64-bit Hardened Gentoo Linux on Acer Aspire ONE D270-26Dkk netbook

I want to use this netbook as a low power server in my homenetwork. This netbook came with MeeGo Linux, not suited for this task. As a long time Gentoo user I chose Gentoo Hardened as operating system, in 64-bit flavor to take full advantage of the Intel Atom N2600 processor. I know at this moment Intel only releases 32-bit drivers for GMA 3600 but in this case I have no need for accellerated X or the HDMI/VGA output.

Hardware

CPU: Intel Atom CPU N2600
Clock Speed1.60GHz
# of Cores2
# of Threads4
L2 Cache2x 512K
Instruction Set64-bit
ExtensionsSSE2, SSE3, SSSE3
Chipset:Mobile Intel NM10 Express Chipset
Memory:2 GB DDR3 Synchronous 666 MHz (1.5 ns)
VGA:Intel GMA 3600
Display:10.1" SD 1024 x 600 (WSVGA) resolution, high-brightness (200-nit) LED-backlit TFT LCD
Audio:Intel Corporation NM10/ICH7 Family High Definition Audio Controller - Realtek ALC269VB
Ethernet:Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller - 100Mbit/s
Wireless:Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller
Storage:2.5" TOSHIBA MK3259GS 320 GB / 5400 rpm
Realtek Semiconductor Co., Ltd. RTS5209 PCI Express Card Reader
Webcam:Chicony Electronics Co., Ltd
Control:84-key QWERTY keyboard
ETPS/2 Elantech Touchpad
Input/OutputMulti-in-1 card reader | 3x USB 2.0 | HDMI/VGA out | Headphone/speaker jack | Microphone-in jack | Ethernet (RJ-45) port | DC-in jack for AC adapter

lspci

00:00.0 Host bridge: Intel Corporation Atom Processor D2xxx/N2xxx DRAM Controller (rev 03)
00:02.0 VGA compatible controller: Intel Corporation Atom Processor D2xxx/N2xxx Integrated Graphics Controller (rev 09)
00:1b.0 Audio device: Intel Corporation NM10/ICH7 Family High Definition Audio Controller (rev 02)
00:1c.0 PCI bridge: Intel Corporation NM10/ICH7 Family PCI Express Port 1 (rev 02)
00:1c.1 PCI bridge: Intel Corporation NM10/ICH7 Family PCI Express Port 2 (rev 02)
00:1c.2 PCI bridge: Intel Corporation NM10/ICH7 Family PCI Express Port 3 (rev 02)
00:1d.0 USB controller: Intel Corporation NM10/ICH7 Family USB UHCI Controller #1 (rev 02)
00:1d.1 USB controller: Intel Corporation NM10/ICH7 Family USB UHCI Controller #2 (rev 02)
00:1d.2 USB controller: Intel Corporation NM10/ICH7 Family USB UHCI Controller #3 (rev 02)
00:1d.3 USB controller: Intel Corporation NM10/ICH7 Family USB UHCI Controller #4 (rev 02)
00:1d.7 USB controller: Intel Corporation NM10/ICH7 Family USB2 EHCI Controller (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev e2)
00:1f.0 ISA bridge: Intel Corporation NM10 Family LPC Controller (rev 02)
00:1f.2 SATA controller: Intel Corporation NM10/ICH7 Family SATA Controller [AHCI mode] (rev 02)
00:1f.3 SMBus: Intel Corporation NM10/ICH7 Family SMBus Controller (rev 02)
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 05)
02:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller (rev 01)
03:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5209 PCI Express Card Reader (rev 01)

Configuring the Compile Options

I set the profile for a pure 64-bit environment, with no 32-bit applications or libraries. 
# eselect profile show
Current /etc/portage/make.profile symlink:
   hardened/linux/amd64/no-multilib

Determining available Atom processor features with -march=native
-march=atom enables -mmmx -msse -msse2 -msse3 -mssse3 among other options 
$ echo "" | gcc -march=native -v -E - 2>&1 | grep cc1
 /usr/libexec/gcc/x86_64-pc-linux-gnu/4.7.2/cc1 -E -quiet -v - -march=atom -mcx16 -msahf -mmovbe -mno-aes -mno-pclmul -mno-popcnt -mno-abm -mno-lwp -mno-fma -mno-fma4 -mno-xop -mno-bmi -mno-bmi2 -mno-tbm -mno-avx -mno-avx2 -mno-sse4.2 -mno-sse4.1 -mno-lzcnt -mno-rdrnd -mno-f16c -mno-fsgsbase --param l1-cache-size=24 --param l1-cache-line-size=64 --param l2-cache-size=512 -mtune=generic -fno-strict-overflow -fPIE -fstack-protector-all

-march=atom already enables -mcx16 -msahf -mmovbe, so the final result in /etc/portage/make.conf is: 
CHOST="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=atom -pipe --param l1-cache-size=24 --param l1-cache-line-size=64 --param l2-cache-size=512 -mtune=generic"
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j4"

Configuring the kernel

I based my kernel .config on a x86_64 hardened kernel seed and enabled options for the hardware in my aod270.

cpu

Processor type and features  --->
	(4) Maximum number of CPUs
	[*] Symmetric multi-processing support
	Processor family ()  --->
		 (X) Intel Atom
	[*] SMT (Hyperthreading) scheduler support
	[*] Multi-core scheduler support
	[*] Machine Check / overheating reporting
	[*]   Intel MCE features
	<*> /dev/cpu/microcode - microcode support
	[*]   Intel microcode patch loading support

