https://wiki.archlinux.org/api.php?action=feedcontributions&user=Tjanson&feedformat=atomArchWiki - User contributions [en]2024-03-28T18:53:55ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=TrueCrypt&diff=212061TrueCrypt2012-07-05T13:54:15Z<p>Tjanson: added a section about the FAT UTF8 mount option, as I had the problem myself, and other will likely appreciate the solution here</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:File systems]]<br />
'''TrueCrypt''' is a free open source on-the-fly encryption (OTFE) program. Some of its features are:<br />
* Virtual encrypted disks within files that can be mounted as real disks.<br />
* Encryption of an entire hard disk partition or a storage device/medium.<br />
* All encryption algorithms use the LRW mode of operation, which is more secure than CBC mode with predictable initialization vectors for storage encryption.<br />
* "Hidden volumes" within a normal "outer" encrypted volume. A hidden volume can not be distinguished from random data without access to a passphrase and/or keyfile.<br />
<br />
== Installation ==<br />
Type as root in a terminal:<br />
# pacman -S truecrypt<br />
If you use any kernel other than {{Pkg|linux}} install the corresponding kernel module.<br />
<br />
If you are using truecrypt to encrypt a virtual filesystem (e.g. a file), the module will be automatically loaded whenever you run the {{ic|truecrypt}} command. Add it to the MODULES array in /etc/rc.conf.<br />
<br />
If you are using truecrypt to encrypt a physical device (e.g. a hard disk or usb drive), you will likely want to load the module during the boot sequence:<br />
<br />
Add the module to /etc/rc.conf:<br />
MODULES=('''truecrypt''' ...)<br />
<br />
{{Note | It does not appear that loading a module applies with TrueCrypt 7.0a, the current version in Arch as of 4/19/2011. The above advice may be outdated with respect to the module, however it is still important to enable {{ic|fuse}}, {{ic|loop}} and your encryption algorithm (e.g. {{ic|AES}}, {{ic|XTS}}, {{ic|SHA512}}) in custom kernels.}}<br />
<br />
== Encrypting a file as a virtual volume ==<br />
The following instructions will create a file that will act as a virtual filesystem, allowing you to mount it and store files within the encrypted file. This is a convenient way to store sensitive information, such as financial data or passwords, in a single file that can be accessed from Linux, Windows, or Macs.<br />
<br />
To create a new truecrypt file interactively, type the following in a terminal:<br />
$ truecrypt -c<br />
<br />
{{Box Note | This command will not work in newer version of truecrypt. Type "truecrypt" instead and manage your encrypted volumes from the GUI or specify the necessary options to work in the command line. (truecrypt -h)}}<br />
<br />
Follow the instructions, choosing the default values unless you know what you are doing:<br />
<br />
Volume type:<br />
1) Normal<br />
2) Hidden<br />
Select [1]: 1<br />
<br />
Enter file or device path for new volume: /home/user/myEncryptedFile.tc<br />
<br />
Enter volume size (bytes - size/sizeK/sizeM/sizeG): 32M<br />
<br />
Encryption algorithm:<br />
1) AES<br />
2) Blowfish<br />
3) CAST5<br />
4) Serpent<br />
5) Triple DES<br />
6) Twofish<br />
7) AES-Twofish<br />
8) AES-Twofish-Serpent<br />
9) Serpent-AES<br />
10) Serpent-Twofish-AES<br />
11) Twofish-Serpent<br />
Select [1]: 1<br />
<br />
Hash algorithm:<br />
1) RIPEMD-160<br />
2) SHA-1<br />
3) Whirlpool<br />
Select [1]: 1 <br />
<br />
Filesystem:<br />
1) FAT<br />
2) None<br />
Select [1]: 1<br />
<br />
Enter password for new volume '/home/user/myEncryptedFile.tc': *****************************<br />
Re-enter password: *****************************<br />
<br />
Enter keyfile path [none]: <br />
<br />
TrueCrypt will now collect random data.<br />
Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]: <br />
