Assets 2

Aspire-SW5-012_Kernel_4.14.17-acerium-x22-muqss

Kernel 4.14.17-acerium-x22-muqss for Acer Aspire SW5-012/Fendi2 ONLY!

Forked from XanMod: Linux kernel source code tree - Xanmod Project

Add support:

  • Indirect Branch Restricted Speculation (IBRS)
  • Indirect Branch Prediction Barrier (IBPB)

Built on the latest GCC 7.3.0 (+ add fix full LFENCE).

Important security fix:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

  • Checking whether we're safe according to the /sys interface:
    NO (kernel confirms your system is vulnerable)
    STATUS: VULNERABLE (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: PTI)
 Acerium is a mainline Linux kernel distribution with custom settings.
Optimized to take full advantage of high-performance for Acer Aspire SW5-012/Fendi2.

Supports all recent 64-bit versions of Debian and Ubuntu-based systems. 

Main Features:

Tuned CPU for ATOM platform.
MuQSS CPU Scheduler & Multi-Queue I/O Block Layer w/ BFQ-MQ for smoothness and responsiveness.
Caching, Virtual Memory Manager and CPU Governor Improvements.
General-purpose Multitasking Kernel.
Built on the latest GCC 7.
DRM Optimized Performance.
Westwood+ TCP Congestion Control.
Intel CPUFreq (P-State passive mode).
AUFS, BFQ and Ureadahead support available.

What works:

  • Keyboard
  • Keyboard's Hotkeys
  • Trackpad
  • Touchscreen (multitouch works)
  • Screen rotation
  • Sound
  • HDMI output
  • Switch to External Screen (HDMI)
  • Light sensor
  • Micro SD reader (Read & Write)
  • Wireless/Wifi
  • Bluetooth
  • Battery status information is available
  • Shutdown correctly works
  • Reboot correctly works
  • Screen power management works
  • "SLEEP"(suspend) works

What doesn't work:

  • Sreen backlight (always at full brightness, work from additional script)
  • Built-in camera (the module is not yet in working, but the kernel camera device detecting)

Kernel config file

 Kernel config file Acer Aspire Switch SW5-012/Fendi2 locate to directory
 arch/x86/configs/acer_sw5-012_defconfig

Recommended system configuration

Bluetooth

  Add to /etc/modules load btusb
  or load from console # sudo modprobe btusb

  Add to /etc/rc.local

rfkill unblock bluetooth
hciattach /dev/ttyS4 bcm2035 921600 flow

Brightness

Download, unpack and copy the file brightness.sh to the /etc/acpi/

Use:

Brightness up
# /etc/acpi/brightness.sh up

Brightness down
# /etc/acpi/brightness.sh down


You can use keyboard shortcuts to system settings.

Screen rotation

Bonuses by Peter Nelson!

I wrote a script to rotate the screen from portrait mode to landscape and back. The tricky bit was getting the touch-screen, touch-pad and mouse axes all properly inverted. It’s really icing on the cake for this little hybrid. With the help of the Onboard keyboard (standard Ubuntu) it makes a really nice portrait-mode tablet, now.

You can grab the script and install instructions from its github page:

Download script

Other config files

  • /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="crashkernel=128M-:64M ipv6.disable=1 acpi_osi=Linux pcie_aspm=force intel_iommu=on swiotlb=32768"
GRUB_CMDLINE_LINUX="tsc=reliable clocksource=tsc clocksource_failover=tsc i915.modeset=1 systemd.gpt_auto=0"
  • /etc/modprobe.d/blacklist.conf
blacklist b43
blacklist b43legacy
blacklist ssb
blacklist bcm43xx

blacklist cm3218
blacklist cm32181
blacklist ov2722
  • /etc/fstab
# / was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID / btrfs space_cache,thread_pool=2,compress=lzo,defaults,ssd,autodefrag,subvol=@ 0 1

