Asus VivoBook S15 S532FA (2020)
Table of Contents
- Laptop: Asus VivoBook 15 S532FA-DH55-GN
- Power brick, nominally 45W, 19V x 2.37A (45W),
100V to 240V up to 1.0A, 50-60Hz. Size 54x54x29mm.
Plug: NEMA 1-15P (North America, Andean South America, Japan),
2 parallel flat blades, no grounding pin, parallel to the square
surfaces of the brick and in one corner.
Cord length 1.9m (6.2ft).It ends with a
barrel connector, about 4mm outside, 1mm inside diameter, 10mm long.
- User guide and regulatory compliance notices (in English).
- Getting started: charge for 3 hours (actually under 1 hour),
open the display, hit the power button.
- Operating temperature range: 5C to 35C (41F to 95F). Don't block
the air vents on the bottom and rear. Don't cover the power brick,
e.g. with a pillow or blanket.
- Support URL.
- Do not use the laptop near water, during a lightning storm,
or in an explosive atmosphere (gas leak). Do not dispose of
batteries in a fire. Use only a compatible power adaptor.
- The laptop is RoHS compliant (EU and India) and complies with
other product environmental regulations.
- The surface of the laptop is not electrically conductive, except
around the I/O ports.
- Wi-Fi operates in 2412..2472MHz and 5150..5725MHz (or 5850MHz);
Bluetooth in 2402,,2480MHz. Output power 6..14dBm depending on
which chip is in your model.
- Warranty and other documentation. Key points:
- Warranty duration is 12 months from the date of purchase.
- It covers hardware and (their) firmware, not software.
- Criteria for warranty replacement of the display panel: 3 bright
pixels; 5 dark pixels; 2 pairs of adjacent bright or dark pixels; 3
bright and/or dark pixels in a 15mm diameter circle.
- If the TPM's pre-boot password is active and is lost, the only
recourse is to replace the motherboard, which is out of warranty.
You need to disclose the password to the repair techs.
- Back up your data and remove anything sensitive. The techs may
delete anything without restoring it.
- If you have non-original hardware (e.g. disc) or software (e.g.
Linux), they will only test or repair the original configuration.
- ASUS' liability is limited to your purchase price.
Support link for our model; see the Warranty tab.
International warranty service is available in most of Asia
including China (PRC and Taiwan), Australia and New Zealand; most
if not all of Europe and the Former Soviet Union; some of the
Middle East (excluding Iran, Syria, etc.); Egypt, South Africa, but
nothing else in Africa; USA, Canada, but nothing in Mexico, central
or south America.
- Instructions for using the ScreenPad in Windows.
- A package of stickers or cards with cartoon characters.
- The box is nicely made, 100% Kraft cardboard (environmentally
friendly). It should be saved to ship the laptop back for depot
To do upon receipt:
- Inspect for shipping damage. All OK.
- Read labels; copy down the serial number and whatever other useful
information (not too much).
- Plug it in so it can charge. Connect the Kill-a-Watt power meter for
power measurements<. The instructions
(for the Acer E5-573G) say to charge fully, then use up the battery
completely, 3 times, as the first thing you do. Other sources,
possibly more recent, claim that this is an urban legend, and the
solid-electrolyte interphase layer is fully developed after the
first charge. I"m
going to do normal activities such as setup and power measurements, on
battery power through three charge-discharge cycles, whether needed or
not. Then I will do the battery life tests.
- The M.2 NVMe SSD is assumed to be installed already and functional,
with Microsoft Windows-10 Home preinstalled. [Confirmed.]
- Connect wired Ethernet. Oops, 802.3 dongle is in use elsewhere.
I'll have to set up Wi-Fi when I test Windows.
The top cover color, according to ASUS, is
Moss Green. Seen
under indirect south daylight, I'm calling it Pantone® 18-0629
(p.129). (How appropriate for installing OpenSuSE on it.) The very narrow
border around the display is black, with an orange line between it and the
Lizard top cover. The keyboard deck and the bottom cover are Pantone® 12-0811
Dawn (p.39), kind of a light bronze-ish color. The keys are silver,
with a transparent inlay for the labels, which is dark when the backlight is
off. But when it's on, it shines through the labels, which is cool, but the
contrast is low with the silver key bodies, so you have to look carefully to
see which key you're pressing. Other available color schemes are
I will first review and record the settings, then boot
Windows and check it out, and finally change them as noted before installing
- Doing this on line power.
- How to get into Setup: press F2 while booting. Suggestion from ASUS
FAQ: press and hold F2, then press power. Release F2 when you see the
BIOS main screen. If rebooting, hold down F2 as soon as it leaves the
previous OS instance.
- Main Screen
- BIOS version 304 (no date),
Aptio Setup Utility by American
Megatrends, Inc. GOP version 9.0.1092, EC version F0021503.309
(whatever those are).
- Processor: Intel Core i5-10210U @1.60GHz (as advertised)
- RAM: 8192Mb (as advertised)
- Serial number is shown in the BIOS.
- Realtime clock is set to 2020-10-08 06:30:xx when the current time
(UTC) is 2020-10-07 22:30:xx, so the clock is set to civil time in
timezone +8, China. [Change to UTC.]
