Handhelds, Linux and Heros

I just received my FSFE Fellowship Smartcard and it took me a while to find out how GnuPG and the Omnikey Cardman 4000 PCMCIA smartcard reader can play together. It looks like there quite some more of thease cheap devices around… so lets write down some lines about how to make it work. The procedure was tested on Ubunty Gutsy but should work on any more or less up to date Debian based system.

You need an up to date kernel 2.6 with the cardman4000_cs driver. Make sure not to have the reader in the PCMCIA slot during boot or suspend - this caused some oopses here.

PC/SC-Lite used by GnuPG does not know how handle the CM4000 directly, but you can use OpenCT as a driver for PC/SC-Lite. So first get root and install the necessary software packges:
apt-get install pcscd pcsc-tools openct
In /etc/openct.conf you need to activate the cm4000 driver - comment in the cm4000 lines to read:
reader cm4000 {
driver = cm4000;
device = pcmcia:/dev/cmm0;
};

After this edit the PC/SC-Lite configuration file /etc/reader.conf.d/openct and activate the OpenCT driver:

FRIENDLYNAME “OpenCT”
DEVICENAME /dev/cmm0
LIBPATH /usr/lib/openct-ifd.so
CHANNELID 0

Start both services:

/etc/init.d/openct start
/etc/init.d/pcscd start

If you insert the reader and a Smartcard pcsc_scan should list a reader and card like this:

fuchs@gibson:~$ pcsc_scan
PC/SC device scanner
V 1.4.9 (c) 2001-2006, Ludovic Rousseau
Compiled with PC/SC lite version: 1.4.2
Scanning present readers
0: OpenCT 00 00

Tue Oct 23 16:35:02 2007
Reader 0: OpenCT 00 00
Card state: Card inserted,
ATR: 3B FA 13 00 FF 81 31 80 45…


Now make it usable as user:

We create a group scard and add the users that should be able to use the card to it.
# addgroup scard
# addgroup <username> scard
Now create a set of udev rules to create the device node with the correct owner and permission settings:

Edit /etc/udev/rules.d/99-gnupg.rules to read:
SUBSYSTEM=="cardman_4000", ACTION=="add", GROUP="scard", MODE="0660"
ACTION==”add”, SUBSYSTEM==”usb_device”, SYSFS{idVendor}==”04e6″, SYSFS{idProduct}==”e003″, GROUP=”scard”, MODE=”0660″
ACTION==”add”, SUBSYSTEM==”usb_device”, SYSFS{idVendor}==”04e6″, SYSFS{idProduct}==”5115″, GROUP=”scard”, MODE=”0660″

This should cover the permissions for USB CCID readers as well.

If you insert the reader again you should get a device like this:

crw-rw---- 1 root scard 252, 0 2007-10-23 15:43 /dev/cmm0
Finally log out your user, log in again to make the group changes become active and check if it works. gpg should print out some lcard inflormation like this:
fuchs@gibson:~$ gpg --card-status
gpg: detected reader `OpenCT 00 00′
Application ID …: D276000124010101000100000D0E0000
Version ……….: 1.1
Manufacturer …..: PPC Card Systems
Serial number ….: 00000D0E
Name of cardholder: Florian Boor
…

If this doesn’t work confgure gpg not to use gpg-agent, I have read some reports that this might cause trouble in combination with Smartcards. This whole text was written from memory, I might have missed some important step - bug reports and additions are very welcome.

Enjoy!

References:

[1] FSFE Cardreader Howto: http://www.fsfe.org/en/card/howto/card_reader_howto_udev

[2] OpenCT Wiki: http://www.opensc-project.org/openct/wiki/cardman

Its quite some time ago since I managed to write down some lines about what’s going on here… so here a few bits that might be interesting in a few lines:

My open source activities are currently focused on getting some releases out in order to prepare new releases of GPE and GPE Phone edition. Today I released gpe-applauncher 0.9 which comes with one important new feature: Easy to use hotkey management. You can define applications to be launched on a certain keypress or internal functions to be triggered in a simple ini-like configuration file. That makes it much easier to adapt gpe-applauncher to various devices with all different button layouts.

Another activity is playing around with different UIs for gpe-applauncher - I hacked a widget for an extremely simple list-based launcher, but I’m not yet happy with it. You should be able to guess from the screenshot how it is intended to work:

Sorry no BLING yet, but maybe some time in future… ;-)

Another one of todays releases is machined which supplies device specific data (currently only battery and charger information) via DBus to applications. I guess I’ll add some more features… but it is not intended to replace HAL - its meant to be a specialized tool for G(PE)² and maybe GPE too. The main focus of machined is to keep it small and simple.

Apart from these releases I’m trying to get rid of a real monster: A DEC LPS20 turbo printserver… if someone is interested in spare parts for such a machine, please let me know before Wednesday. And no, there is no chance that I ship this one anywhere:-)

Some more nice things that happened lately:

Graham built up to date Maemo (770 and N800) packages from GPE SVN. They can be found here. These include gpe-filemanager and Starling (the GPE audio player) now as well as latest libmimedir.