Please move the mouse randomly until the required amount of data is captured...<br />
Mouse data captured: 100% <br />
<br />
Done: 32.00 MB Speed: 10.76 MB/s Left: 0:00:00 <br />
Volume created.<br />
<br />
[user@host:~] $<br />
<br />
You can now mount the new encrypted file to a previously-created directory:<br />
$ truecrypt /home/user/myEncryptedFile.tc /home/user/myEncryptedFileFolder<br />
<br />
'''''Note:''' Truecrypt requires root privileges and as such, running the above command as a user will attempt to use ''{{Ic|sudo}}'' for authentication. To work with files as a regular user, please see the appropriate section below.<br />
<br />
Once mounted, you can copy or create new files within the encrypted directory as if it was any normal directory. When you are you ready to re-encrypt the contents and unmount the directory, run:<br />
$ truecrypt -d<br />
<br />
Again, this will require administrator privileges through the use of {{Ic|sudo}}.<br />
<br />
For more information about truecrypt in general, run:<br />
$ man truecrypt<br />
<br />
Several options can be passed at the command line, making automated access and creation a simple task. The man page is highly recommended reading.<br />
<br />
== Encrypting a physical volume ==<br />
If you want to use a keyfile, create one with this command:<br />
truecrypt --create-keyfile /etc/disk.key<br />
By default both passphrase and key will be needed to unlock the volume.<br />
<br />
Create a new volume in the device /dev/sda1:<br />
truecrypt --type normal -c /dev/sda1<br />
<br />
Map the volume to /dev/mapper/truecrypt1:<br />
truecrypt -N 1 /dev/sda1<br />
<br />
If this command does not for you try this to map the volume:<br />
truecrypt --filesystem=none --slot=1 /dev/sda1<br />
<br />
If you want to use another file system than ext3 simply format the disk like you normally would, except use the path /dev/mapper/truecrypt1.<br />
mkfs.ext3 /dev/mapper/truecrypt1<br />
<br />
Mount the volume:<br />
mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount a volume:<br />
truecrypt /dev/sda1 /media/disk<br />
<br />
Unmount and unmap a volume:<br />
truecrypt -d /dev/sda1<br />
<br />
== Creating a hidden volume ==<br />
First, create a normal outer volume as described above.<br />
<br />
Map the outer volume to /dev/mapper/truecrypt1:<br />
truecrypt -N 1 /dev/sda1<br />
<br />
Create a hidden truecrypt volume in the free space of the outer volume:<br />
truecrypt --type hidden -c /dev/sda1<br />
You need to use another passphrase and/or keyfile here than the one you used for the outer volume.<br />
<br />
Unmap the outer truecrypt volume and map the hidden one:<br />
truecrypt -d /dev/sda1<br />
truecrypt -N 1 /dev/sda1<br />
Just use the passphrase you chose for the hidden volume and TrueCrypt will automatically choose it before the outer.<br />
<br />
Create a file system on it (if you have not already) and mount it:<br />
mkfs.ext3 /dev/mapper/truecrypt1<br />
mount /dev/mapper/truecrypt1 /media/disk<br />
<br />
Map and mount the outer volume with the hidden write-protected:<br />
truecrypt -P /dev/sda1 /media/disk<br />
<br />
==Mount a special filesystem==<br />
In my example I want to mount a ntfs-volume, but truecrypt does not use ntfs-3g by default (so there is no write access; checked in version 6.1).<br />
The following command works for me:<br />
truecrypt --filesystem=ntfs-3g --mount /file/you/want/to/mount<br />
You may also want to mount ntfs volume without execute flag on all files<br />
truecrypt --filesystem=ntfs-3g --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002<br />
== Mount volumes via fstab ==<br />
First of all, we need to write a script which will handle the way mounting via fstab is done. Place the following in {{ic|/sbin/mount.truecrypt}}:<br />
<br />
#!/usr/bin/env sh <br />
DEV="$1"<br />
MNTPT="$2"<br />
OPTIONS=""<br />
TCOPTIONS=""<br />
shift 3<br />
IFS=','<br />
for arg in $*; do<br />