- Advanced Screen
- Hyperthread enabled [disable]
- Virtualization enabled [keep]
- AES-NI (acceleration) enabled [keep]
- VT-d (directed I/O for virtual) enabled [keep]
ASUS EZ Flash 3 Utility. You should be able to flash the
BIOS off a USB memory stick without installing and booting Windows.
- Rapid Storage Technology (manage volumes on the RAID controller).
We have a Kingston OM8PCP3512F-AB, 476.9Gb NVMe/PCIe flash disc.
Serno: 5002 6B76 838A F321. It's non-RAID, so it says.
- SMART: selftest all discs at boot.
- UEFI network stack disabled [keep]
- USB mass storage driver enabled [keep]
- Graphics: DVMT (video RAM) 64Mb preallocated [keep]; very likely
the video RAM can expand dynamically.
- SATA: Intel RST Premium with Intel Optane System Acceleration. I'm
viewing this with deep suspicion. Here's where you could
select AHCI -- lack of which kept the Acer Aspire E515-54 from
using its NVMe drive. [Change to AHCI later]
- Boot Screen -- It's preset with Windows Boot Manager on the NVMe disc.
When I install Linux I'll need to mess with this to allow booting from
a USB memory stick.
- Security Screen
- Administrator and user password not set. I'm sure I'll have to
set these to influence the following settings.
- I/O Interface Security -- Wireless and HD Audio are unlocked [keep]
- USB Interface Security -- Everything is unlocked: all USB,
external ports, camera, SD card reader. [keep]
- Secure Boot Control -- Enabled. Factory default keys are
configured. Will I disable Secure Boot? When something goes
- Save & Exit -- This page has the boot override menu, pick a device
to boot from. Also you can launch an EFI shell, possibly from a
choice of devices.
So the only things that will actually be changed (after Windows checkout,
before installing Linux) are:
- Main/Realtime clock to UTC.
- Advanced/Hyperthread disabled.
- Advanced/SATA changed to AHCI (from Optane).
- Boot: Get it to boot the Linux installer, unless the boot override
menu can do this without formal setup. [Update: The installer USB
stick is on the boot override list; don't have to mess with the Boot
- Security/Secure Boot is being left active unless I get into trouble.
Boot into Windows. Here are the steps in Windows Setup.
- Language choices: English, Spanish, French. Yes the ScreenPad works
in Windows for picking these options.
- It runs Setup with Cortana as its mouthpiece. Click the microphone
icon (lower left corner) to shut up Cortana.
- Pick your region: United States (out of a zillion choices).
- Pick keyboard: US. Skip second keyboard layout.
- Network setup. This is Wi-Fi; I thought I had an extra 802.3 NIC, but
it's in use. It scans for nets, pick one. Type the password.
- It does non-obvious stuff including possibly checking for Windows
- Agree to the EULA.
- Add your Microsoft account. They won't let you skip this.
For me the account identity is $firstname.lastname@example.org.
- They offer face ID. I skipped setting this up.
- Create PIN for login. (Mandatory.) Click
Include Letters and
Symbols, and I gave it my regular password.
- Trust Microsoft to save your activity history etc. in the cloud.
These were declined: activity history; share photos with Android or
iPhone; back up to OneDrive (click Only Save to This PC), free
Microsoft 365 trial, Cortana. Formerly Cortana would jump up and down
and yap, begging to be turned on, but they've improved: this is gone.
- Privacy settings: I turned all of these off: speech recognition,
find device, inking & typing, advertising ID tracker, location,
diagnostic data (including web URLs), tailored ads per diagnostic
data. If I were really using Windows operationally I would keep
- Set up ASUS account and McAfee (virus scanner) account. Give full
name, region, and e-mail address ($email@example.com for me).
This might take several minutes; don't turn off your PC.
- The ScreenPad comes on with feature icons. To once again use it as a
trackpad, hit the trackpad icon on the lower toolbar of the ScreenPad
about 20% from the left edge.
- They use Edge to show you a page of tips; you're pre-logged in to
your Outlook account and its front page is showing.
Very quick checkout of features in Windows.
- Power measurements with Windows out of the box, crapware included.
Default screen brightness and all other settings.
- Windows idle with the screen on including ScreenPad: 9W.
- Windows playing
Big Buck Bunny (MPEG-4 + MP3 in AVI,
1080p): Edge is playing it. It downloads the whole thing first,
0.7Gb. Mostly 15W with occasional excursions up to 21W.
Interesting, Linux can play this using 8.6W; usually Windows uses
less power than Linux when playing media.
- Showing a photo but screen (and ScreenPad) is off due to DPMS: 4W.
(I don't know what the CPU is doing; it might be in S2 or S3
but I wouldn't know.) (Linux: 3.6W, essentially the same.)
- After the timeout passed and the machine was supposed to have
gone to sleep, power was 0W.
- Hit any key, screen very promptly shows the greeter (no ScreenPad)
and power is back to 11W.
- Tap on the pad, the previous desktop is restored, ScreenPad is on,
and power is 10W.
- Download and execute the Windows Media Creation
Tool (details below).