Chipset

Device Drivers  --->
	<*> Serial ATA and Parallel ATA drivers  --->
		<*>   AHCI SATA support
	[*] Watchdog Timer Support  --->
		<*>   Intel TCO Timer/Watchdog
	Input device support  --->
		[*]   Mice  --->
			<M>   PS/2 mouse
			[*]     Elantech PS/2 protocol extension
	-*- I2C support  --->
		I2C Hardware Bus support  ---> 
			<*> Intel 82801 (ICH/PCH)   
	-*- Hardware Monitoring support  --->
		<*>   Intel Core/Core2/Atom temperature sensor 
	Graphics support  --->
		<*> /dev/agpgart (AGP Support)  --->
			<*>   Intel 440LX/BX/GX, I8xx and E7x05 chipset support
	[*] USB support  --->  
		<*>   Support for Host-side USB
			<*>   EHCI HCD (USB 2.0) support
			<*>   UHCI HCD (most Intel and VIA) support  
	[*] Staging drivers  --->
		<*>   RealTek PCI-E Card Reader support

Network

Device Drivers  --->
	[*] Network device support  --->
		[*]   Ethernet driver support  --->
			[*]   Realtek devices
			<*>     Realtek 8169 gigabit ethernet support
		[*]   Wireless LAN  --->
			<M>   Broadcom IEEE802.11n PCIe SoftMAC WLAN driver
	Broadcom specific AMBA  --->
		<M> BCMA support
		[*]   Support for BCMA on PCI-host bus
		[*] BCMA Broadcom GBIT MAC COMMON core driver
[*] Networking support  --->
	-*-   Wireless  --->
		<M>   cfg80211 - wireless configuration API 
		[*]     cfg80211 wireless extensions compatibility
		<M>   Generic IEEE 802.11 Networking Stack (mac80211)

In addition to the kernel driver, you need firmware for the Broadcom BCM4313 wireless card. 
# emerge net-wireless/b43-firmware

Sound

Device Drivers  --->
	<M> Sound card support  --->
		<M>   Advanced Linux Sound Architecture  --->
			[*]   PCI sound devices  --->
				 <M>   Intel HD Audio  --->
					[*]   Support initialization patch loading for HD-audio
					[*]   Build Realtek HD-audio codec support

   

Webcam

Device Drivers  --->
	 Multimedia support  --->
		[*]   Cameras/video grabbers support
		[*]   Video capture adapters  --->
			[*]   V4L USB devices  --->
				<M>   USB Video Class (UVC)

Xorg

The Atom N2600 uses an Intel GMA 3600, an integrated video adapter based on the PowerVR SGX 545 graphics core. At the moment Intel has no 64-bit driver for Xorg. However you can get basic support with the fbdev framebuffer video driver. To get Xorg to use the right DPI settings for the 10.1" display, I put the specifications on the physical size of the screen in the Xorg configuration file so that the proper DPI is calculated.

/etc/portage/make.conf 
VIDEO_CARDS="fbdev"
INPUT_DEVICES="evdev synaptics"

/etc/X11/xorg.conf.d/10-monitor.conf
Section "Screen"
    Identifier             "Screen0"
    Device                 "Intel GMA3600"
    Monitor                "Monitor0"
EndSection

Section "Monitor"
    Identifier             "Monitor0"
    DisplaySize            221 130    # In millimeters
EndSection

/etc/X11/xorg.conf.d/50-device.conf 
Section "Device"
    Identifier             "Intel GMA3600"
    Driver                 "fbdev"
EndSection

/etc/X11/xorg.conf.d/10-evdev.conf 
Section "InputClass"
        Identifier "evdev keyboard catchall"
        MatchIsKeyboard "on"
        MatchDevicePath "/dev/input/event*"
        Driver "evdev"
EndSection


Fot the ETPS/2 Elantech touchpad, the psmouse module must be loaded with the proto=auto parameter. You also have to enable the tap-to-click and the vertical edge scrolling in the synaptics config.
/etc/modprobe.d/touchpad.conf
options psmouse proto=auto

/etc/X11/xorg.conf.d/10-synaptics.conf 
Section "InputClass"
        Identifier "touchpad"
        MatchIsTouchpad "on"
        MatchDevicePath "/dev/input/event*"
        Driver "synaptics"
		Option "TapButton1" "1"
		Option "VertEdgeScroll" "on"
EndSection

Playing video

To play video in X, I had to set my mediaplayers to use x11 video output. I also set the decoding threads to 4 to utilize the maximum power of the Atom CPU to decode video. This way I can play fullscreen HD movies with my GMA 3600 in smplayer and VLC.

.config/smplayer/smplayer.ini 
driver\vo=x11
lavdthreads=4
.config/vlc/vlcrc 
vout=xcb_x11
ffmpeg-threads=4

Screenshot

BIOS updates

To update the BIOS on the Acer aod270, I made a small bootable fat16 partition on a usb stick and used unetbootin to install FreeDOS on it. Start unetbootin from the command line or it wont detect your usb drive.
# emerge -av unetbootin
# mount /dev/sdb2 /mnt/dos
# unetbootin installtype=USB targetdrive=/dev/sdb2



download the latest bios from Acer support and copy the dos .exe to the fat16 partition.
Reboot from the USB, start a live FreeDOS session and run the bios update .exe from the c: drive