Adding the ATA Security eXtension BIOS to AMIBIOS (Asus P5KC)

I’ve just purchased an Intel 520 SSD drive, which does hardware-based AES encryption of the whole disk, and is clever enough to encrypt the AES passphrase with the ATA / HDD password. This encryption implementation was my primary reason for getting this specific SSD. Many modern SSDs also employ hardware-based AES encryption for randomisation and for fast secure erase (they just reset the AES key!), but do NOT use the ATA password to encrypt the keys, so the encryption is far less effective at protecting your precious data. As far as my current information goes, the Intel 320, 520 and 710 drives do it correctly, as does the Samsung SSD 840 Pro and the Kingston SSDNow 200V+.

However, the AMI-BIOS in the Asus P5KC motherboard in my workstation does not support the ATA Security Mode Feature Set, and hence does not allow me to set the ATA password, or to enter the set ATA password at bootup so that the SSD can be unlocked. Enter the ATA Security eXtension BIOS, or ATASX, a piece of ROM BIOS code that you can add to your system or network ROM in various ways, that then gives you the required ATA Security Mode Feature Set components.

This post documents the exact steps I took to patch the AMI-BIOS of my Asus P5KC motherboard. If you follow these instructions, you do so entirely at your own risk. 

I made use of method 2 for the AMI-BIOS, that is to integrate the ATASX as a PCI extension ROM, targeted at the boot room on the built-in network card, into a BIOS ROM image, which I could then flash on the motherboard using the built-in EZ-Flash tool.

  1. The ATASX.ROM needs to be configured with the network and vendor id of your network card. Under Linux, I used “lspci -nn”, which returned “02:00.0 Ethernet controller [0200]: Atheros Communications Inc. Attansic L1 Gigabit Ethernet [1969:1048] (rev b0)” for the ethernet card. At the very end, you can see that the vendor id is 1969 and the device id is 1048.
  2. Using bromcfg.exe (part of the ATASX download) in a dosbox (it’s a dos utility, and I only have Windows 7 64bit on my laptop, which can’t run dos EXEs) I loaded ATASX.ROM and entered the correct vendor and device IDs. I left the default passwords blank, and the default Ctrl-S delay at 1 second.
  3. Downloaded the latest Asus P5KC .ROM file from the Asus support site.
  4. Downloaded mmtool.exe, loaded the Asus P5KC.ROM file, selected the PCI Option ROM with the vendor and device ID extracted in step 1 in the RunLoc column, and then used the replace tab to replace it with the BROMCFG configured ATASX.ROM, see below for screenshot. Saved the new .ROM file.

    Replacing the network card’s PCI Option ROM with ATASX.
  5. Burn the mmtool-saved ROM with ASUS EZ Flash (Alt-F2 at boot). It should look like this:

    Flashing your new AMI-BIOS.
  6. After rebooting, make sure you have Enabled the “LAN Option ROM” in the BIOS, under Advanced | Onboard Devices Configuration, else ATASX.ROM will never get a chance to start!

At your next boot, you should see the ATASX CTRL+S message:

Press CTRL+S to enter the ATASX setup!

If you press Control-S on time, you should be greeted with the ATASX drive selection screen (the Intel 520 SSD is not installed yet, you’re seeing my Barracuda only):

Press CTRL+S to enter the ATASX setup!

From which you can select a drive and then configure various ATA Security related variables, such as the master and user HDD passwords, which is exactly what we were after:

ATASX drive detail screen, on which the HDD passwords can be set.

Update on 2012-12-23

I’ve discovered one more caveat: ATASX unfortunately does not support drives in AHCI mode. AHCI mode can be faster than IDE mode, especially for multi-threaded disk access.

Update on 2012-12-01

I now have this working with an Intel 520 SSD. There is one caveat though: If your machine suspends to RAM (S3), the drive goes into its locked state. At resume, there is no secure way to supply the drive password, and so it remains locked. In many cases this means that S3 suspend-to-ram is not usable for password protected drives. This seems to be a common problem with desktops and also some laptops, as can be seen here on askubuntu, here on the intel communities, here on the ATASX forums, and here in the German C’T magazine.

