I needed some new hardware to keep my appointments sorted, my address-database, and things like that, and I wanted those things encrypted. Instead of opting for some smartphone or PDA-type hardware, I decided on the Asus EeePC subnotebook, which costs about the same, or even less than modern smartphones or PDAs.
I got mine from digitec, a german edition, since it wasn’t available in switzerland yet. After playing a bit with the installed Xandros I decided to install Debian, since I found I was lacking packages, and I wanted to encrypt /home anyway. I decided not to change the partition-tables, and to put Debian on /dev/sda1 solely. In xandros, the system was on /dev/sda1, mounted read-only, and /dev/sda2 was a union-mount onto it. In hindsight, this wasn’t a bad choice, I really needed the 2.5GB to compile kernels..
I installed pretty much according to the DebianEeePC Howto and then started compiling my own kernels. You need the AR2425-patch, and the 2.6.24-patch from here: http://madwifi.org/ticket/1679 in order to get the wireless working. Then you’ll probably also want a driver for the ATL2-ethernet-NIC, version 2.0.4 works with 2.6.24.X-kernels. Sadly, the ATL2 only works when loaded as module. And for the special buttons to work, you’ll want to apt-get install eeepc_acpi. Well anyway, what you’ll want is my .config for Asus EeePC.
The xandros on the eeepc boots tremendously fast, most of which can be traced back to their fastinit-initd, which has been reverse-engineered, by the way: fastinit reimplementation. A short look at this and “strings /sbin/fastinit” reveals that it only does the minimun, and starts X as user “user” with just a login shell. Sadly, this does not work if you’re going to encrypt /home with dm-crypt. After looking at some alternatives, I settled on KDM with a pleasant looking-theme on my own, based on Kurumin KDM1 (without girl and swirl).
The login uses pam-mount to automatically do cryptsetup luksOpen for /home. /etc/security/pam_mount.conf.xml needed to get this line added:
<volume fstype="crypt" path="/dev/sda2" mountpoint="/home" />
and /etc/pam.d/kdm and /etc/pam.d/login each got the line
attached at the end.
I had made a backup-copy of the whole flash with dd and nc over the network, so I could just re-use some configfiles such as xorg-conf.
Other noteable specialities are some defaults which make more sense for flash-based systems, like mounting filesystems with noatime. This is my fstab:
proc /proc proc defaults 0 0
/dev/sda1 / ext3 noatime,nodiratime,user_xattr,errors=remount-ro 0 1
tmpfs /var/log tmpfs defaults 0 0
tmpfs /tmp tmpfs defaults 0 0
tmpfs /var/tmp tmpfs defaults 0 0
As for the window manager, I tried out several environments. icewm (was used on xandros), fluxbox, openbox, matchbox and finally xfce4. I’m still not quite satisfied with it.