffmpeg
's X11grabffmpeg -y -vaapi_device /dev/dri/renderD128 \
-video_size 1366x768 -framerate 10 -f x11grab -i :0.0 \
-f pulse -ac 2 -i default \
#-vcodec libx264 -crf 0 -preset ultrafast \
-vcodec h264 -vf format=yuv420p \
foo.mp4
also results in corrupt video but perhaps not as bad (remove -f pulse ... to disable audio)-video_size 1366x768 -framerate 10 -f x11grab -i :0.0 \
-f pulse -ac 2 -i default \
#-vcodec libx264 -crf 0 -preset ultrafast \
-vcodec h264 -vf format=yuv420p \
foo.mp4
The max native screen resolution for the Asus is 1366x768 (16:9) and some suggestions to lower the resolution (checking via
xrandr
and setting wiht the -s option) did not help neither did force the "TearFree" option within X:# /etc/X11/xorg.conf.d/20-intel.conf
Section "Device"
Identifier "Intel Graphics"
Driver "Intel"
Option "TearFree" "true"
EndSection
Currently this is unsolved but I've fond using the ffmpeg parameters in the following script to be more or less usable:Section "Device"
Identifier "Intel Graphics"
Driver "Intel"
Option "TearFree" "true"
EndSection
#!/bin/bash
XIFR=10
XIVS=1366x768
VO="-vcodec h264 -vf format=yuv420p -vf 'format=nv12,hwupload' -c:V h264_vaapi"
VO="-vf 'format=nv12,hwupload' -c:v h264_vaapi"
VO="-vcodec h264 -vf format=yuv420p"
usage() {
echo "usage: $(basename $0) [-y] [-a] [-r] [-s] -o foo.mp4"
echo " -y: overwrite output [default: no]"
echo " -a: enable audio grab: [default: no]"
echo " -r: input frame rate [default: ${XIFR}]"
echo " -s: size/X11 geometry grab [default: ${XIVS}]"
}
while getopts "ys:r:a:o:h" opt; do
case $opt in
'y') OVERWRITE="-y";;
's') XIVS=$OPTARG;;
'r') XIFR=$OPTARG;;
'a') AO="-f pulse -ac 2 -i default";;
'o') OUTPUT=$OPTARG;;
'h') usage
exit 1;;
esac
done
shift $((OPTIND-1))
if [ -z ${OUTPUT} ]; then
usage
exit 1
fi
ffmpeg ${OVERWRITE} \
-vaapi_device /dev/dri/renderD128 -hwaccel vaapi \
-video_size ${XIVS} -framerate ${XIFR} -f x11grab -i :0.0 \
${AO} ${VO} \
${OUTPUT}
XIFR=10
XIVS=1366x768
VO="-vcodec h264 -vf format=yuv420p -vf 'format=nv12,hwupload' -c:V h264_vaapi"
VO="-vf 'format=nv12,hwupload' -c:v h264_vaapi"
VO="-vcodec h264 -vf format=yuv420p"
usage() {
echo "usage: $(basename $0) [-y] [-a] [-r] [-s] -o foo.mp4"
echo " -y: overwrite output [default: no]"
echo " -a: enable audio grab: [default: no]"
echo " -r: input frame rate [default: ${XIFR}]"
echo " -s: size/X11 geometry grab [default: ${XIVS}]"
}
while getopts "ys:r:a:o:h" opt; do
case $opt in
'y') OVERWRITE="-y";;
's') XIVS=$OPTARG;;
'r') XIFR=$OPTARG;;
'a') AO="-f pulse -ac 2 -i default";;
'o') OUTPUT=$OPTARG;;
'h') usage
exit 1;;
esac
done
shift $((OPTIND-1))
if [ -z ${OUTPUT} ]; then
usage
exit 1
fi
ffmpeg ${OVERWRITE} \
-vaapi_device /dev/dri/renderD128 -hwaccel vaapi \
-video_size ${XIVS} -framerate ${XIFR} -f x11grab -i :0.0 \
${AO} ${VO} \
${OUTPUT}
Using for Intended Purpose
One of the main uses for this machine was to be able to use VMware and Windows for various Windows-only (iTunes) management. However with the installation complete, plugging in my iPhone didn't yeild in the same result as on my F24 desktop, with withifuse
failing to mount and ideviceinfo
complaining that no devices available (ERROR: Could not connect to lockdownd, error code ...
with error codes -5, -21).This was strange as the F24 desktop had the same packages as the Asus (
dnf list installed
). On the libimobiledevice git issue tracker some references to issues with GnuTLS handling and pairing. To resolve the problem I had to take the latest git code build/install and force pair/unpair before the machine would recognise the device.# whist IOS device plugged in
$ ls /var/lib/lockdown/
...
$ idevicepair list
$ idevicepair validate
$ idevicepair unpair
$ idevicepair pair
# check pairing has created any entries for known devices
$ ls /var/lib/lockdown
$ ls /var/lib/lockdown/
...
$ idevicepair list
$ idevicepair validate
$ idevicepair unpair
$ idevicepair pair
# check pairing has created any entries for known devices
$ ls /var/lib/lockdown
I forget whether on the F24 desktop whether the iPhone was paired before various IOS upgrades or whether this has any impact.
Virtual Machines
Moving my (retail) licensed and activated WinXP VMware instance to this new machine was going to be my biggest concern. The Microsoft activation engine is reported to force re-activation whenever it detects significant changes have been made to your computer and believed to involve a combination of changes since the last Windows boot: changes to CPU/amount of RAM/MAC address/added-removed h/w like your CD/DVD device. For my VWware image on my netbook, moving the~/vmware/
and the .vmdk
to the Asus seemed to be problem free.Starting VMware for the first time with the WinXP vm, VMware queried did you move/copy your vm. Saying 'copied' started the WinXP vm with no issues and did not prompt for activation even though the CPU (the real CPU details are exposed through to the guest OS) and ethernet MAC address had changed.
Whilst most people will be using a file based VM some teams have tried to use real Windows 7 partitions within VMware. The main steps from the link:
- use
losetup
andmdadm
to create a software RAID to represent the Windows partition(s) and creating a local MBR on a file - setup partition layout on s/w RAID to math physical layout
- install MBR to the s/w RAID
- hack the local MBR to match up IDs used by Windows and force IDE drivers to load in registry
- restart Widows 10, force shutdown
shutdown.exe /f /s /t 0
instead of Windows standard hibernation mode
As the Asus I have came with the original disk with Windows 10 installed (upgraded from the factory Windows 8) this may be the next project...
No comments:
Post a Comment