FreeBSD on a Dell M1330 XPS Laptop

    The Dell M1330 XPS is a fantastic laptop.  It's fast, light, and has everything I need to use built right in. Getting FreeBSD to run on it wasn't much of a problem but it did take sme work to get it to recognize all the different hardware in it. This is an account of what I did to get FReeBSD 7.x to work with the hardware. I still don't have it working with all the hardware (or not as well as I would like), so this is an on going article that I will be updating as more and more of the hardware is supported.

The Dell M1330 Hardware

    The Dell M1330 XPS is also similar to the M1530 XPS (the M1530 is just a larger screen) so this article may alloy to the M1530 as well. The hardware may vary slightly from unit to unit as you can order this laptop with a number of different hardware options.  Here is what is listed in mine.

  • Dell M1330 XPS
  • T7500 2.2Ghz Dual Core Duo CPU
  • 2GB RAM
  • 200GB 7200rpm Hard Drive
  • NVidia GeForce 8400M GS
  • Dell Truemobile 355 Bluetooth
  • UPEK Touchchip Fingerprint reader
  • Intel 82801HEM/HBM SATA Controller
  • Ricoh xD/MMC/SD/Memory Stick Controller
  • Ricoh OHCI 1394 Firewire Controller
  • Dell Laptop Integrated Webcam
  • Intel Wireless 3945ABG NIC
  • Broadcom Netlink Fast Ethernet NIC
  • SigmaTel HD Audio Codec

Installing FreeBSD

    The problem with partitions.

    FreeBSD 7.x will boot and install on this Dell without any problems if you are going to fully replace the Windows Vista that came with the system.  If you are going to try an dual boot it (as I wanted to) then you will run into problems.  There are already 3 primary partitions on the drive.  One for the Dell diagnostics, one for Vista, and one for the Media Direct stuff.  I wanted to put XP, Vista, and FreeBSD on the3 laptop. Shouldn't be a problem since a system can have up to 4 primary partitions and I don't need the Dell or the Media Direct stuff.  Well it didn't go that well.... On bootup the Dell BIOS looks for those partitions and will erase the partition (or at least hose it) so that I could not boot. I tried everything and finaly gave up on trying to have the operating systems.  Just FreeBSD and Vista. 
    I'm not going to go into how to dual boot FreeBSD and Vista. There are a number of howto's out there on the net.  I might write some thing up in the future though. 
    P.S. If anyone gets XP, Vista, and FreeBSD partitions working on this latop, can the drop me a note... or better yet, write something up and I'll post it here.

The Broadcom Netlink Fast Ethernet NIC.

    The built-in NIC is a 10/100MB Broadcom BCM5906M. FreeBSD 7.x does not yet support this NIC (at least as of 25-06-2008) but there was enough information out there to put together a patch.  There was a patch submitted to the FreeBSD mailing list by Benjamin Close that added this device for 7.0-RELEASE but I was not able to get it to apply on my FreeBSD 7-Stable so I rolled my own.  Benjamin's patches are located at http://ture.saeab.sa/bcm5906/ and where submitted for MFC so they may be in the newer stable version by the time you read this. 

    Click here to download the patch for the bge interface and do the following to apply it...

# cd /usr/src
# patch < *.diff

    Check to make sure all the patches applied without any errors, then rebuild your kernel and reboot.

 


 

The FingerPrint Reader

    The fingerprint reader is a UPEK Touchchip. UPEK provides a binary driver for FreeBSD and there is some documentation here on how to install it and get it going. 

    I am running FreeBSD 7-Stable (as of August 04, 2008) and the above documentation did not quite work for me.  The bsp_upekmess port would compile but gave me an error when running it.  The error was due to a bump in the gettext version.  I have a modified version of the port here that can be used to install the new driver available from UPEK that fixes this problem.  I'm sure this update will be included in the FreeBSD ports tree soon.

    Here is the procedure I used to install the UPEK driver and get my fingerprint reader working (most of this information is also included in the documentation on http://www.shapeshifter.se/articles/upek_touchchip_freebsd/).

Install the bsp_upekfmess port (the UPEK driver).

# cd /var/tmp
# fetch http://www.bohica.net/projects/bsp_upekfmess.tgz
# tar -xvzf bsp_upekfmess.tgz
# cd bsp_upekfmess
# make install
# make clean
# cd /var/tmp
# rm -r bsp_upekfmess

Install the pam_bsdbioapi port (the Biometric PAM module).

