Install OpenSuSE to my Thinkpad T60p

Sorry I'm a novice SuSE user:-)

URLs
 http://en.opensuse.org/
 http://ja.opensuse.org/ (japanese info)
 http://suse.nm.land.to/index.php?install
 http://www.it.ecei.tohoku.ac.jp/~dobachi/cgi-bin/wiki/wifky.pl?p=FrontPage
Books
Beginning Suse Linux
はじめてのSUSE Linux 10―「インストール」から各種アプリケーションの「設定」「応用」まで

  • Install

Download DVD image

Reference URLs
 http://en.opensuse.org/Download
 http://en.opensuse.org/Mirrors_Released_Version#Japan

Install
not so difficult. :-)

Update

http://en.opensuse.org/Updating_SUSE_Linux
In Japan, set mirror to JAIST or KDDI (RIKEN mirror does not work)
http://ftp.jaist.ac.jp/pub/Linux/openSUSE/distribution/openSUSE-stable/repo/

  • Setup

Graphics

Install ATI Driver
http://en.opensuse.org/ATI_Driver (I followed this instruction)

OpenGL (TODO?)
Using Xgl on SUSE Linux
http://en.opensuse.org/Using_Xgl_on_SUSE_Linux
http://ja.opensuse.org/Using_Xgl_on_SUSE_Linux (Japanese)

Beryl (TODO?)
http://blog.livedoor.jp/vine_user/archives/50961027.html (Japanese)


Xen
http://en.opensuse.org/Xen
http://en.opensuse.org/Installing_Xen3

Yast2 -> Software -> Software Management
kernel-xen,xen,,,, yast2-vm

reboot

Problem)
Xen Kernel with ATI Driver does not boot.
stop with "Activating Device Mapper" message :-(

References
http://www.ne.jp/asahi/open/gallery/linux/xen/xen3vt/xen3vt.htm (Japanese)
「6.SUSE 10.1 Xen環境でのWindows XP インストール」 がある


Samba
Setup by YaST
yast2->NetworkService->Samba Server

Add users by commandline.
# smbpasswd -a hoge


Disable TouchPad
You can disable the TouchPad by BIOS setup menu.
Or, X11 configuration
http://ubuntu.wordpress.com/2006/03/24/disable-synaptics-touchpad/

Edit /etc/X11/xorg.conf
add Option "SHMConfig" "on" into Section "InputDevice"
then,

$ synclient TouchpadOff=1

Network (still in trouble)

I can't get the DHCP address.
Static IP address works fine.

ifconfig eth0 192.168.0.200
route add default gw 192.168.0.1

Edit resolv.conf
nameserver 192.168.0.1

/etc/networks

http://groups.google.co.jp/group/linux.debian.user/browse_thread/thread/ef583c3d7305efc6





With Xen, I can't configure the network by YaST.

  • Reconfigure

Kernel Rebuild

Download kernel-source-2.6.18.2-34.i586.rpm
$ rpm -i kernel-source-2.6.18.2-34.i586.rpm
$ cd /usr/src/linux-2.6.18.2-34/
$ cp /boot/config-2.6.18.2-34-default .confog
$ make oldconfig
$ make modules_install
$ make install

Or, to build the binary RPM.
Download kernel-source-2.6.18.2-34.rpm from oss-src
$ rpm -ivh kernel-source-2.6.18.2-34.rpm
$ cd /usr/src/packages/SOURCES
$ rpmbuild -ba kernel-default.spec

Reference URLs
http://www.suse.de/~agruen/kernel-doc/

http://kumaneko-sakura.sblo.jp/article/958080.html (Japanese)
RPMの作成方法は熊猫さんが詳しく解説されていました(多謝)

Too add new config, you have to modify/create following files
/usr/src/packages/SOURCES/config.conf (add your config)
/usr/src/packages/SOURCES/config.tar.bz2 (add your config)
/usr/src/packages/SOURCES/series.conf (add your patch)
/usr/src/packages/SOURCES/patches.hoge.tar.bs2 (your patch archive)
/usr/src/packages/SOURCES/kernel-hoge.spec (your spec file)




TPM
The default kernel contains TPM drivers as module. so

$ modprobe tpm_tis

Measured BIOS eventlog is here
/sys/kernel/security/tpm0/

Trusted Grub
There are two patchs
http://www.prosec.rub.de/trusted_grub.html
http://trousers.sourceforge.net/grub.html

TBD

Integrity Measurement Architecture (IMA)

http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html

Download latest patch from
http://sourceforge.net/projects/linux-ima

$ cd /usr/src/linux-2.6.18.2-34/
$ patch -p1 < ibm_ima_7.3_2.6.19.patch

Fix some errors

$ make xconfig

CRYPTO_SHA1=Y
TCG_TPM=Y
TPM_TIS=Y
IMA_MEASURE=Y

Edit Makefile to change the release name

# make modules_install
# make install

Edit /boot/grub/menu.lst, add "ima=1" to kernel commandline
Disable AppArmor(AA) since AA also use the LSM. We can't stack the IMA and AA on LSM.
yast2->AppArmor->Configure->Disable
Edit /etc/fstab to add following line
securityfs /sys/kernel/security securityfs rw 0 0

# reboot

Eventlog located in /sys/kernel/security/ima

note)
If you want to use MAC with IMA. GRSEC or TOMOYOLinux might be work since they do not use the LSM.

  • Troubles

If I use /bin/tcsh as my login shell, Gnome desktop does not start.:-(

In tcsh, to use an autocomplete, use TAB key instead of ESC.

:-)