European Motorola Atrix 4G: Rooting, unlocking and CyanogenMod 7.2

The Motorola Atrix 4G, flagship phone about a year ago, is now a great budget option if you need an unlocked and high performance Android phone. An NVIDIA Tegra 2 dual-core 1 GHz processor, 1GB of RAM, 16GB of built-in storage, micro SD slot, front and back cameras, a 1950 mAh battery (!) and more can be had for an affordable € 260 here in the Netherlands.

However, Motorola has cancelled the plans to upgrade this phone to Android 4.0 (ICS), so it’s stuck with its stock Android 2.3.4. It’s a fine ROM with great battery life, but Motorola probably won’t even ship incremental updates or bug fixes. There are know problems with Google Search updates FCing on app drawer, and newer versions of Google Maps getting confused with the relative priority of the GPS or network positioning.

It would be nice to have some options. This post briefly summarises the steps I took to root and unlock the phone, and my first impressions of CyanogenMod 7.2. The specific version of the phone that this post deals with is 45.31.0.MB860.AsiaRetail.en.03.

Warning: You follow these instructions AT YOUR OWN RISK. If by doing this you manage to break or brick your telephone, or you invoke any other calamity, the responsibility is entirely yours.

Screenshot of my Atrix 4G with CyanogenMod 7.2 and ADW.Ex Launcher.

To root the phone, take the following steps

  • Make sure your Windows installation has the Motorola USB and phone drivers installed. If you simply connect your phone with its stock ROM to the PC that you’re going to use, everything should be automatically installed.
  • Download fastboot from this XDA post, and unpack it in an easy to find directory, for example c:\moto\.
  • Download the preinstall image from this XDA post, and put the unpacked .img file in the same directory.
  • Switch phone off, then on again with the volume down button held down. After a short while the phone says fastboot at the top: Now press volume up, it should say “starting fastboot protocol support”.
  • In a Windows command window, in c:\moto\, type: moto-fastboot.exe flash preinstall preinstall.img
  • After it’s done flashing, type: moto-fastboot.exe reboot
  • The phone will reboot now.
  • Download the android SDK from here and unpack the archive. Somewhere in there you should find adb.exe.
  • On the phone,  go to Settings |  Applications | Development and activate USB Debugging.
  • Disconnect and reconnect the phone to your computer. Drag down the phone notification area, tap “usb connection” then select “USB mass storage”.
  • Now you’re going to root the phone, by typing the following at the Windows command prompt:
c:\full\path\to\adb.exe\adb shell

The previous command should drop you into a $-style unix shell to your phone. At the $-prompt, type the following:

/preinstall/dosu
/bin/mount -o remount,rw /system
cp /preinstall/su /system/bin/
chmod 6755 /system/bin/su
PATH=/system/bin:$PATH pm install /preinstall/Superuser.apk

After all that, reboot the phone. It has now been rooted.

Unlocking and CyanogenMod 7.2

That was the difficult part. To unlock, simply follow the instructions under “Unlocking the Bootloader with RSD Lite (Windows)” in this CyanogenMod install guide, making sure to use the “International Variants Only: Unlockable Bootloader”. Once you’re done, move on to the part “Installing the ClockworkMod Recovery” and then “Flashing CyanogenMod”, the “Method via Recovery”. It’s all pretty straight-forward if you stick to the instructions.

First impressions

CyanogenMod 7.2 feels fantastically fast on this telephone, almost buttery. The fingerprint unlocker works much better than on the stock ROM, with the one caveat that you can’t have a pin-code-unlock backup. In other words, one unlock method can be active at a time. The battery unfortunately seems to drain quite a bit faster than with stock ROM. However, things seem to have become much better after one or two full charge-recharge cycles. Here’s my battery usage graph at about 29 hours after being taken from its charger:

Battery discharge graph at about 29 hours.

It was disappointing to discover that although the camera and camcorder work, the camcorder in portrait mode does not correctly orient the stored movie. I have not yet been able to find a work-around for this.

The phone feels really fast. Together with the flexibility that CyanogenMod 7.2 and being rooted give me (zillions of configuration options! if the XDA hackers manage to get the leaked ICS ROM into more solid shape, that upgrade is a tap away!), the trade-offs are, for the moment, acceptable.