# /home was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID /home btrfs space_cache,thread_pool=2,compress=lzo,defaults,noatime,nodiratime,ssd,autodefrag,subvol=@home 0 2
  • /etc/sysctl.conf
# Network
vm.min_free_kbytes = 32768
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_mem = 50576   64768   98152
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_syncookies = 1
net.netfilter.nf_conntrack_max = 16777216
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_congestion_control = westwood
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.route.flush = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlan0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.wlan0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_forward = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 1000
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
fs.inotify.max_user_watches = 16777216
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_default_ttl = 63
net.ipv4.tcp_ecn = 1
net.core.default_qdisc = fq_codel
#
# Lowlatency Kernel Tuning
kernel.perf_cpu_time_max_percent=0
#
# IO shedulers
vm.dirty_background_bytes=67108864
vm.dirty_bytes=134217728
  • /etc/network/interfaces
wireless-power off
  • /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf
[connection]
wifi.powersave = 2
  • /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#
rfkill unblock bluetooth
#
hciattach /dev/ttyS4 bcm2035 921600 flow
#
# Fix brcmfmac error
sleep 20
iwconfig wlan0 power off
#
exit 0

and run command:

sudo systemctl enable rc-local.service

Fix start X session

Just add to /etc/default/grub

i915.modeset=1

and then regenerate grub cfg with:

update-grub2
And add this cfg file for X, /etc/X11/xorg.conf.d/20-intel.conf:

Section "Device"
Identifier  "Intel Graphics"
Driver      "modesetting"
Option      "AccelMethod"    "glamor"
EndSection
If start X session fail and error from system journal :

lightdm[1182]: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory

then turn off all the lines containing pam_kwallet.co and pam_kwallet5.so in
all the files in this directory /etc/pam.d

Intel – Fix for Atom MMC/GPT warning.

 I had been getting a warning on boot with recent kernels on my
Intel Atom-based UP system, and found a workaround.
The error flagged is – apparently – harmless, and is due to systemd
not being able to recognise some mmc disk partitions at that stage of the boot process.

......
[ 5.124250] systemd-gpt-auto-generator[416]: Failed to dissect: Input/output error
......

The workaround is to add systemd.gpt_auto=0 to the kernel command line.

Donate via BTC

Wallet: 1KvWrbLhuzk8DSb2Yq2948bMj3uQvVTQCW

@AndyLavr AndyLavr released this Jan 28, 2018 · 5 commits to 4.14-ibpb-muqss since this release

Assets 2

Aspire-SW5-012_Kernel_4.14.15-acerium-x20s2-muqss

Kernel 4.14.15-acerium-x20s2-muqss for Acer Aspire SW5-012/Fendi2 ONLY!

Forked from XanMod: Linux kernel source code tree - Xanmod Project

Add support:

  • Indirect Branch Restricted Speculation (IBRS)
  • Indirect Branch Prediction Barrier (IBPB)

Built on the latest GCC 7.3.0 (+ add fix full LFENCE).

Important security fix:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

  • Checking whether we're safe according to the /sys interface:
    NO (kernel confirms your system is vulnerable)
    STATUS: VULNERABLE (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: PTI)
 Acerium is a mainline Linux kernel distribution with custom settings.
Optimized to take full advantage of high-performance for Acer Aspire SW5-012/Fendi2.

Supports all recent 64-bit versions of Debian and Ubuntu-based systems. 

Main Features:

Tuned CPU for ATOM platform.
MuQSS CPU Scheduler & Multi-Queue I/O Block Layer w/ BFQ-MQ for smoothness and responsiveness.
Caching, Virtual Memory Manager and CPU Governor Improvements.
General-purpose Multitasking Kernel.
Built on the latest GCC 7.
DRM Optimized Performance.
Westwood+ TCP Congestion Control.
Intel CPUFreq (P-State passive mode).
AUFS, BFQ and Ureadahead support available.