- Update the BIOS. Don't skip
this step. The machine ships with BIOS version 304 (no date) and the
latest one on the support site (as this is written) is 302 dated
2020-04-23. So I guess I will skip this step. You can do the
update using the flasher in the BIOS, so they say.
- Per Windows Settings, we have a Intel Wi-Fi 6 AX201 160MHz and its
MAC address is bc:54:2f:f4:77:66 .
- Register the new machine on my firewall. Actually do the whole IP
address procedure including updating kea-dhcp.conf. Since the old
Xena is hosed and not recoverable, I'll use the name of Xena
immediately for the new machine. [Done.]
- Windows storage requirements: 38Gb used of 475Gb total on C:, 476.9Gb
raw disc capacity. But this definitely
includes bloatware like Candy Crush which I wouldn't be caught dead
running, plus the Big Buck Bunny download (0.7Gb) which I forgot to
this article on GHacks, Microsoft's official minimum is 32Gb. On
Linux let's pre-allocate a partition of 50Gb, at the end of the disc,
if I ever have to reinstall Windows, God forbid. I'll use it for
temporary storage of big tables for special projects. I did the same
thing on the old incarnations of Xena.
- We're done with Windows; time to install Linux.
The goal here is to make it possible to reinstall Windows on the SSD if I
need it, but I hope to completely delete Windows from my machine. The
Windows 10 Specifications page says 20Gb is required for the 64bit OS (in
2019 it's raised to 32Gb). I'm sure you need more to actually do something. I
ended up allowing 50Gb.
In this I'm following the
review by TekSyndicus (2015-09-01) on the
Amazon product page for the Acer E5-573G.
- Do this from the laptop when it's running the instance of Windows that
you are going to reinstall, or a predecessor version, e.g. Win-7, which
you either are able to upgrade for free or have bought a Win-10 license
- The USB drive needs to be mountable by Windows, i.e. formatted, and
with at least one partition with a valid Microsoftish filesystem on it.
I cleared the first 10Mb of a drive that I was recycling, then ran
parted (on another Linux machine) (parted /dev/sdb ; print ; make very
sure you have the correct drive) to put a MBR on it (mklabel msdos),
and a partition (mkpart primary fat32 0 -1) (quit to get out). Then
format it (mkdosfs -F 32 /dev/sdb1).
- First insert the USB drive where you're going to put the resulting
ISO image. It needs to be mounted; don't eject it (like I did).
The ISO image is around 3Gb in size, so they say, so the USB stick
needs to be bigger: 4Gb is enough. (Update for 2019: needs 8Gb.)
The USB stick will
be reformatted (all data lost) and turned into a bootable DVD. It is
also possible to burn the ISO image to DVD media (if one has a drive).
- Go to the page for
downloading the Windows 10 ISO. If you're on the target machine
(vs. a Linux box) it automatically redirects to the Get
Windows 10 page.
- Scroll down to
Need to create a USB, DVD or ISO?
Check the prerequisites (Before You Begin).
- When you have the prerequisites taken care of, hit Download Tool Now.
It downloads slowly.
- The first step is to run it; there is a Run button on the download
progress box when it finishes. Give it time to start; it isn't swift.
- Agree to the Microsoft EULA.
- Main activity: Create installation media for another PC.
- Choose the language, architecture and edition (Windows 10 covers both
Home and Pro). It will pre-fill these. Don't try to install a
different language, architecture or edition than the one already
installed; they say it won't work.
- Tell it to stuff a USB flash drive. You could also save the ISO image
and subsequently burn it on a DVD.
- Pick your drive; if there's only one, it will be preselected. It has
to be mounted, or at least not ejected.
- For me, the download proceeded glacially. Looks like it's going to run
overnight. Not really; it started very slowly, but speeded up and
finished in only one hour. The ISO is about 3Gb in size, which
translates to 6.7e6 bits/sec: limited by the server, not my FIOS
speed. Update for 2019: the ISO is bigger but I'm not sure exactly
how big. 8Gb should be enough space. Also the download steps are
- Then it does a checksum, and finally writes on the media.
This takes about 6 minutes with my USB stick, not particularly fast.
- When the program finishes, eject the USB stick using Windows Explorer,
remove it, and put a label sticker on it.
- All done for the ASUS S532FA.
- Later I was able to install Windows from this image (on the E5-573G).
This installation will be the second time I have attempted booting by UEFI
(Unified Extensible Firmware Interface). Although SuSE has supported UEFI
for several years, on both x86_64 and ARM architectures, I'm expecting
a lot of trouble in this area.
But first I need to make some policy decisions.
When I install Linux the first issue is going to be partitioning. On a
MSDOS-type operating system, the disc begins with a Master Boot Record (MBR),
which includes a code area for the booter, and a table giving the boundaries of
the partitions. Of course the complete booter won't fit, so the MBR is a
multi-layer kludge. One forum poster pointed out that Grub code is spread
among the MBR code area, the unallocated space after the MBR, and the Linux
like spaghetti thrown by a baby. Also for people
with huge RAID arrays, the MBR has an addressing limit of 232 blocks
or 2 terabytes (2e12 bytes).