if [ "${arg}" == "system" ]; then<br />
TCOPTIONS="${TCOPTIONS}-m=system "<br />
elif [[ "${arg}" == fs=* ]]; then<br />
FS=${arg#*=}<br />
TCOPTIONS="${TCOPTIONS}--filesystem=${FS} "<br />
else<br />
OPTIONS="${OPTIONS}${arg},"<br />
fi<br />
done<br />
truecrypt ${DEV} ${MNTPT} ${TCOPTIONS% *} --fs-options="${OPTIONS%,*}"<br />
<br />
Also do not forget to make the file executable:<br />
<br />
chmod +x /sbin/mount.truecrypt<br />
<br />
Finally, add the device to fstab somewhat like this:<br />
<br />
/dev/sdb3 /mnt truecrypt fs=vfat,defaults 0 0<br />
<br />
==Mount volumes as a normal user==<br />
<br />
TrueCrypt needs root privileges to work: this procedure will allow normal users to use it, also giving writing permissions to mounted volumes.<br />
<br />
Both methods below require [[Sudo]]. Make sure it is configured before proceeding.<br />
<br />
===Method 1 (Add a truecrypt group)===<br />
<br />
Create a new group called truecrypt and give it the necessary permissions. Any users that belongs to that group, will be able to use TrueCrypt.<br />
# groupadd truecrypt<br />
<br />
Edit the sudo configuration:<br />
# visudo<br />
<br />
Append the following lines at the bottom of the sudo configuration file:<br />
# Users in the truecrypt group are allowed to run TrueCrypt as root.<br />
%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
You can now add your users to the truecrypt group:<br />
# gpasswd -a USER_1 truecrypt<br />
# gpasswd -a USER_2 truecrypt<br />
...<br />
<br />
'''''Note:''' In order to make these changes active, any user that has been added to the truecrypt group have to logout.''<br />
<br />
After that, you can mount your device by<br />
<br />
# truecrypt --mount /PATH/TO/DEVICE /PATH/TO/MOUNTPOINT<br />
<br />
Default mountpoint is ''/media/truecrypt1''. Normally, it is not necessary to explicitly specify the filesystem of your device using the ''--filesystem'' flag.<br />
<br />
It is definitely reasonable to give truecrypt some permission masks. Otherwise, every file on your mounted device will be executable. So instead of the above, you can use<br />
<br />
# truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount /PATH/TO/DEVICE /PATH/TO/MOUNTPOINT<br />
<br />
and add this line to your bash configuration file, ''~/.bashrc'' as an alias:<br />
<br />
alias tc1='truecrypt --fs-options=users,uid=$(id -u),gid=$(id -g),fmask=0113,dmask=0002 --mount /PATH/TO/DEVICE /PATH/TO/MOUNTPOINT'<br />
<br />
To mount this specific device, use<br />
<br />
# tc1<br />
<br />
as a normal user.<br />
<br />
===Method 2 (sudo simplified)===<br />
Simply enable desired user to run truecrypt without a password:<br />
# visudo<br />
<br />
Append the following:<br />
USERNAME ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
alternatively, if you make use of the wheel group:<br />
%wheel ALL = (root) NOPASSWD:/usr/bin/truecrypt<br />
<br />
If you have any difficulties with permissions as a normal user, just add the '-u' flag to the truecrypt mount command, for example:<br />
$ truecrypt -u /home/user/myEncryptedFile.tc /home/user/myEncryptedFileFolder<br />
<br />
===Automatic mount on login===<br />
Simply add <br />
$ truecrypt /home/user/myEncryptedFile.tc /home/user/myEncryptedFileFolder <<EOF<br />
password<br />
EOF<br />
to your startup procedure. Do not use the -p switch, this method is more secure. Otherwise everyone can just look up the password via [[ps]] and similar tools, as it is in the process name! [http://thoughtyblog.wordpress.com/2009/07/05/truecrypt-linux-hide-password-from-ps/ source]<br />
<br />
==Safely unmount and unmap volumes (on shutdown)==<br />
You can unmount a specific device by<br />
<br />
# truecrypt -d /PATH/TO/MOUNTPOINT<br />
<br />
or leave away the path to unmount all truecrypt volumes.<br />
<br />
If you want your truecrypt device to be unmounted automatically at shutdown, add the following to the file ''/etc/rc.local.shutdown'':<br />