What works:

  • Keyboard
  • Keyboard's Hotkeys
  • Trackpad
  • Touchscreen (multitouch works)
  • Screen rotation
  • Sound
  • HDMI output
  • Switch to External Screen (HDMI)
  • Light sensor
  • Micro SD reader (Read & Write)
  • Wireless/Wifi
  • Bluetooth
  • Battery status information is available
  • Shutdown correctly works
  • Reboot correctly works
  • Screen power management works
  • "SLEEP"(suspend) works

What doesn't work:

  • Sreen backlight (always at full brightness, work from additional script)
  • Built-in camera (the module is not yet in working, but the kernel camera device detecting)

Kernel config file

 Kernel config file Acer Aspire Switch SW5-012/Fendi2 locate to directory
 arch/x86/configs/acer_sw5-012_defconfig

Recommended system configuration

Bluetooth

  Add to /etc/modules load btusb
  or load from console # sudo modprobe btusb

  Add to /etc/rc.local

rfkill unblock bluetooth
hciattach /dev/ttyS4 bcm2035 921600 flow

Brightness

Download, unpack and copy the file brightness.sh to the /etc/acpi/

Use:

Brightness up
# /etc/acpi/brightness.sh up

Brightness down
# /etc/acpi/brightness.sh down


You can use keyboard shortcuts to system settings.

Screen rotation

Bonuses by Peter Nelson!

I wrote a script to rotate the screen from portrait mode to landscape and back. The tricky bit was getting the touch-screen, touch-pad and mouse axes all properly inverted. It’s really icing on the cake for this little hybrid. With the help of the Onboard keyboard (standard Ubuntu) it makes a really nice portrait-mode tablet, now.

You can grab the script and install instructions from its github page:

Download script

Other config files

  • /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="crashkernel=128M-:64M ipv6.disable=1 acpi_osi=Linux pcie_aspm=force intel_iommu=on swiotlb=32768"
GRUB_CMDLINE_LINUX="tsc=reliable clocksource=tsc clocksource_failover=tsc i915.modeset=1 systemd.gpt_auto=0"
  • /etc/modprobe.d/blacklist.conf
blacklist b43
blacklist b43legacy
blacklist ssb
blacklist bcm43xx

blacklist cm3218
blacklist cm32181
blacklist ov2722
  • /etc/fstab
# / was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID / btrfs space_cache,thread_pool=2,compress=lzo,defaults,ssd,autodefrag,subvol=@ 0 1

# /home was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID /home btrfs space_cache,thread_pool=2,compress=lzo,defaults,noatime,nodiratime,ssd,autodefrag,subvol=@home 0 2
  • /etc/sysctl.conf
# Network
vm.min_free_kbytes = 32768
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_mem = 50576   64768   98152
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_syncookies = 1
net.netfilter.nf_conntrack_max = 16777216
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_congestion_control = westwood
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.route.flush = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlan0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.wlan0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_forward = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 1000
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
fs.inotify.max_user_watches = 16777216
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_default_ttl = 63
net.ipv4.tcp_ecn = 1
net.core.default_qdisc = fq_codel
#
# Lowlatency Kernel Tuning
kernel.perf_cpu_time_max_percent=0
#
# IO shedulers
vm.dirty_background_bytes=67108864
vm.dirty_bytes=134217728
  • /etc/network/interfaces
wireless-power off
  • /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf
[connection]
wifi.powersave = 2
  • /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#
rfkill unblock bluetooth
#
hciattach /dev/ttyS4 bcm2035 921600 flow
#
# Fix brcmfmac error
sleep 20
iwconfig wlan0 power off
#
exit 0

and run command:

sudo systemctl enable rc-local.service

Fix start X session

Just add to /etc/default/grub

i915.modeset=1

and then regenerate grub cfg with:

update-grub2
And add this cfg file for X, /etc/X11/xorg.conf.d/20-intel.conf:

Section "Device"
Identifier  "Intel Graphics"
Driver      "modesetting"
Option      "AccelMethod"    "glamor"
EndSection
If start X session fail and error from system journal :

lightdm[1182]: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory

then turn off all the lines containing pam_kwallet.co and pam_kwallet5.so in
all the files in this directory /etc/pam.d

Intel – Fix for Atom MMC/GPT warning.