The more modern partition table is called the GUID Partition Table (GPT)
where GUID (Globally Unique IDentifier) refers to a field in each row that
designates the role of the partition, which is ignored in Linux. Basically
it replaces the partition table in the MBR.
On machines whose BIOS is capable of reading a GPT,
my policy is now to use the GPT, not the MBR partition table.
With non-UEFI (legacy) booting and a GPT, the first partition needs to
extend from the end of the GPT header to at least the first cylinder boundary
(1Mb is recommended in Grub docs), and its type needs to be 0x00 bios_grub. The
filesystem type is irrelevant (don't format, or use FAT32). With UEFI booting
you need a EFI partition. It should be the next partition (the BIOS from both
Acer and ASUS will find it even if not first), it needs an actual FAT32
filesystem, and it needs the boot and ESP flags (gparted flag names). Windows
installs it with a legacy (MBR) partition type of 0xef, whereas SuSE gives it a
type of 0x00.
How big does the EFI partition really have to be? While the relevant Grub
files should fit in 1Mbyte, if you're going to dual-boot Windows. the
pre-installed Windows allows 100Mb, and 150Mb in a new installation, and the
reference given below recommends 200Mb. On the old E5-573G I provided 150Mb.
But actual usage ended up like this: Boot 1.13Mb; OpenSuSE (grub) 0.12Mb;
Microsoft Boot Manager 18.7Mb, total 20.0Mb. On the A515-54 I gave it
30Mb, successfully. While SuSE puts the kernel(s) in /boot, other distros like
Gentoo and Raspbian put them in the EFI partition, and you will need more than
30Mb. For my experiments with Gentoo on ARM I gave it 64Mb (with only one
kernel and initrd at a time).
For the final result, skip ahead to the Partition
I never dual boot because one of the operating systems becomes the favorite
and the other one ends up not getting security updates. However, if other
users need dual booting, for a procedure see this
AskUbuntu forum thread, O.P. GhostMotleyX (2014-07-20) and
particularly the reply by Rod Smith. He recommends using efibootmgr (package
efibootmgr on SuSE and Ubuntu) to clean up cruft (avoid deleting important
entries though) and particularly to change your boot order so Grub boots first.
After a clean installation of OpenSuSE Tumbleseed, and presumably recent Leap
and SLES versions, the boot order is preset in this way.
UEFI includes integrity management, referred to as
Secure Boot. The
kernel must be signed with a key known to the BIOS, and a fraudulently altered
kernel cannot be booted, including a kernel created from scratch by the user.
Microsoft Windows, and modern Linux distros, have access to a pre-installed
acceptable key, but ordinary users need to forge a key and register it with the
BIOS. This is feasible (in theory), but I really don't want to get tangled up
with that kind of security, so I am going to [try to] turn off Secure Boot.
However, if you run a public computer lab, or otherwise are likely to get
malware installed on your machine, or if the KGB, Peoples' Liberation Army or
NSA would be interested in monitoring your activities, and if you always run
the distro's unmodified kernel, you are advised to use this security feature.
Assuming I can turn off Secure Boot, I am going to use UEFI, whether
or not I'm also dual-booting Windows. Yeah, sure. How am I going to boot
the installer if I have UEFI? I need installation media with a EFI partition --
and I have it, the OpenSuSE installation DVD or net installer on USB.
On a related topic, what filesystem type should I use? The contenders are
ext4 and btrfs, which is now the default for OpenSuSE's root partition. They
use XFS for /home, though, and I've had bad experiences with XFS. Btrfs has a
lot of great features like copy on write, snapshots, and de-duplication
(identical blocks in different files are stored only once). However, it has
two disadvantages: I would need to learn a lot about its care and feeding, and
it is slightly slower than ext4, which I am familiar with. I think I'm going
to defer the transition to btrfs to the next machine, and stick with ext4.
I frequently need to take the disc out of one machine and mount it on
another, particularly for the Raspberry Pi's. If you use the hardware device
name, e.g. /dev/sdd3, this is error-prone if done manually, and the major
device number can change randomly from one boot to the next, so the device name
shouldn't be used in /etc/fstab. The partition table includes a UUID which is
used in a set of symlinks in /dev/disk/by-uuid, but UUIDs are semantically
meaningless and are impossible to type by hand. So I give a label to each
partition (except bios_grub), which appears as the name of a symlink in
/dev/disk/by-label. I assign a number to each machine (or each incarnation,
where relevant). On the old Xena (Acer A515-54), /dev/disk/by-label contains
ROOT-09, HOME-09, SWAP-09, EFI-09 while the new one Xena (ASUS S532FA) will
contain ROOT-10, HOME-10, SWAP-10, EFI-10, so they can coexist when I copy home
directories onto the new machine.
First step is to download the
Network Image for x86_64 from
Tumbleweed installation page plus the checksum and GPG signature.
See this help page, the section about
verifying checksums, and follow the example.
Yes the checksum and signature came out correct. Then write the image
to a USB memory device; the next section has several options.
Oops, my Ethernet adapter is in use for the default route to my ISP.
It's supposed to be
possible to set up Wi-Fi after booting the installer, but I couldn't make that
work. I repeated the above steps with the installation DVD. Similar
filenames/URLs but replace NET with DVD.