<br />
/usr/bin/truecrypt -d<br />
sleep 3<br />
<br />
You can also leave away the ''sleep'' command, it is just to give the unmounting some time to complete before the actual shutdown.<br />
<br />
==Errors==<br />
===TrueCrypt is already running===<br />
If a messagebox ''TrueCrypt is already running'' appears when starting TrueCrypt, check for a hidden file in the home directory of the concerned user called ''.TrueCrypt-lock-username''. Substitute ''username'' with the individual username. Delete the file and start TrueCrypt again.<br />
<br />
===Deleted stale lockfile===<br />
If you always get a message "Delete stale lockfile [....]" after starting Truecrypt, the Truecrypt process with the lowest ID has to be killed during Gnome log out. A user in the Ubuntuforum provided the following solution: edit<br />
/etc/gdm/PostSession/Default <br />
and add the following line before exit 0:<br />
kill `ps -ef | grep truecrypt | tr -s ' ' | cut -d ' ' -f 2`<br />
<br />
===Issues with Unicode file / folder names ===<br />
====NTFS====<br />
Should files resp. folders containing Unicode characters in their names be incorrectly or not at all displayed on TrueCrypt NTFS volumes (while e. g. being correctly handled on non-encrypted NTFS partitions), first verify that you have the [[NTFS-3G]] driver installed and then create the following symlink as root:<br />
ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs<br />
That will cause TrueCrypt to automatically use this driver for NTFS volumes, having the same effect as the explicit use of<br />
truecrypt --filesystem=ntfs-3g /path/to/volume<br />
via the console.<br />
<br />
One may also consider setting e. g.<br />
rw,noatime<br />
amongst other options in the TrueCrypt GUI (Settings → Preferences → Mount Options).<br />
<br />
====FAT====<br />
Similarly, FAT32 volumes created using Windows may use Unicode rather than ISO 8859-1. In order to use UTF-8, set the mount option<br />
iocharset=utf8<br />
when mounting such volumes, or globally as described above.<br />
<br />
===Unmount error (device mapper)===<br />
If you always get a message "device-mapper: remove ioctl failed: Device or resource busy" when attempting to dismount your truecrypt volume, the solution is to goto: Setting > Preferences > System Integration > Kernel Service and check the box<br />
Do not use kernel cryptographic services<br />
{{Note|I have only seen this with a truecrypt partition. Not with a truecrypt file.}}<br />
<br />
===Failed to set up a loop device===<br />
If you get a message "Failed to set up a loop device" when trying to create/mount a TrueCrypt volume, it may be because you updated your kernel recently without rebooting.<br />
Rebooting should fix this error.<br />
<br />
Otherwise, check if {{ic|loop}} has been loaded as kernel module:<br />
<br />
lsmod | grep loop<br />
<br />
If not listed, retry the TrueCrypt command after {{ic|modprobe loop}}. Should it work, consider to add {{ic|loop}} to the MODULES array in {{ic|/etc/rc.conf}}.<br />
{{Note|As of udev 181-5, the loop device module is no longer auto-loaded, and the procedure described here is necessary.}}<br />
<br />
==Related links==<br />
* [http://www.truecrypt.org/ TrueCrypt Homepage]<br />
* [http://en.gentoo-wiki.com/wiki/TrueCrypt HOWTO: Truecrypt Gentoo wiki]<br />
* [http://www.howtoforge.com/truecrypt_data_encryption Truecrypt Tutorial on HowToForge]</div>Tjansonhttps://wiki.archlinux.org/index.php?title=Laptop&diff=188693Laptop2012-03-10T20:38:13Z<p>Tjanson: fixed heading hierarchy</p>
<hr />
<div>[[Category:Laptops (English)]]<br />
{{i18n|Laptop}}<br />
== Setting Up For Laptops ==<br />
This page should contain links to pages needed for configuring a laptop for the best experience. Setting up a laptop is in many ways the same as setting up a desktop. However, there are a few key differences. When setting up a laptop with Arch Linux, the following points should be taken into consideration:<br />