 I had been getting a warning on boot with recent kernels on my
Intel Atom-based UP system, and found a workaround.
The error flagged is – apparently – harmless, and is due to systemd
not being able to recognise some mmc disk partitions at that stage of the boot process.

......
[ 5.124250] systemd-gpt-auto-generator[416]: Failed to dissect: Input/output error
......

The workaround is to add systemd.gpt_auto=0 to the kernel command line.

Donate via BTC

Wallet: 1KvWrbLhuzk8DSb2Yq2948bMj3uQvVTQCW

Assets 2

Aspire-SW5-012_Kernel_4.14.15-acerium-x20s1-muqss

Kernel 4.14.15-acerium-x20s1-muqss for Acer Aspire SW5-012/Fendi2 ONLY!

Forked from XanMod: Linux kernel source code tree - Xanmod Project

Add support:

  • Indirect Branch Restricted Speculation (IBRS)
  • Indirect Branch Prediction Barrier (IBPB)

Built on the latest GCC 7.3.0 (+ add fix full LFENCE).

Important security fix:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

  • Checking whether we're safe according to the /sys interface:
    NO (kernel confirms your system is vulnerable)
    STATUS: VULNERABLE (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: PTI)
 Acerium is a mainline Linux kernel distribution with custom settings.
Optimized to take full advantage of high-performance for Acer Aspire SW5-012/Fendi2.

Supports all recent 64-bit versions of Debian and Ubuntu-based systems. 

Main Features:

Tuned CPU for ATOM platform.
MuQSS CPU Scheduler & Multi-Queue I/O Block Layer w/ BFQ-MQ for smoothness and responsiveness.
Caching, Virtual Memory Manager and CPU Governor Improvements.
General-purpose Multitasking Kernel.
Built on the latest GCC 7.
DRM Optimized Performance.
Westwood+ TCP Congestion Control.
Intel CPUFreq (P-State passive mode).
AUFS, BFQ and Ureadahead support available.

What works:

  • Keyboard
  • Keyboard's Hotkeys
  • Trackpad
  • Touchscreen (multitouch works)
  • Screen rotation
  • Sound
  • HDMI output
  • Switch to External Screen (HDMI)
  • Light sensor
  • Micro SD reader (Read & Write)
  • Wireless/Wifi
  • Bluetooth
  • Battery status information is available
  • Shutdown correctly works
  • Reboot correctly works
  • Screen power management works
  • "SLEEP"(suspend) works

What doesn't work:

  • Sreen backlight (always at full brightness, work from additional script)
  • Built-in camera (the module is not yet in working, but the kernel camera device detecting)

Kernel config file

 Kernel config file Acer Aspire Switch SW5-012/Fendi2 locate to directory
 arch/x86/configs/acer_sw5-012_defconfig

Recommended system configuration

Bluetooth

  Add to /etc/modules load btusb
  or load from console # sudo modprobe btusb

  Add to /etc/rc.local

rfkill unblock bluetooth
hciattach /dev/ttyS4 bcm2035 921600 flow

Brightness

Download, unpack and copy the file brightness.sh to the /etc/acpi/

Use:

Brightness up
# /etc/acpi/brightness.sh up

Brightness down
# /etc/acpi/brightness.sh down


You can use keyboard shortcuts to system settings.

Screen rotation

Bonuses by Peter Nelson!

I wrote a script to rotate the screen from portrait mode to landscape and back. The tricky bit was getting the touch-screen, touch-pad and mouse axes all properly inverted. It’s really icing on the cake for this little hybrid. With the help of the Onboard keyboard (standard Ubuntu) it makes a really nice portrait-mode tablet, now.