Removing URLs from Zotero bibtex exports

When you export bibtex from zotero, it includes the URLs in the bibtex records. Some LaTeX bibliography styles include this information, and sometimes this is not what you want, for example because the URLs take up unnecessary space and are hard to wrap.

It’s quite easy to get zotero to export bibtex without the URLs.

  1. Go to Preferences | Advanced and click on the “Show Data Directory” button.
  2. Edit translators/BibTeX.js with your favourite text editor.
  3. In function doExport(), at around line 2040 in Zotero 3.0.7, change the “for (var field in fieldMap)” loop by adding a single line of code like this:
for(var field in fieldMap) {
    # only add the following line:
    if (field == "url") continue;
    if(item[fieldMap[field]]) {
        writeField(field, item[fieldMap[field]]);
    }
}

If your changes don’t seem to take, make sure that your text editor did not make a backup of the old BibTeX.js (vim does this, with an ~ appended), as Zotero could possible pick up the backed up version instead of your edited version.

Let me know in the comments if this helped!

Look! References without URLs!

Update on 2013-02-17: Added tip concerning editor backups of BibTeX.js (I ran into this problem myself).

Review of Ubuntu Linux 12.04 on the Samsung NP300V3A Core i5 NVIDIA Optimus laptop

An important warning: During installation, do NOT activate home folder encryption. Due to bugs 957843 and 509180, you will most probably suffer data loss, and you won’t even know about it until it’s too late. This happened on two of my laptops during normal use, both of which I have since completely reinstalled with LUKS whole disk encryption. It’s a shame that this bug has been known for years, but that Ubuntu still ships with this as its default home folder encryption configuration.

The Review

With the release of Ubuntu 12.04 Precise Pangolin on April 26, 2012, I decided that it was finally time to test this on my almost-a-year-old Samsung NP300V3A laptop. I had been procrastinating up to now, due to all the horror stories about the lack of Linux support for the NVIDIA Optimus graphics, a hardware-software combination that auto-switches in this case between the discrete NVIDIA GeForce GT520m and the CPU-integrated Intel HD3000.

I was quite pleasantly surprised. Read on if you’re curious as to why.

The obligatory Ubuntu 12.04 Unity desktop screenshot. My gnome-terminal is using the lovely Solarized colours. Extra indicators include Dropbox, and indicator-multiload for showing the CPU, network, load and disk activity gaphs.

Installation

With the Linux Startup Disk Utility (actually called the usb-creator-gtk) on my Ubuntu desktop I installed the 12.04 x86_64 image on an old 1GB USB flash drive. A point of criticism is that the final “installing bootloader” part takes some minutes, without much feedback other than a progress bar bouncing horizontally. Booting the live disk went perfectly, and I could test basic functionality. Joining my TP-LINK TL-WR1043ND access point went without a hitch. Even suspend and resume worked out of the box. Resuming is fast, almost MacBook speed! During the installation, I used the partition tool to resize an existing NTFS partition to create space for the Linux installation. It still amazes me how smooth this process has become. From start to final boot, the whole installation took 18 minutes.

NVIDIA Optimus Support

After bootup, the first two issues I ran into were the miserable (estimated) battery life, and the fact that Super-W did not activate Window-Scale, as I was used to on other Ubuntu installations. A “ps uaxw | grep -i unity” revealed that I was running unity-2d, and sniffing through /var/log/Xorg.0.log yielded the tell-tale “(EE) Failed to initialize GLX extension (Compatible NVIDIA X driver not found)” (also that X was getting confused with the seeming presence of both Intel and NVIDIA graphics). It was clear that Ubuntu 12.04 doesn’t support Optimus out of the box.

On AskUbuntu I found this fabulous answer by one of the developers of the new Bumblebee. In short:

sudo add-apt-repository ppa:ubuntu-x-swat/x-updates
sudo add-apt-repository ppa:bumblebee/stable
sudo apt-get update
sudo apt-get install bumblebee bumblebee-nvidia
sudo usermod -a -G bumblebee $USER

After this log out and log back in, and you’re in Optimus heaven! My battery estimate was soon 3.5h+ on 80% charge (it was just under 2h at 80% before installing bumblebee), unity 3D was running, and I could start applications, using the optirun prefix, running on the NVIDIA graphics. With glxspheres, I get 1.9 frames/sec and 1.9 Mpixels/sec without and 115 frames/sec and 113 Mpixels/sec with NVIDIA graphics. Importantly, bumblebee automatically switches off the NVIDIA graphics when nothing is using it, resulting in the much longer battery life. All hail the four main developers of Bumblebee: Thulinma, Lekensteyn, Samsagax and ArchangeGabriel.