<br />
* [[#Power Management]] Power Management for laptops refers to optimizing the system to last as long as possible on a single battery charge. This can be accomplished by a variety of tweaks.<br />
** [[#Suspend and Hibernate]] : the operating system can be manually suspended either to memory or to disk, allowing for an (almost) complete shutdown of other hardware.<br />
** Hard drive spindown : the system can be configured to automatically turn off the hard disk after a specified interval of inactivity.<br />
** Screen shut off : the laptop screen can be configured to automatically turn off after a specified interval of inactivity (not just blanked with a screensaver but completely shut off).<br />
** CPU frequency scaling : the processor(s) can be configured to automatically step down to a lower frequency at lower loads.<br />
<br />
* [[#Screen brightness]]. How do I manage screen brightness?<br />
* Network and wireless setup is described in [[Wireless Setup]].<br />
* Media buttons can be configured as described in [[Extra Keyboard Keys]].<br />
* [[#Touchpad]] sensitivity, acceleration, button function and scroll borders can be configured for some (Synaptics or Alps) touchpads.<br />
* [[#Hard disk shock protection]] <br />
<br />
All of these points are important to take into consideration when getting a laptop set up the way you like. Fortunately, Arch Linux provides all the tools and programs necessary to take complete control of your laptop. These programs and utilities are highlighted below, with appropriate tips tutorials.<br />
<br />
Note: the following links may be useful:<br />
<br />
* [http://www.linux-on-laptops.com/ http://www.linux-on-laptops.com/]<br />
* [http://www.linlap.com/ http://www.linlap.com/]<br />
<br />
== Power Management ==<br />
Power management is very important for anyone who wishes to make good use of their battery capacity. The following tools and programs help to increase battery life and keep your laptop cool and quiet.<br />
<br />
=== Battery State Monitoring Utilities ===<br />
<br />
Battery state can be read using ACPI utilities from the terminal.<ref>ACPI is an industry specification for power management interfaces that is supported in the kernel and exposed via /proc or /sys.</ref> The command line utilities that ACPI functionality is provided via the {{Pkg|acpi}} package. A simple battery monitor that sits in the system tray is {{AUR|batterymon}} which can be found in the [[Arch User Repository|AUR]].<br />
<br />
{{Tip|More information can be found in the [[ACPI modules]] article.}}<br />
<br />
=== Suspend and Hibernate ===<br />
<br />
Manually suspending the operating system, either to memory (standby) or to disk (hibernate) sometimes provides the most efficient way to optimize battery life, depending on the usage pattern of the laptop. While there is relatively straightforward support in the linux kernel to support these operations, typically some adjustments have to made before initiating these operations (typically due to problematic drivers, modules or hardware). The following tools provide wrappers around the kernel interfaces to suspend/resume :<br />
<br />
* [[Acpid]]<br />
* [[Pm-utils]]<br />
* [[Uswsusp]]<br />
<br />
which are described in more detail in [[Suspend]].<br />
<br />
=== Automatic tweaks for battery life ===<br />
<br />
As opposed to manually initiated actions like suspend/hibernate, a number of tweaks can be made to prolong the battery life of the laptop under low/idle usage.<br />
<br />
<br />
* [[CPU Frequency Scaling|cpufrequtils]] provides CPU frequency scaling, a technology used primarily by notebooks which enables the OS to scale the CPU frequency up or down, depending on the current system load and/or power scheme.<br />
* [[Laptop Mode Tools]] provides a comprehensive suite of tools to tweak a large number of power saving settings through well documented config files.<br />