You can grab the script and install instructions from its github page:

Download script

Other config files

  • /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="crashkernel=128M-:64M ipv6.disable=1 acpi_osi=Linux pcie_aspm=force intel_iommu=on swiotlb=32768"
GRUB_CMDLINE_LINUX="tsc=reliable clocksource=tsc clocksource_failover=tsc i915.modeset=1 systemd.gpt_auto=0"
  • /etc/modprobe.d/blacklist.conf
blacklist b43
blacklist b43legacy
blacklist ssb
blacklist bcm43xx

blacklist cm3218
blacklist cm32181
blacklist ov2722
  • /etc/fstab
# / was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID / btrfs space_cache,thread_pool=2,compress=lzo,defaults,ssd,autodefrag,subvol=@ 0 1

# /home was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID /home btrfs space_cache,thread_pool=2,compress=lzo,defaults,noatime,nodiratime,ssd,autodefrag,subvol=@home 0 2
  • /etc/sysctl.conf
# Network
vm.min_free_kbytes = 32768
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_mem = 50576   64768   98152
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_syncookies = 1
net.netfilter.nf_conntrack_max = 16777216
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_congestion_control = westwood
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.route.flush = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlan0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.wlan0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_forward = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 1000
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
fs.inotify.max_user_watches = 16777216
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_default_ttl = 63
net.ipv4.tcp_ecn = 1
net.core.default_qdisc = fq_codel
#
# Lowlatency Kernel Tuning
kernel.perf_cpu_time_max_percent=0
#
# IO shedulers
vm.dirty_background_bytes=67108864
vm.dirty_bytes=134217728
  • /etc/network/interfaces
wireless-power off
  • /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf
[connection]
wifi.powersave = 2
  • /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#
rfkill unblock bluetooth
#
hciattach /dev/ttyS4 bcm2035 921600 flow
#
# Fix brcmfmac error
sleep 20
iwconfig wlan0 power off
#
exit 0

and run command:

sudo systemctl enable rc-local.service

Fix start X session

Just add to /etc/default/grub

i915.modeset=1

and then regenerate grub cfg with:

update-grub2
And add this cfg file for X, /etc/X11/xorg.conf.d/20-intel.conf:

Section "Device"
Identifier  "Intel Graphics"
Driver      "modesetting"
Option      "AccelMethod"    "glamor"
EndSection
If start X session fail and error from system journal :

lightdm[1182]: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory

then turn off all the lines containing pam_kwallet.co and pam_kwallet5.so in
all the files in this directory /etc/pam.d

Intel – Fix for Atom MMC/GPT warning.

 I had been getting a warning on boot with recent kernels on my
Intel Atom-based UP system, and found a workaround.
The error flagged is – apparently – harmless, and is due to systemd
not being able to recognise some mmc disk partitions at that stage of the boot process.

......
[ 5.124250] systemd-gpt-auto-generator[416]: Failed to dissect: Input/output error
......

The workaround is to add systemd.gpt_auto=0 to the kernel command line.

Donate via BTC

Wallet: 1KvWrbLhuzk8DSb2Yq2948bMj3uQvVTQCW

@AndyLavr AndyLavr released this Jan 26, 2018 · 32 commits to 4.14-ibpb-muqss since this release

Assets 2

Aspire-SW5-012_Kernel_4.14.15-acerium-x20-muqss

Kernel 4.14.15-acerium-x20-muqss for Acer Aspire SW5-012/Fendi2 ONLY!

Forked from XanMod: Linux kernel source code tree - Xanmod Project

Add support:

  • Indirect Branch Restricted Speculation (IBRS)
  • Indirect Branch Prediction Barrier (IBPB)

Built on the latest GCC 7.3.0.

Important security fix:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

  • Checking whether we're safe according to the /sys interface:
    NO (kernel confirms your system is vulnerable)
    STATUS: VULNERABLE (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: PTI)
 Acerium is a mainline Linux kernel distribution with custom settings.
Optimized to take full advantage of high-performance for Acer Aspire SW5-012/Fendi2.

Supports all recent 64-bit versions of Debian and Ubuntu-based systems. 