The following was seen on the Acer A515-54 and the ASUS S532FA has the
same issue, but fixable.
Gakk, the Linux (OpenSuSE Tumbleweed) installer cannot see the NVMe SSD,
and neither can the rescue system. There is a mysterious item in boot
ahci 0000:00:17.0 Found 1 remapped NVMe device. Switch your BIOS
from RAID to AHCI mode to use them. However, this setting is not available
on the Acer A515-54. But it is on the ASUS S532FA, and when I
followed the message's instruction, I was able to put Linux on the NVMe disc.
- First plug the installer's USB stick into the laptop; you're going
to boot it after the alterations and it has to be inserted when BIOS
setup starts so it will be in the Boot Override list.
- Boot into BIOS Setup: starting from power off, hold down F2 (until the
Setup main screen appears) and hit the power button.
- Make the BIOS changes planned in a previous step: change realtime
clock to UTC, disable hyperthread, switch SATA controller to AHCI
(vs. Optane). [Update: this allowed Linux to use the NVMe disc, which
the Acer A515-54 could not do.]
- Save & Exit (confirm it), and as soon as the screen goes black,
hold down F2 until the Setup main screen appears again.
- Navigate to Save & Exit again. Scroll down to the Boot Override
list and within that, the line for the installer's USB stick.
Sometimes it gives you an option for Partition 1; I always booted that
if it was shown. Hit Enter.
- The EFI executor asks you if you're willing to trust
the OpenSuSE cert for signing boot images (tell it yes). This choice
persists for future EFI boots.
- It boots the installer. Scroll off
Boot From Hard
Disk which otherwise would boot Windows in a few seconds.
Procedure, once the installer is booted. Since my Ethernet adapter is
pre-empted, I'm actually using the installation DVD.
- If you're using the network installer, use arrow keys to
navigate to Installation. Hit E to edit the entry. To the
linuxefi command, append
(space) kexec=1 which is the magic
incantation to get it to use the kernel off the installation repo,
rather than the net installer's kernel, which is probably back version
and which will make the installer refuse to install the
version distro. Hit F10 to boot. You need this for Tumbleweed because
the kernel and the ISO images are constantly being updated, usually at
different times. I never needed this maneuver for Leap, nor if I used
the installation DVD.
- When the Plymouth progress screen obscures boot messages, hit Esc to
turn it off.
- After downloading the kernel and the huge initrd, it reboots. Go
through the same steps again (hit Esc when Plymouth comes on).
- With the network installer, be sure to let it add the online
repositories because you don't have the DVD. (But I do have it.)
There's no way (in this step) to add my Squid proxy and
- With the DVD, it's going to ask you to configure your Ethernet, which
I don't have yet, so I just hit Next.
- On the page to select your desktop environment (KDE, Gnome, etc),
pick Generic Desktop. I have a script to
install the software I actually want, later.
- Partitioning: I'm trying to get a system
that can be used with both
legacy and UEFI booting. Each partition (except bios_grub) should have
a label and should be mounted by label, to avoid confusion during
experiments with UEFI vs. legacy booting. Set this in fstab options.
The partition order shown below is best for my use case. All
Linux filesystems are ext4 (not btrfs or XFS which are the current
defaults in SuSE).
- Delete everything first, try to get it to do UEFI.
- 1. Bios_grub, 7.8Mb (tell it 8Mb) which is the smallest that
parted will allocate on this big disc. Presumably that's the
end of the first cylinder. Tell it
do not format and pick
the bios_grub partition type.
- 2. EFI, 30Mb (see above for why I'm picking that size). First
do not format
with partition ID (type) 0x00 EFI Boot. Then change back to
yes format, with a FAT filesystem, and mount it on /boot/efi.
- 3. Root, 20Gb. In SuSE 13.1 you need to ask for 5% less and your
request will be expanded 5%, but in current versions it gives you
the size you request.
- 4. Swap, 24Gb. Yes, a label is allowed and you can swapon
- 5. Home, 30Gb. Eventually occupied: 2.5Gb, 9%.
- 6. /s1 (scratch and special projects), the rest of the space,
minus Windows if present. About 353Gb. My development VM's disc
is here, 30Gb, and is by far the biggest occupant.
- 7. Windows, 50Gb. If Windows is required, put it at the end so
it can easily be merged later with /s1. Format it as FAT32 and
let Windows upgrade it to NTFS, because Linux NTFS tools may
not be bug-for-bug compatible with the real Windows formatter.
Actually I put a ext4 filesystem on it and labelled and mounted it
- New feature: If root's SSH public key were on a drive (normally USB) it
could have been imported, presumably into authorized_keys.
[Update: this worked.] The filename has to end in .pub .
- Software selection: Turn off the apparmor pattern. Turn on these
individual packages. post_jump will install them if missing, but better
to do it now to bypass sleeping dragons.
*rsync *curl +m4 +expect +pam_ssh +pam_krb5 +krb5-client
(* = already selected, + = needed to add.) Estimated 829MiB to
download, 2.5GiB installed.
- If the firewall is disabled you don't get SSH, so enable the firewall.