* [http://www.lesswatts.org/projects/powertop/ PowerTOP] is a handy utility from Intel that displays which hardware/processes are using the most power on your system, and provides instructions on how to stop or remove power-wasting services. Works great for mobile Intel CPUs; provides the current CPU state and suggestions for power saving. Also works on AMD systems, but does not provide as much information about the CPU state.<br />
* [[Powernowd]] is a program for powering down CPUs dynamically, which can be run either on an AMD-based system or an Intel-based system. However, cpufrequtils detailed above provides a more modern alternative, as seen by the fact that powernowd was created before the ondemand governor existed.<br />
<br />
Some of these tweaks are specific to certain makes.<br />
* [[Asus_G1#The_Lapsus_daemon_.26_KDE_applet|Lapsus]] is a set of programs providing easy access to many features of various laptops. It currently supports most features provided by asus-laptop kernel module from ACPI4Asus project, such as additional LEDs, hotkeys, backlight control etc. It also has support for some IBM laptops features provided by IBM ThinkPad ACPI Extras Driver and NVRAM device.<br />
* Battery tweaks for Thinkpads can be found in the [[tp_smapi]] article.<br />
* [[TLP]] for Thinkpads is a set of scripts, which set many powersaving options according to the current Powersource. [[TLP]] is intended to be used on Thinkpads, but most settings should work on other laptops too.<br />
<br />
===Other tweaks===<br />
{{Note|Not only are the following tweaks _may_ not needed if using one of the more comprehensive suites such as [[Laptop Mode Tools]] or [[Pm-utils]]}}<br />
<br />
====PCI-e ASPM====<br />
On some laptops, powertop suggests enabling the {{ic|CONFIG_PCIEASPM}} kernel option. It can be found under "Bus options (PCI etc.)"->"PCI Express ASPM support". This option is marked as experimental in the current kernel (2.6.35) and allows the PCI-e links to enter a power saving state. <br />
<br />
According to [http://www.lesswatts.org/projects/devices-power-management/pcie.php], this option might degrade performance a bit, but on an Acer 3820TG laptop, it can reduce power consumption by about one third or even more.<br />
<br />
More experience with this setting would be appreciated, so please share them [https://bbs.archlinux.org/viewtopic.php?id=107173 here]!<br />
<br />
It seems like the option is going to be enabled by default in kernel 2.6.36; if so, the information here will be obsolete soon. However, if your system should be able to make use of this power management feature but you are receiving messages like like the following (check {{ic|/var/log/everything.log*}}):<br />
<br />
disabling ASPM on pre-1.1 PCI-e device. You can enable it with 'pcie_aspm=force'<br />
<br />
then add {{ic|pcie_aspm<nowiki>=</nowiki>force}} to your kernel command line.<br />
<br />
====Granola====<br />
[http://aur.archlinux.org/packages.php?ID=36841 Granola] is a daemon that monitors the cpu usage and uses the cpufreq-userspace module to lessen power usage without any noticeable difference in performance.<br />
To use it, first install from the AUR:[http://aur.archlinux.org/packages.php?ID=36841], the default settings will work for most setups.<br />
You will need to load the cpufreq_userspace module, as well as the cpufreq scaling governor for your CPU at startup.<br />
Edit {{ic|/etc/rc.conf}}:<br />
For most generic cpus:<br />
<br />
MODULES=( ... cpufreq_userspace acpi-cpufreq ... )<br />
<br />
For Intel Atom or Pentium 4 cpus:<br />
<br />
MODULES=( ... cpufreq_userspace p4_clockmod ... )<br />
<br />
Then add Granola to the DAEMONS array:<br />
<br />
DAEMONS=( ... granola ... )<br />
<br />
and reboot. <br />
<br />
To test if it worked, run:<br />
<br />
cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq<br />