Unity

Unity, Ubuntu’s unique GUI, has improved muchly since 11.10. I gave Unity on 11.04 a serious go, and also on 11.10, but I gave up in each instance after a week or two due to glaring bugs. The 12.04 Unity has made great progress in fixing a number of small but irritating bugs, I think it might be a keeper. The heads-up display (HUD) is indeed awesome: Press “alt” (the default keybinding) and then type away to search through the menus of the currently foreground application. I’ve come to appreciate the screen space savings due to the global menubar, although it doesn’t work for all apps yet, vim-gnome being an example of note. At this moment, my only wish would be to have a window-overview like you get in the gnome3-shell when you press the super key.

There has been much bitching and moaning about the direction Ubuntu has taken with Unity, some of it valid arguments. Especially the fact that much effort is being diverted from the gnome-shell is concerning. However, although I’ve dirtied many a word using previous versions of Unity, I think it’s good that it’s exploring directions that create a new UI experience that represents a counter-pole to the Windows and OS-X approaches.

Fixing Chrome icon grouping in Unity Launcher

At the time of this update (2012-05-04) I did run into one old annoyance again. If  you start up Chrome (or Chromium) and then one of its application shortcuts, for example GMail, it groups both under the same icon on the Unity Launcher:

Chrome and Chrome Application shortcuts are grouped together under the first launcher icon, whichever that is.

If you start up the application shortcut first, for example GMail, subsequent Chrome windows will be grouped under the GMail icon. Durn.

Fortunately, the devs have been working on this bug, and the fix should soon appear as a stable release update (SRU). Until that time, you can download and install the bamfdaemon, libbamf and libbamf3-0 deb packages from here. Anything with version 0.2.116 and newer has the fix. Note that this only fixes it for the case where you’ve started up Chrome first (scenario 1 above), and not an application shortcut. See my comment on the bug report.

Multi-monitor support

I had low(ish) expectations when I connected my 40″ Sony Bravia TV to the HDMI port of the laptop, so I was more or less speechless for a while when, without me having to touch any part of the interface, Ubuntu simply extended its desktop onto the TV panel. BOOM. Just like that.

What I also like very much, is that Ubuntu by default puts the Launcher and its main menu bar on both displays (this is configurable though) and, even more gratifying, that the Dash appears automatically on the display currently containing the mouse cursor when I press the Super key. In the photo below, you can see the laptop below, on battery, outputting to the Sony TV via HDMI, and glxspheres humming along at just over 90 FPS using the discrete NVIDIA graphics. What you don’t see is me, smiling maniacally behind the camera phone.

Ubuntu 12.04 multi-monitor support FTW!

The Displays configuration window seems to think the 40″ panel is 72″, but the resolution has been correctly deduced.

Miscellaneous hardware support

Power saving looks pretty good. With the brightness set to 40% (brightness setting is not persisent unfortunately), my power usage at idle is just under 9W:

PowerTop says my idle power consumpting at 40% brightness is under 9W.

Actually with normal browsing over wlan, I was not able to push it that far over 10W. This is after having toggled 10 or so powertop tunables from “bad” to “good”. After having installed laptop-mode-tools, the tunables are all automatically and persistently “good”, except for a VM timeout. However, this seems to be a misunderstanding between laptop-mode-tools and powertop, and it is in fact quite OK.

The hardware config panel key (Fn-F1) does nothing, the touchpad disable key (Fn-F5) just works, the volume keys (Fn-F6 to Fn-F8) just work, but the hardware fan (Fn-F11) and wireless (Fn-F12) keys do nothing.