Main Features:

Tuned CPU for ATOM platform.
MuQSS CPU Scheduler & Multi-Queue I/O Block Layer w/ BFQ-MQ for smoothness and responsiveness.
Caching, Virtual Memory Manager and CPU Governor Improvements.
General-purpose Multitasking Kernel.
Built on the latest GCC 7.
DRM Optimized Performance.
Westwood+ TCP Congestion Control.
Intel CPUFreq (P-State passive mode).
AUFS, BFQ and Ureadahead support available.

What works:

  • Keyboard
  • Keyboard's Hotkeys
  • Trackpad
  • Touchscreen (multitouch works)
  • Screen rotation
  • Sound
  • HDMI output
  • Switch to External Screen (HDMI)
  • Light sensor
  • Micro SD reader (Read & Write)
  • Wireless/Wifi
  • Bluetooth
  • Battery status information is available
  • Shutdown correctly works
  • Reboot correctly works
  • Screen power management works
  • "SLEEP"(suspend) works

What doesn't work:

  • Sreen backlight (always at full brightness, work from additional script)
  • Built-in camera (the module is not yet in working, but the kernel camera device detecting)

Kernel config file

 Kernel config file Acer Aspire Switch SW5-012/Fendi2 locate to directory
 arch/x86/configs/acer_sw5-012_defconfig

Recommended system configuration

Bluetooth

  Add to /etc/modules load btusb
  or load from console # sudo modprobe btusb

  Add to /etc/rc.local

rfkill unblock bluetooth
hciattach /dev/ttyS4 bcm2035 921600 flow

Brightness

Download, unpack and copy the file brightness.sh to the /etc/acpi/

Use:

Brightness up
# /etc/acpi/brightness.sh up

Brightness down
# /etc/acpi/brightness.sh down


You can use keyboard shortcuts to system settings.

Screen rotation

Bonuses by Peter Nelson!

I wrote a script to rotate the screen from portrait mode to landscape and back. The tricky bit was getting the touch-screen, touch-pad and mouse axes all properly inverted. It’s really icing on the cake for this little hybrid. With the help of the Onboard keyboard (standard Ubuntu) it makes a really nice portrait-mode tablet, now.

You can grab the script and install instructions from its github page:

Download script

Other config files

  • /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="crashkernel=128M-:64M ipv6.disable=1 acpi_osi=Linux pcie_aspm=force intel_iommu=on swiotlb=32768"
GRUB_CMDLINE_LINUX="tsc=reliable clocksource=tsc clocksource_failover=tsc i915.modeset=1 systemd.gpt_auto=0"
  • /etc/modprobe.d/blacklist.conf
blacklist b43
blacklist b43legacy
blacklist ssb
blacklist bcm43xx

blacklist cm3218
blacklist cm32181
blacklist ov2722
  • /etc/fstab
# / was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID / btrfs space_cache,thread_pool=2,compress=lzo,defaults,ssd,autodefrag,subvol=@ 0 1

# /home was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID /home btrfs space_cache,thread_pool=2,compress=lzo,defaults,noatime,nodiratime,ssd,autodefrag,subvol=@home 0 2
  • /etc/sysctl.conf
# Network
vm.min_free_kbytes = 32768
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_mem = 50576   64768   98152
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_syncookies = 1
net.netfilter.nf_conntrack_max = 16777216
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_congestion_control = westwood
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.route.flush = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlan0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.wlan0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_forward = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 1000
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
fs.inotify.max_user_watches = 16777216
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_default_ttl = 63
net.ipv4.tcp_ecn = 1
net.core.default_qdisc = fq_codel
#
# Lowlatency Kernel Tuning
kernel.perf_cpu_time_max_percent=0
#
# IO shedulers
vm.dirty_background_bytes=67108864
vm.dirty_bytes=134217728
  • /etc/network/interfaces
wireless-power off
  • /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf
[connection]
wifi.powersave = 2
  • /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#
rfkill unblock bluetooth
#
hciattach /dev/ttyS4 bcm2035 921600 flow
#
# Fix brcmfmac error
sleep 20
iwconfig wlan0 power off
#
exit 0

and run command:

sudo systemctl enable rc-local.service

Fix start X session

Just add to /etc/default/grub

i915.modeset=1

and then regenerate grub cfg with:

update-grub2
And add this cfg file for X, /etc/X11/xorg.conf.d/20-intel.conf:

Section "Device"
Identifier  "Intel Graphics"
Driver      "modesetting"
Option      "AccelMethod"    "glamor"
EndSection
If start X session fail and error from system journal :

lightdm[1182]: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory

then turn off all the lines containing pam_kwallet.co and pam_kwallet5.so in
all the files in this directory /etc/pam.d

Intel – Fix for Atom MMC/GPT warning.

 I had been getting a warning on boot with recent kernels on my
Intel Atom-based UP system, and found a workaround.
The error flagged is – apparently – harmless, and is due to systemd
not being able to recognise some mmc disk partitions at that stage of the boot process.

......
[ 5.124250] systemd-gpt-auto-generator[416]: Failed to dissect: Input/output error
......

The workaround is to add systemd.gpt_auto=0 to the kernel command line.

Donate via BTC

Wallet: 1KvWrbLhuzk8DSb2Yq2948bMj3uQvVTQCW

Assets 2

Aspire-SW5-012_Kernel_4.14.15-acerium-x19s5-muqss

Kernel 4.14.15-acerium-x19s5-muqss for Acer Aspire SW5-012/Fendi2 ONLY!

Forked from XanMod: Linux kernel source code tree - Xanmod Project

Add Indirect Branch Restricted Speculation (IBRS) and Indirect Branch Prediction Barrier (IBPB) support.

Built on the latest GCC 7.2.1 (7.3.0-RC-20180122).

Important security fix:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

  • Checking whether we're safe according to the /sys interface:
    NO (kernel confirms your system is vulnerable)
    STATUS: VULNERABLE (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

  • Checking whether we're safe according to the /sys interface:
    YES (kernel confirms that the mitigation is active)
    STATUS: NOT VULNERABLE (Mitigation: PTI)
 Acerium is a mainline Linux kernel distribution with custom settings.
Optimized to take full advantage of high-performance for Acer Aspire SW5-012/Fendi2.

Supports all recent 64-bit versions of Debian and Ubuntu-based systems. 

Main Features:

Tuned CPU for ATOM platform.
MuQSS CPU Scheduler & Multi-Queue I/O Block Layer w/ BFQ-MQ for smoothness and responsiveness.
Caching, Virtual Memory Manager and CPU Governor Improvements.
General-purpose Multitasking Kernel.
Built on the latest GCC 7.
DRM Optimized Performance.
Westwood+ TCP Congestion Control.
Intel CPUFreq (P-State passive mode).
AUFS, BFQ and Ureadahead support available.

What works:

  • Keyboard
  • Keyboard's Hotkeys
  • Trackpad
  • Touchscreen (multitouch works)
  • Screen rotation
  • Sound
  • HDMI output
  • Switch to External Screen (HDMI)
  • Light sensor
  • Micro SD reader (Read & Write)
  • Wireless/Wifi
  • Bluetooth
  • Battery status information is available
  • Shutdown correctly works
  • Reboot correctly works
  • Screen power management works
  • "SLEEP"(suspend) works

What doesn't work:

  • Sreen backlight (always at full brightness, work from additional script)
  • Built-in camera (the module is not yet in working, but the kernel camera device detecting)

Kernel config file

 Kernel config file Acer Aspire Switch SW5-012/Fendi2 locate to directory
 arch/x86/configs/acer_sw5-012_defconfig

Recommended system configuration

Bluetooth

  Add to /etc/modules load btusb
  or load from console # sudo modprobe btusb

  Add to /etc/rc.local

rfkill unblock bluetooth
hciattach /dev/ttyS4 bcm2035 921600 flow

Brightness

Download, unpack and copy the file brightness.sh to the /etc/acpi/

Use:

Brightness up
# /etc/acpi/brightness.sh up

Brightness down
# /etc/acpi/brightness.sh down


You can use keyboard shortcuts to system settings.