#OR<br />
cpufreq-info #if you have cpufreq-utils installed<br />
<br />
and check that the cpu frequency is below maximum.<br />
<br />
====WLAN-device====<br />
When often en route working with your Notebook without WLAN-Access around, it might be expedient to add a little script to your system startup that automatically turns off your WLAN-Hardware to keep it from searching for Access Points and wasting power on this, when not connected:<br />
<br />
#!/bin/bash<br />
<br />
essid="`iwconfig wlan0 | grep ESSID | awk {'print $4'}`"<br />
if [ "$essid" == "ESSID:off/any" ] ; then<br />
sudo iwconfig wlan0 txpower off<br />
fi<br />
[edit, if wlan0 ain't your WLAN-device]<br />
<br />
Start the script according to your DE/WM options by '(sleep xx && /path/to/script)' depending on how long it usually takes to connect to your Access Point, 60 seconds are a good default value. It will check if you're connected, turning off the device if not.<br />
sudo iwconfig wlan0 txpower on<br />
will bring it back up, as, of course, a reboot will.<br />
<br />
==== Disk-related tweaks ====<br />
Disable file access time: every time you access (read) a file the filesystem writes an access time to the file metadata. You can disable this on individual files by using the chattr command, or you can enable it on an entire disk by setting the ''noatime'' option in your fstab, as follows:<br />
<br />
/dev/sda1 / ext3 defaults,noatime 1 2<br />
<br />
[http://www.faqs.org/docs/securing/chap6sec73.html Source]<br />
<br />
:''Note'': disabling atime causes troubles with [[Mutt|mutt]] and other applications that make use of file timestamps. Consider compromising between performance and compatibility by using mount option relatime instead, or look into [http://wiki.mutt.org/?MaildirFormat mutt work-around for noatime].<br />
<br />
To allow the CD/DVD rom to spin down after a while, run the following: <br />
<br />
/usr/bin/hal-disable-polling --device /dev/scd0<br />
<br />
Note, however, that [[HAL]] has long been deprecated.<br />
<br />
Similar functionality is available in the newer [[udisks]]:<br />
<br />
/usr/bin/udisks --inhibit-polling /dev/sr0<br />
<br />
==== More tweaks ====<br />
These are some generic suggestions that will work with most laptops.<br />
<br />
Add the following to {{ic|/etc/modprobe.d/modprobe.conf}}:<br />
<br />
options usbcore autosuspend=1<br />
<br />
Add the following to {{ic|/etc/sysctl.conf}}<br />
<br />
vm.dirty_writeback_centisecs=1500<br />
vm.laptop_mode=5<br />
<br />
{{Note|''laptop-mode-tools'' automatically rewrites these values based on the values {{Ic|LM_BATT_MAX_LOST_WORK_SECONDS}}, {{Ic|LM_AC_MAX_LOST_WORK_SECONDS}} (both multiplied by 100) resp. {{Ic|LM_SECONDS_BEFORE_SYNC}}, which are set in {{ic|/etc/laptop-mode/laptop-mode.conf}}. However, that only happens if the three "Enable laptop mode" variables in the same file are set accordingly — left to 0, it resets the values to kernel defaults (500 / 0) for the corresponding scenario regardless of {{ic|/etc/sysctl.conf}}.}}<br />
<br />
Add the following to {{ic|/etc/rc.local}} (and make sure it gets executed at boot time)<br />
<br />
/usr/sbin/iwpriv your_wireless_interface set_power 5<br />
<br />
Source: [http://www.nervous.it/2007/11/linux-dell-xps-m1330/ here]<br />
<br />
==== Hard drive spin down problem ====<br />
Documented [https://bugs.launchpad.net/ubuntu/+source/acpi-support/+bug/59695 here]<br />
<br />
To prevent your laptop hard drive from spinning down too often (result of too aggressive APM defaults) do the following:<br />
<br />
Add the following to {{ic|/etc/rc.local}}<br />
<br />
hdparm -B 254 /dev/sdX ''where X is your hard drive device''<br />
<br />
You can also set it to 255 to completely disable spinning down. You may wish to set a lower value if you move your laptop around as lower values park the heads more often and reduce the chance of damage to your hard disk while it is being moved. If you do not move your laptop at all when you are using it, then 255 or 254 is probably best. If you do, then you might want to try a lower value. A value like 128 might be a good middle-ground.<br />