Initially the brightness keys (Fn-F2 and Fn-F3) didn’t really work, only allowing me to switch between two brightness levels (100% and 90%). Adding “acpi_osi=Linux acpi_backlight=vendor” to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub, running sudo update-grub and then rebooting gives you 100% working hardware brightness control. Based on the information on this page, this configures brightness setting to happen through vendor-specific driver modules instead of through the ACPI default driver. Also see my askubuntu answer regarding this issue. Things have unfortunately changed to and fro with subsequent Ubuntu kernel releases, this page is up to date with linux kernel 3.2.0-31.

In the working cases, you get the gorgeous notifier display (and in the case of volume even a mac-like audio feedback as you change levels):

Pretty notifications with Unity

As mentioned before, suspend to and resume from RAM works like a charm, out of the box, and the resume is really fast. Hibernate does NOT work. I tested this with “sudo pm-hibernate”, but when I switched the laptop back on, it acted like it was being cold-started.

I tested the webcam and sound setup (speakers and built-in microphone) with the gmail talk plugin and with the cheese application. These both work fine. However, with Skype 2.2.0.35 for Linux, you get the dreaded too-dark webcam image. The often-posted solution of using luvcview to adjust brightness does NOT work. Here’s a better solution: Install v4l2ucp, the video4linux2 universal control panel. Keep this running when you start Skype. If the video is dark, switch the “Exposure, Auto Priority” off and then back on again. This solves the problem on my setup (built-in WebCam SCB-1100N). Whenever you startup Skype’s video capturing again, it manages to screw up the setting, so you have to retoggle it with v4l2ucp unfortunately.

The touchpad can be easily configured for two-finger scrolling, but not for three-finger gestures like it can be on Windows.

The touchpad configuration dialogue.

USB tethering with my Android-powered (CyanogenMod 7.1) HTC Desire Z works like a charm. I connect the USB cable, activate USB tethering on the telephone, and my laptop is online. This definitely qualifies as a Just Works(tm), and it seems to connect a whole lot faster than Windows 7 does.

Conclusions

When I bought this laptop, I had resigned myself to not being able to use it for Linux, for the largest part due to NVIDIA Optimus. However, due to the efforts of the Bumblebee people, and also due Ubuntu 12.04 as a whole with the multi-monitor support being a highlight, my verdict is that this laptop is a great buy also when you’re planning to go exclusively Linux.

More resources

  • My gnome-terminal uses the Solarized colour scheme from here, and my vim (both console and gnome) are using the setup from the main Solarized repository.

Updates

  • August 27, 2012: Updated fix for brightness controls.
  • June 14, 2012: Added warning about the default home encryption being completely broken.
  • May 6, 2012: Added USB tethering.
  • May 4, 2012: Added the Unity Launcher icon grouping bug fix.
  • May 3, 2012: Added the multi-monitor section after testing with my HDMI Sony TV. Added solution for dark webcam capture in Skype. Also, thanks to Ladislav Bodnar, host of DistroWatch.com, this review is now linked from the Ubuntu page.

Fix for blurry photos on HTC Desire Z

As you know, we here at VXLabs are of the educated opinion that the HTC Desire Z is an absolutely brilliant telephone. However, recently we noticed that some of our phones (at least two) started producing very blurry photos. See this test picture of my microwave for example:

Blurry-appearing microwave, in reality quite sharp!

This is of course quite irritating, especially in a phone that is otherwise sheer brilliance. No amount of moist-cloth lens cleaning could improve the results. Fortunately I came across this forum thread, where it was suggested either to replace the whole phone back plate including lens, or to have the phone repaired by the service centre, or to clean the lens with a q-tip and some toothpaste. The first two options either costing money or requiring a telephone still within its guarantee were quickly eliminated. Although the third option, suggested by forum user allanl-o, sounds strange, we wanted to explore it, for science’s sake of course. As an aside, the lenses of our two test telephones as well as that of the thread started looked like this (picture courtesy of xudsa II USERT, the thread started):

What your lens probably looks like if you’re taking really blurry pictures.

It seems that there’s some kind of coating that has started to flake off. In any case, it turns out that the mild abrasive in the tooth paste and a minute of two’s rubbing with a q-tip is just enough to clean up the glass in front of the lens completely, resulting in mega sharp photos again. Look at my microwave, now as sharp in the photo as it is in reality:

Microwave, sharp in reality and in the photo!

We’ve performed this procedure on two different HTC Desire Z phones, in both cases with great results. Let us know in the comments if this worked for you!