Enable SSH. Tell it to configure the SSH port to be open. You have
to set all three of these, unlike in SuSE 13.1. post_jump will install
my aggressive firewall.
- Switch to NetworkManager, since this is a laptop.
- Start installation. It goes very fast.
About 1650 packages to install from the DVD, 142 from the repo,
1792 total. Installation took 10.5 minutes followed by about 1.5min
non-package installation (e.g. copying the
network configuration and indexing the kernel modules), after which
the machine rebooted successfully into the production operating system.
- It drops you into a lightdm greeter with SuSE branding (blueprint with
Geeko the lizard). It got its proper IPv4+6 addresses by DHCP.
- Run post_jump. CouchNet has a list of packages wanted on the machine,
such as desktop packages and service daemons.
Post_jump installs them (using the local Squid caching proxy to get
to the SuSE repos), tosses unwanted packages, runs online
update, and installs locally hacked configuration files.
- Major post_jump events:
- Installing 317 keystone packages, 2235 packages total.
8 wanted packages could not be installed.
- Removing 691 unwanted packages.
- Updating 12 packages.
- Service units: enabled 45, reenabled 17, turned off 19.
- Reboot, and run checkout.sh.
There was an emergency issue that diverted me for over 3 weeks. Returning
to my new laptop. I left it with post_jump finished, and booting with no
drama into the production OS. I'm going to move my homedir into the new
laptop, then do checkout activities. Here's a more detailed list of steps.
Minimal network setup: wired Ethernet is on en0 and I gave it
the IP for xenaeth. It works; you can do
ssh to Xena as root,
with publickey auth.
Go through the weekly update procedure to get a month of missed
updates. Key substeps:
- Reinstall conf files. There have been some major updates.
- audit-pkgs -v -U -c (main action is zypper dist-upgrade, this
457 packages to upgrade, 28 new, 12 to remove.
Download 850.4 MiB, installed 939.6 MiB.
- Issue: grub2-x86_64-efi was updated, and its posttrans script
wanted but couldn't find shim-install. No other hosts have
shim-install either. Only Holly (and Xena) have EFI. I created
Output: Installing for x86_64-efi platform. Installation finished.
No error reported.
- Reinstall conf files again.
- Re-run audit-scripts -k -E (re-enable all wanted services), in
case of remnant weirdness. 54 items newly on, 19 turned off,
- Re-run restarter and checkout.sh and fix discrepancies. Not too
bad, I'm going to reboot, and then fix discreps.
- It rebooted despite the grub error message above. Restarter
failed to restart these services:
- krb5kdc : /var/lib/kerberos/krb5kdc/principal does not exist,
restore from backup.
- kpropd : /var/lib/kerberos/krb5kdc/kpropd.acl does not exist,
restore from backup.
- ldap (slapd) : /var/lib/ldap/slapd.d does not exist, restore
or propagate from another dirsvr.
- unbound(+2,3) : /var/lib/unbound/etc/unbound/root.key is hosed,
syntax error, where did they get this crap? Overwrite with
a key from a working server. Now it won't start due to SuSE
bug 1177715. Reverted from kernel 5.8.14-1-default to
kernel-default-5.3.18-lp152.47.2 from Leap 15.2. Now unbound
starts, but unbound2,3 require the host key+cert which needs
to be restored from backup.
- apache2 : No host key+cert
- vsftpd.socket : No host key+cert
- firewallJ.d : Can't ping any partners (no IPv6), can't test.
- nfs-server : Can't ping any partners (no IPv6), can't test.
- perl Net::Ping is hosed, known bug (reported), need to apply my fix [done].
- Run checksum.J to accept new security checksums, equivalent to
Copy the HOME and S1 partitions off the Samsung EVO 860 disc (old
Xena) to the new one, using the SATA to USB adaptor. Details:
- /s2 is completely empty. Ignore.
- Target /s1 is empty; source /s1 isn't: size 350Gb, 46Gb used.
Copy lock, stock and barrel. 224090 files copied, took 21min,
- Copying /home. Size 31Gb, 2.4Gb used, 54831 files copied,
took 76sec, 31.6Mb/sec.
- Copying / (root) is going to be tricky. The source mountpoints
will have nothing mounted on them (but I'll use -x anyway).
Watch out, there are stray rpmsave files.
First I'll copy with -n and assess what's going to be trashed.
With no special options beyond -a -n: 738231 files.
rsync options: -a [-n] -x -O -J -u -m --ignore-existing .
Excluding these dirs: /bin /boot /lib /lib64 /lost+found run
/var/cache /var/lib/hardware /var/tmp
/var/lib/NetworkManager/dhclient* cache .cache .config .
1419 files remain, most of which I identify as being needed, like
SSL host keys.
- Next I'll use the same options minus --ignore-existing, to
generate a list of non-identical files. Then I do a diff on them.
Only 18 files:
- /etc/nsswitch.conf -- Old Xena was jiggered to use
libnss_usrfiles2 but new one wasn't (why? It's installed).
- /etc/sysctl.conf -- Copy, Xena isn't a leaf node
- /etc/vsftpd.banner -- Copy.
- /etc/alternatives/default-xsession.desktop -- Old Xena uses
gnome.desktop (hiss, boo), new Xena has xfce.desktop. Keep.