<br />
Add the following to {{ic|/etc/pm/sleep.d/50-hdparm_pm}}<br />
<br />
#!/bin/sh<br />
<br />
if [ -n "$1" ] && ([ "$1" = "resume" ] || [ "$1" = "thaw" ]); then<br />
hdparm -B 254 /dev/your-hard-drive > /dev/null<br />
fi<br />
<br />
and run ''chmod +x /etc/pm/sleep.d/50-hdparm_pm'' to make sure it resets after suspend. Again, you can change the value 254 as you see fit.<br />
<br />
Now the APM level should be set for your hard drive.<br />
<br />
For some laptops, the option -S to hdparm can also be relevant (sets the spindown time for the drive). Note that all these options can also be configured using the [[Laptop_Mode_Tools | laptop-mode tools]]. This will allow you to set a high value when on AC and a lower value when you are running on battery power.<br />
<br />
==== Tweaking the scheduler ====<br />
For multicore and hyperthreading-enabled processors you may use ''sched_mc_power_savings'' and ''sched_smt_power_savings'' options respectively to make the scheduler keep idle as many cores as possible. To enable these options you can do<br />
echo 1 > /sys/devices/system/cpu/sched_mc_power_savings<br />
or<br />
echo 1 > /sys/devices/system/cpu/sched_smt_power_savings<br />
Echoing 0 will disable them. Also laptop-mode can be used to control ''shed_mc_power_savings'' (see the appropriate config file in {{ic|/etc/laptop-mode/conf.d}}).<br />
<br />
== Screen brightness ==<br />
To change your display brightness, first check {{ic|/sys/class/backlight}}:<br />
<br />
# ls /sys/class/backlight/<br />
intel_backlight<br />
<br />
So this particular backlight is managed by an Intel card. Keep in mind that different cards might manage this differently! It is called ''acpi_video0'' on an ATI card, for instance.<br />
<br />
Check current value:<br />
<br />
$ cat /sys/class/backlight/intel_backlight/brightness<br />
<br />
In this case, the backlight managed by echoing values into {{ic|/sys/class/backlight/intel_backlight/brightness}}:<br />
<br />
# echo "400" > /sys/class/backlight/intel_backlight/brightness<br />
<br />
If you get a response along the lines of "invalid argument" then you didn't honor the maximum brightness. Obviously you cannot go any higher than your screens maximum brightness. The values for maximum brightness and brightness in general vary wildly among cards. This Intel card, for instance, can go up to 976 while the ATI can go up 9. Obviously these values don't say anything about maximum effective brightness.<br />
<br />
Check your maximum brightness: <br />
<br />
$ cat /sys/class/backlight/intel_backlight/max_brightness<br />
<br />
If your laptop's Fn keys don't work or Gnome/KDE fail to correctly set the brightness using their power daemons, you can try appending '''acpi_backlight=vendor''' to your kernel line in your bootloader.<br />
<br />
== Touchpad ==<br />
To get your touchpad working properly, see the [[Touchpad Synaptics]] page. Note that your laptop may have an ALPS touchpad (such as the DELL Inspiron 6000), and not a Synaptics touchpad. In either case, see the link above.<br />
<br />
== Hard disk shock protection ==<br />
There are several laptops from different vendors featuring shock protection capabilities. As manufacturers have refused to support open source development of the required software components so far, Linux support for shock protection varies considerably between different hardware implementations.<br />
<br />
Currently, two projects, named HDAPS and hpfall, support this kind of protection.<br />
HDAPS is for IBM/Lenovo Thinkpads and hpfall for HP/Compaq laptops<br />
<br />
Just Check [[HDAPS|Hard Disk Active Protection System]].<br />
{{AUR|hpfall}} can be installed from the [[AUR]].</div>Tjanson