Goxboxlive published an experimental G(PE)² image for the HTC Universal which is available here together with quite al

Just a small update:

The handhelds.org mailinglist archive has the initial thread about GPE wich gives us quite some interesting information:

• The term GPE was not used by George France first.
• GPE was not even started at handhelds.org
• The first GPE website ever made is still there - of course now pointing to gpe.linuxtogo.org

I might happen some accident to that archive in near future… but well, there are quite some copies around. :)
We heared the argument that hh.org was a big product and GPE was just a part from it… well, the handhelds.org website does say something different. It lists GPE among the projects:

Some days ago a friendly colleague notified me that Mr. France registered trademarks for some community projects. At least GPE, Opie and IPKG are affected. It looks like some handhelds.org administrators believe that they personally own the projects that are or were hosted there.

Unluckily Mr. France started to work with these trademarks already even if they are not assigned yet:

• The OpieII project had to change its name.
• Contributors were threatened and urged to give up the name GPE
• The GPE IRC channel (#gpe) at freenode.net was hijacked
• Freenode staff members were threatened when they decided to give #gpe back

I just wonder what they intend to do with the distributions using IPKG (like Ångström and OpenZaurus).

Here are links to the trademark entries for Opie and GPE on the USPTO website.

One fact that raised my attention is that the entries at the USPTO server says that George France was the owner of these trademarks but http://handhelds.org/legal differs from that.

There is a thread about this topic at the Opie mailinglist starting with this message.
Finally the really interesting question: How do we get the affected projects out of this situation? Or maybe even more important: How can we reduce the risk for something like this happening again?

One idea might be to object the trademark - everyone who wants to help could send an email to the USPTO trademark assistance center (that is at TrademarkAssistanceCenter@uspto.gov) Or just send them a postcard - the snailmail address is here.Google is quite useful if you want to show up that the name GPE was used before the date mentioned in the file. For the history of the name ‘Opie’ just refer to the linked mailinglist thread above.

Sorry… i have to complain a little bit again.

It sounds unbelievable, but i was locked out from the handhelds.org open source platform one week ago. So how did that happen?

After GPE finally moved to its new hosting location (see http://gpe.linuxtogo.org) i published a short story about this and to say “thank you” to all the people who worked on handhelds.org in the last few years. Obviously George (who is the current boss of handhelds.org Inc.) doesn’t seem to be able to appreciate this. He deleted my message from the website and disabled my accounts. For “investigations” he told me… eh us he disabled Nils’ account too for no reason. Well… i can live with the fact that he did not like we moved away with GPE and its ok for me if he does not appreciate if i thank him, but censoring my message and locking out people bindly is a little bit violent. But before i get really annoyed i just stop this and publish my announcement from hh.org here again:

GPE finally moved to its new hosting location at linuxtogo.org. We have several new services and improvements to make it easier to get in touch with GPE, to use and to join the project. Just visit us at http://gpe.linuxtogo.org and the GForge project page located here.

Even after quite some bad words related to this move we would like to say “thank you” for hosting and support in the last five years.

Without handhelds.org GPE simply would not exist and i guess that there are quite some more project members who can say the same about their projects and even more in future.

Well… Nils found some better words:
http://handhelds.org/pipermail/gpe/56/5688.html

IRIX is dead, right? Well… even if it isn’t most of the software for it is quite old-fashioned or just outdated. Time to try Linux on it again :-)
I installed Debian to my SGI Octane about one and a half year ago already, but it was not that useful because at this time the kernel port was at a quite early stage.

With the patches from the port website and the Linux-MIPS kernel releases i was able to build a 2.6.14 kernel. The patches seem to be against a slightly older kernel tree so that i had to fix some minor issues manually. The kernel works without any trouble, except of the fact that udev from Debian Sid does not like it because it is too old.

The XImpactSR driver from the port website needed a little bit of love to build with the new X11R7.1 headers and autotools. I made a small package that sould build out of the box with latest xorg-dev (1:7.1.0-1) from Debian unstable. It is available here: http://www.linuxtogo.org/~florian/files/xf86-video-impact-4000.tar.bz2

To make this long story short: It worked right out of the box.

Many thanks to Stanislaw Skowronek who did a really great job porting Linux to this device. Gnome works pretty well and faster than expected… even without for the really nice 3D features of the machine it is quite impressive how Open Source makes a useful (but loud) workstation from this heavy old piece of hardware.