# cd /usr/ports/security/pam_bsdbioapi
# make install
# make clean

Setting up the configuration

    The pam_bsdbioapi port installs the libbirdb library.  This lib controls access to the different database backends possable for storing the biometric information.  In my setup, I just used the recomended file system database (filedb).  The default sample configuration is fine for most setups so just copy it into /usr/local/etc.

# cp /usr/local/etc/birdb.conf.sample /usr/local/etc/birdb.conf

    Now you can check to make sure the backends are available.

# bbdm -l birdb
Installed BIRDB modules
filedb    Filebacked database (b-tree)
plain     Plain text file

Creating the fingerprint record

    You can check to see if the BSP driver was installed correctly and working with the following command. Look for the UPEK TouchChip record (the last one shown here).

# bbdm -l bsp
UUID {ffffffff-ffff-ffff-ffff-ffffffffffff}
Example Vendor libbioapi_dummy100.so (BioAPI v1.1 Dummy BSP)
UUID {263a41e0-71eb-11d4-9c34-124037000000}
BioAPI Consortium libpwbsp.so (BioAPI Password BSP)
UUID {5550454b-2054-464d-2f45-535320425350}
UPEK, Inc. libtfmessbsp.so (TouchChip TFM/ESS Fingerprint BSP)

    Start enrolling users. You can create more than one record for each user (if you are usin the filedb backend) so that if one finger is damaged or cut, you can then use your other finger that is registered.  The finger print reader can also identify the user but only if the records are unique. If you register the same finger for more that one account, then you will have to manually identify the user (not really a problem with the PAM module). 

    The following command creates a new record for the user kirk

# bbdm -b "{5550454b-2054-464d-2f45-535320425350}" -m filedb -c kirk
Enrollment start Put finger
[SWIPE FINGER]
Image processing
Put finger 2nd time
[SWIPE SAME FINGER AGAIN]
Image processing
Put finger 3rd time
[SWIPE SAME FINGER AGAIN]
Image processing
Scanned good image
Operation succeeded
Please verify record
Verification start Put finger
[SWIPE SAME FINGER AGAIN]
Image processing
Scanned good image
Operation succeeded
Record for ``kirk'' created successfully

You can view the created records with the command

# bbdm -b "{5550454b-2054-464d-2f45-535320425350}" -m filedb -r kirk
Records for user ``kirk''
1 Tue Aug 05 08:10:09 2008
2 Tue Aug 05 07:35:24 2008

To verify a record for the user kirk

# bbdm -b "{5550454b-2054-464d-2f45-535320425350}" -m filedb -v kirk
Verification start
Put finger
[SWIPE FINGER] Image processing
Scanned good image
Operation succeeded
Verification sucessful
User record verified (creation time Tue Aug 05 08:10:09 2008)

Configuring PAM for fingerprint logins

    This setup will configure PAM to allow both fingerprint and password login. After the username is entered, it will prompt for you to swipe your finger print. If you don't have one registered for that user, it will then prompt for the password.

    The configuration is done in the /etc/pam.d/system file.  Edit the file to look like the following:

# auth
auth      sufficient  pam_opie.so     no_warn no_fake_prompts
auth      requisite   pam_opieaccess.so   no_warn allow_local
#auth      sufficient  pam_krb5.so     no_warn try_first_pass
#auth      sufficient  pam_ssh.so      no_warn try_first_pass
auth      sufficient  /usr/local/lib/pam_bsdbioapi.so {5550454b-2054-464d-2f45-535320425350} filedb
auth      required    pam_unix.so     no_warn try_first_pass nullok

    This sets up PAM so that it will take the fingerprint as the password but if the fingerprint is wrong or there is no password, it will still accept the password.  If you want to change PAM so that it must have a valid fingerprint, then change the "sufficient" keyword to "required", but be carefull, you could lock your self out if you do not have a fingerprint registered.

Some minor Patches

    After setting up the PAM authentication I was able to login as a user but was not able to login at the console as root.  I know... "shouldn't login as root!" but it was causing the login process to core dump. Not good! I was able ot track it down to the dynamic library libutil that login was compiled against.  The quickest way to fix that was to recompile login with a static libutil.a.  Here is a patched version of the login Makefile that will fix this problem. It's still not the best fix as you will have to apply this patch every time you upgrade your system. If anyone comes up with a better solution, please let me know.

    Applying the patch...

# cd /usr/src/usr.bin/login
# fetch http://www.bohica.net/projects/login.patch
# patch < login.patch
# make
# make install

    NOTE: Flip to another virtual terminal and make sure you are able to login before you logout. You wouldn't want to find out that you have locked yourself out of the system!