- /etc/alternatives/gem2rpm -- Old uses ruby2.6, new uses
- /etc/alternatives/gem2rpm-0.10.1 -- Ditto.
- /etc/alternatives/libcblas.so.3 -- Old Xena uses serial
flavor, new is threaded. Keep.
- /etc/default/grub.m4 -- Copy (and rebuild
- /etc/postfix/main.cf -- Copy.
- /etc/ssl/certs -- Copy.
- /etc/sysconfig/nfs -- Copy (different date, content same).
- /etc/systemd/system/network.service -- Copy. Except
NetworkManager is not installed.
- /m1/custom/background.jpeg -- Copy.
- /var/lock -- symlink to ../run/lock, copy it
- /var/lib/postfix/client_scache.db -- Don't mess.
- /var/lib/unbound/etc/unbound/perhost.incl -- Copy.
- /var/yp/nicknames -- Keep.
- Command line: rsync -a -O --files-from=diffs.ls2 /mnt / [Done]
Install extra software (like NetworkManager) that was missed by
post_jump because /m1/custom/extra.sel wasn't there.
Command line: audit-scripts -v -i -c -I
These packages were not found (remove from extra.sel or
couchnet.sel): yast2-trans-en yast2-trans-en_US giggle ifplugd GeoIP
These packages were merged, remove and/or replace with the one in
parens: openssl-doc (openssl-1_1-doc);
These packages lack dependencies: Mesa-demos (don't install);
perl-Astro-Sunrise (works without compat module);
perl-Mcrypt (works without compat module);
Reinstall configuration files again.
From rpmconfigcheck, 18 rpmnew-save-orig files were reviewed;
all were tossed.
audit-scripts again. Main items: enable NetworkManager, disable
Compare (rsync -n) the backup on Diamond with the state on Xena.
Transfer discrepant files that ought to be transferred. There
should be very few of these in /home since the backup was done just
before Xena got trashed, but there will be more in /etc, most of which
are from distro updates that should be kept.
Command line: ssync -a -n -O -J -c --exclude=/inventory.dat /home/backup/xena/ xena:/
-c = compare by checksum, ignore mod time. This excluded almost
2/3 of the files, 469 files remain. I did a diff (scripted of course)
on each of them. Many backup files are just old and are ignored out of
hand. 11 files need to be copied; 2 need hand editing (new MAC
/etc/dhclient.conf (no longer used but copy anyway)
/etc/systemd/network/50-en0.link (needs hand editing)
Rebooting Xena and trying to get up on Wi-Fi. It doesn't want to
connect. The NetworkManager configurations for both rad0 and en0 were
tied to the specific device's MAC address, so N.M. rejected them and
created new connection pages for the actual devices (tossed). This
was fixed, but a lot of issues continued. See below for nasty details.
Run clonedir to suck recent edits from my homedir on Jacinth. Once
this is done I'm allegedly operational on the laptop. [Done.]
Now I'll continue with checkout and evaluation steps.
Details of regressing to an old kernel: As this is written,
kernel-default-5.8.14-1.2.x86_64 is the latest version. It gives two problems:
starting with the update to 5.6.14, the host of a VM runs for a variable time
from 5 minutes to a day or so, then mysteriously crashes with no error messages
in syslog nor visible on the screen. Second, unbound (the DNS server) drops
privileges, and apparently our version of libcap-ng is using a back-version
linux-api-headers, and barfs when the process potentially has capabilities with
a higher number than it knows about. So unbound cannot start. For the unbound
SuSE bug 1177715 (2020-10-14 ), it is apparently sufficient to revert to
kernel 5.7.1. I tried reverting to old kernels, but could not get the RPMs. I
succeeded by installing kernel 5.3.18-lp152.47.2 from Leap 15.2, and now
unbound is running. [Update: on about 2021-02-23 Tumbleweed got
util-linux-2.36.1-3.2.x86_64 and this fixes the problem.] Arch Linux bug 67781
(2020-08-31) describes this issue, and the developer indicates what he did to
I thought Xena would just join the net normally once connection
configurations were restored, but it didn't work out that way. After much
of a day of thrashing around with skimpy notes, I tried these
rad0 is the NIC for Wi-Fi. en0 is the Ethernet NIC (USB). It's a
design rule that Wi-Fi will be disabled (in the main NetworkManager menu)
before Ethernet is plugged in, so that only one of them is physically
operating at a time. They get their IP addresses by DHCP, different for
each: rad0 = 188.8.131.52 + $pfx::c3; en0 = 184.108.40.206 + $pfx::e3.
Formerly the connections for rad0 and en0 were locked to the NICs'
former MAC addresses, so N.M. ignored them. This field was cleared.
There seems to be a baleful interaction between /etc/sysctl.conf
(settings in /proc/sys/net/ipv[4+6]/conf/$NIC/$various), the N.M.
connection configurations, and other entitites yet to be discovered.
I began by disabling N.M. and rebooting.
should be turned *on*.
I made a script to report relevant sysctl settings etc. I disabled
N.M. and rebooted. The pristine network state goes like this:
- Addresses of $pfx4.195/26 and $pfx6::c3/112 on rad0, no addresses on
en0 or br0.