Screen rotation

Bonuses by Peter Nelson!

I wrote a script to rotate the screen from portrait mode to landscape and back. The tricky bit was getting the touch-screen, touch-pad and mouse axes all properly inverted. It’s really icing on the cake for this little hybrid. With the help of the Onboard keyboard (standard Ubuntu) it makes a really nice portrait-mode tablet, now.

You can grab the script and install instructions from its github page:

Download script

Other config files

  • /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="crashkernel=128M-:64M ipv6.disable=1 acpi_osi=Linux pcie_aspm=force intel_iommu=on swiotlb=32768"
GRUB_CMDLINE_LINUX="tsc=reliable clocksource=tsc clocksource_failover=tsc i915.modeset=1 systemd.gpt_auto=0"
  • /etc/modprobe.d/blacklist.conf
blacklist b43
blacklist b43legacy
blacklist ssb
blacklist bcm43xx

blacklist cm3218
blacklist cm32181
blacklist ov2722
  • /etc/fstab
# / was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID / btrfs space_cache,thread_pool=2,compress=lzo,defaults,ssd,autodefrag,subvol=@ 0 1

# /home was on /dev/mmcblk1p2 during installation
UUID=your_disk_UUID /home btrfs space_cache,thread_pool=2,compress=lzo,defaults,noatime,nodiratime,ssd,autodefrag,subvol=@home 0 2
  • /etc/sysctl.conf
# Network
vm.min_free_kbytes = 32768
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_mem = 50576   64768   98152
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_syncookies = 1
net.netfilter.nf_conntrack_max = 16777216
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_congestion_control = westwood
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.route.flush = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlan0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.wlan0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_forward = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 1000
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
fs.inotify.max_user_watches = 16777216
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.ip_default_ttl = 63
net.ipv4.tcp_ecn = 1
net.core.default_qdisc = fq_codel
#
# Lowlatency Kernel Tuning
kernel.perf_cpu_time_max_percent=0
#
# IO shedulers
vm.dirty_background_bytes=67108864
vm.dirty_bytes=134217728
  • /etc/network/interfaces
wireless-power off
  • /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf
[connection]
wifi.powersave = 2
  • /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#
rfkill unblock bluetooth
#
hciattach /dev/ttyS4 bcm2035 921600 flow
#
# Fix brcmfmac error
sleep 20
iwconfig wlan0 power off
#
exit 0

and run command:

sudo systemctl enable rc-local.service

Fix start X session

Just add to /etc/default/grub

i915.modeset=1

and then regenerate grub cfg with:

update-grub2
And add this cfg file for X, /etc/X11/xorg.conf.d/20-intel.conf:

Section "Device"
Identifier  "Intel Graphics"
Driver      "modesetting"
Option      "AccelMethod"    "glamor"
EndSection
If start X session fail and error from system journal :

lightdm[1182]: PAM unable to dlopen(pam_kwallet.so):
/lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory

then turn off all the lines containing pam_kwallet.co and pam_kwallet5.so in
all the files in this directory /etc/pam.d

Intel – Fix for Atom MMC/GPT warning.

 I had been getting a warning on boot with recent kernels on my
Intel Atom-based UP system, and found a workaround.
The error flagged is – apparently – harmless, and is due to systemd
not being able to recognise some mmc disk partitions at that stage of the boot process.

......
[ 5.124250] systemd-gpt-auto-generator[416]: Failed to dissect: Input/output error
......

The workaround is to add systemd.gpt_auto=0 to the kernel command line.

Donate via BTC

Wallet: 1KvWrbLhuzk8DSb2Yq2948bMj3uQvVTQCW