Monday, April 03, 2017

Using CAC with KVM/QEMU and remote viewer

To use a SmartCard or CAC with kvm/qemu, you'll need to install remote-viewer on the machine that will run remote-viewer to connect to the remote VM. The VM will need the Smartcard hardware installed and set to Passthrough. A CCID controller will be required as well.

The command to connect to the VM with the smartcard is

remote-viewer --spice-smartcard spice://<ip or hostname of VM host>:5900

Sunday, February 26, 2017

Nouveau Fedora Dell 6520

I have a Dell E6520 personal laptop. It's old and I've had problems with the Nouveau and Nvidia GPU. With the update to Fedora 25 and Wayland, I started having more random lockups. I had disabled hardware video acceleration in Chrome, but that wasn't fixing the issue. I finally decided to lookup disabling Wayland and video acceleration. To disable Wayland, edit /etc/gdm/custom.conf:
# Uncoment the line below to force the login screen to use Xorg
To disable nouveau acceleration, edit /etc/default/grub
GRUB_CMDLINE_LINUX="rhgb quiet nouveau.noaccel=1"
Run the grub2-mkconfig command:
sudo grub2-mkconfig --output="/boot/grub2/grub.cfg

Tuesday, January 24, 2017

Intel AMT Serial Over LAN

Quick post about what I needed to do to get Serial Over Lan (SOL) working on an HP z420 workstation. This machine has a Xeon processor. Sincce there's no integrated graphics, the KVM capaability of Intel vPro/AMT doesn't work. Modify /etc/default/grub and add the following two lines at the end fo the file.
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS4,115200n8"
GRUB_SERIAL_COMMAND="serial --speed=115200 --port=0xe060 --word=8 --parity=no --stop=1"
Create the file /etc/systemd/system/serial-getty@ttyS4.service with the following contents.
#  This file is part of systemd.
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

Description=Serial Getty on %I
Documentation=man:agetty(8) man:systemd-getty-generator(8)
After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service

# If additional gettys are spawned during boot then we should make
# sure that this is synchronized before, even though
# didn't actually pull it in.

ExecStart=-/sbin/agetty --keep-baud 115200 %I vt100-nav 

Enable the ttyS4 getty in systemctl with command below.
systemctl enable serial-getty@ttyS4.service
Reboot your machine. You should be able to use SOl via the following command. There will be a prompt for the AMT password. This was set in your BIOS.
amtterm host or ip address
Check the status of the getty
systemctl status serial-getty@ttyS4.service

Sunday, January 08, 2017

Opensource Software Waivers and the U.S. Government

Opensource software waivers are a joke. It may take many months or even a year or more to get the software approved. It may only be for a specific version of the software as well. So, when you do get the software approved you may not be able to use the latest with whatever security patches that have been approved. If anything, the process and bureaucracy are making the their organizations more insecure.