I always wondered why cellphone manufacturers using Linux for their devices do not release the kernel sources like they are expected to do. Yes there are actually quite some of them - just check linuxdevices.com. Now i found a good reason for this strange (and not really legal) behaviour:

The story began with the idea to find a device to start developing cellphone specific applications on. Of course it needs to be one running Linux. I have several smartphones laying around, but it turned out that it seems to be impossible to get the kernel sources for the Linux running ones and Linux support for the non-native Linux ones is not yet ready for cellphone use. After spending hours searching for a device that is acually available including kernel sources i end up in getting a Motorola A780. There is a quite active community around this device and even better: There is a project to create a complete free software stack for this device including an up to date Linux 2.6 already. (see http://www.openezx.org).

Because the port of the new kernel is in a quite early stage i decided to start with the original Motorola 2.4.20 one released at opensource.motorola.com. The idea was just to build a kernel image that uses a partition on the SD card as root filesystem and run this via boot_usb. In this way you can have a development filesystem without installing anything to the internal flash. Sounds easy, eh?

I knew the this kernel was a Montavista hacked one… these are known to be ugly, but it can’t be that bad, i thought…. they are a big and successful company. It didn’t take long to find out that the sources were incomplete. I applied a small patch… created a missing link to a header file, removed some drivers from the configuration and wondered what had happened to all the documentation that can be usually found in a kernel source tree. The resulting kernel image crashed instantly… did you read ‘Snow Crash’? - Then you know how it looked like.

A pile of slightly differen kernel images with the same result and several (successful!) tests by other developers i gave up on boot_usb and flashed the kernel to the device. It started - before that i couldn’t imagine that i would be happy to see the Montavista logo on a screen. ;-) Well the fun was over when i noticed that the kernel just freezed after initializing the RTC. Five compilers and some hacking around i found out the reason for this odd behaviour: I had disabled the camera driver because of some lacking files… after i found these in the older 2.4.17 source tree i enabled the camera again and the kernel booted until mounting of the root filesystem should happen.

Of course this didn’t work… same like NFS root using the USBD driver. The USBD sources didn’t offer a way to switch away from cdc_acm to cdc_ethernet but when i tried to get rid of USBD at all and use the upstream cdc_ethernet driver it turned out that some functions of it were used in a completely different place in the kernel. Yes, some developer must have loved “extern” :-( The module using these functions was used to change the USB mode - i felt lucky and so did the kernel - networking started to work after using the correct command line switch.

Unluckily “init” did not like the kernel and died very fast. After i managed to convince the kernel to wait for the SD card appear i was able to reproduce the same behaviour with the root filesystem on SD. Note that the filesystem is fine - with 2.6 it starts up and even X works fine. I’m not sure how this story continues… oh right, one more nice thing: In both published original kernels ‘menuconfig’ is broken. It starts with an error message and the menu is not updated if Config.in fils are changed. I really love to see things like

Preparing scripts: functions, parsing../MCmenu0: line 133: syntax error near unexpected token `}’

… not speaking about the ugly warnings during build.

Maybe they should have asked someone who knows about Linux?

Sometimes i am really happy what OpenEmbedded can do for us… after adding some iPAQ specific bits to the OpenZaurus 354x branch i was able to build a GPE based OpenZaurus 3.5.4.1 filesystem image for the iPAQ h3900 platform. It is expected to work on all h39xx and h5xxx iPAQ models. I tested it successfully on a h5550. There are some rough edges but for for just moving a distribution to a new platform its quite impressive. Compared to Familiar it feels a little bit faster and its more up to date even if some of the latest GPE bits didn’t make it into the relase.

If someone is interested in trying it - i uploaded a slightly modified image and a (finally) working OZ (softfloat) toolchain to this location:

http://linuxtogo.org/~florian/index.php?path=oz-ipaq/

If more people are interested in this it might be worth to keep the iPAQ support in OZ up to date. Feedbacks really welcome - for chats you can catch me in #gpe and #linuxtogo at freenode.net.

Enjoy!

Linux-To-Go - our new development and community platform is ready to use. It is a community driven and administrated site to provide services for Linux related and other Open Source projects on mobile devices.

The basic idea of Linux-To-Go is to create a transparent and independent platform for Open Source software development and easy information exchange for users, developers and everyone else interested in Open Source on mobile devices.

So far the amount of content is quite low, but we are hosting some interesting projects like OpenEmbedded, Angstroem and Gomunicator. We really appreciate any feedback - comments, suggestions or flames.

Of course you can start to use the LTG services NOW! :-)

Finally i managed to publish this here too…

I converted the book "Programming in Lua" which is available online to plucker format. The file is available here: http://www.kernelconcepts.de/~fuchs/files/pil.pdb

This makes the "mobile hacking kit" more complete. Only the GTK bindings lack a similar documentation. On my iPAQ It looks like this:

If you need FBReader to read it you can find packages (for Familiar Linux) including some dependencies in the same directory.)

To find out more about Lua and how the GTK bindings work i started to write a small backup tool. Fo far it isn't functional but it shows that the performance is good even with more than three widgets in a window.

Now back to some waiting important projects…