- No routes, network is unreachable (duh).
- forwarding == 1 on rad0 all default (both families) (correct).
- accept_ra == 2 on rad0 + all (correct) but 1 on default (wrong).
- accept_ra_defrtr == 1 on rad0 all default (correct).
- disable_ipv6 == 0 on rad0 all default (correct). This continued on
subsequent tests and won't be reported again.
Starting N.M. with Wi-Fi disabled and en0 not plugged in, should get
br0 but not en0.
- Addresses of $pfx4.195/26 and $pfx6::c3/112 on rad0, $pfx4.177 and
$pfx6::7:1 on br0, no en0 (correct).
- No routes, network is unreachable (duh).
- forwarding == 1 on rad0 br0 all default (both families) (correct).
- accept_ra == 2 on rad0 br0 all (correct) but 1 on default (wrong).
- accept_ra_defrtr == 1 on rad0 br0 all default (correct).
- Petra is shut off, no vnet0. Let's keep it that way for now.
Plugging in en0. jdhcp ran and provided some addresses. en0
immediately got a link local address and can ping
on the local net, but N.M. could not get a DHCP address for it.
- Addresses of $pfx4.177 and $pfx6::7:1 on br0, but nothing on rad0
or en0 (except llnk local address).
- Routes: Default and local LAN via Jacinth on en0.
- forwarding == 1 on all NICs for IPv4 but 0 for IPv6 on rad0 en0 br0,
it's 1 on all + data.
- accept_ra == 0 on rad0 en0 br0. This is bad, preventing an IPv6
address and routes from being set on en0. It's 2 on all and 1 on
- accept_ra_defrtr == 1 on all (correct).
Activating Wi-Fi, with en0 unplugged. N.M. behaves as if it had set
up Wi-Fi normally.
- Correct addresses on br0, $pfx4.195/26 but no IPv6 on rad0. But
Xena can still ping IPv6 using the link local address.
- Routes: default and LAN routes, both families, are correct on rad0.
- forwarding == 1 on all NICs for IPv4 but 0 for IPv6 on rad0 en0 br0,
it's 1 on all + data.
- accept_ra == 0 on rad0 br0. This is bad, preventing an IPv6
address and routes from being set on rad0. It's 2 on all and 1 on
- accept_ra_defrtr == 1 on all (correct).
- I manually set IPv6 forwarding = 1 and accept_ra = 2 on rad0 and br0.
Even so, it was seen to receive RA's and not obey them.
- In this condition it's able to communicate
hosts on the local LAN, with www.jfcarter.net, and with www.google.com,
using both address families. The only thing it can't do is use IPv6
to ping outside the local LAN.
Wonder of wonders, when I started up the VM Petra, off-LAN pinging
started to work. But we still don't have an IPv6 address on rad0.
It claims to have received from RA's a correct default route and a prefix
route on the local LAN, in fact two variants of each plus a spurious
(high metric non-RA) route to br0's subnet.
I ran restarter; it ran jdhcp which put rad0's proper IPv6 address on
Petra is mostly working but has issues, which I'm going to leave for
later to fix. [Getting networking right was a lot of work, but eventually
it's fully operational and reliable.]
When I first installed Linux, after the laptop hibernated (S4 state)
and was awakened by pressing the power button, it would do a full reboot, not
restoring the saved hibernation image. That was not good.
forum post on Stackexchange.com, OP user1337, 2020-07-04. He had the same
symptom, and fixed it. The issue was, the Dracut configuration lacked an
instruction to include the resume module; adding it made the initrd look for
and restore the saved hibernation image.
Here is how I adjusted his procedure for OpenSuSE Tumbleweed:
- Check your kernel command line:
It should have a resume device: for me, resume=/dev/vda1 or
resume=LABEL=SWAP-10. If not, it can't find the hibernation image.
lsinitrd -m and see if you have the
module in your initrd. If not, you need to add it.
- The resume module should exist. Check this path name (it's a
directory): /usr/lib/dracut/modules.d/*resume . The '*' matches an
order number; for me it's 95 but it probably varies among distros.
It is included in the dracut package; if it's not there, that's beyond
the scope of these instructions.
- The Dracut configuration files (on SuSE) are in /etc/dracut.conf
/etc/dracut.conf.d/ /usr/lib/dracut/dracut.conf.d/ .
Sample command to search for a resume configuration:
grep -r -l resume /etc/dracut.conf* /usr/lib/dracut/dracut.conf.d/
- If you don't find
resume mentioned, you need to configure it.
I put it in /etc/dracut.conf.d/99-resume.J.conf . (If you do find it,
but aren't getting restored even so, you have a complicated problem.)
- The content was:
add_dracutmodules+=" resume "
(plus #comments). This is a space surrounded list of modules to
add; Dracut wants spaces before and after each module name.
- Then rebuild your initrd, with the module, using the command
mkinitrd (old) or
dracut -vf (modern). It's verbose;
capture the output in a file, and look later for messages about
- The hibernation image now will be restored when you wake the machine.
Strange: 6 of my machines had the resume module in the initrd despite no
configuration adding it.