This is an old revision of the document!
Table of Contents
Fundamentals of FreeBSD
Getting Started with FreeBSD
The Kernel
Interfacing FreeBSD with U-Boot
Building u-boot for Chromebook
Building bootable FreeBSD/i386 images
How FreeBSD Boots: a soft-core MIPS perspective
http://www.isysop.com/unpacking-and-repacking-u-boot-uimage-files/
http://www.isysop.com/unpacking-and-repacking-u-boot-images-part-2/
https://github.com/bitboss-ca/freebsd-arm-tools
https://raybsd.blogspot.cz/2012/12/
http://distkeys.com/blog/2014/08/03/inside-freebsd/
https://www.digitalocean.com/community/tutorials/how-to-install-and-manage-ports-on-freebsd-10-1
The Kernel Boot Process
FreeBSD Kernel Porting Guide
Do you like backdoors ? (Its fixed)
https://elkamika.blogspot.com/2019/09/freebsd-kernel-icmp-backdoor-part-3.html
https://elkamika.blogspot.com/2019/09/freebsd-kernel-stack-unrolling-and-safe.html
Kernel Porting to ARM Board
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-1/
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-2/
https://www.bidouilliste.com/blog/2015/11/27/Porting-FreeBSD-to-a-new-ARM-Board-Part-3/
NetBooting ARM/MIPS
Kernel Debug, BackTrace
https://backtrace.io/blog/backtrace/improving-freebsd-kernel-debugging/
https://gist.github.com/bijanebrahimi/f2eb0c620d81aa6234e121a0ddd88cc2
https://forums.freebsd.org/threads/ctl-alt-esc-not-taking-me-to-kernel-debugger.40111/
https://riptutorial.com/freebsd/example/23734/download-the-latest-source-code
https://elkamika.blogspot.com/2019/06/freebsd-kernel-remote-debugging-part1.html?m=1
https://blog.hostileadmin.com/2012/09/25/so-you-want-a-freebsd-debugging-kernel/
Extended firmware interface (Efi)
Internal Talks
FreeBSD Kernel Internals, Dr. Marshall Kirk McKusick
An Overview of Locking in the FreeBSD Kernel - Kirk McKusick, EuroBSDcon 2012
An Overview of Security in the FreeBSD Kernel, Dr. Marshall Kirk McKusick
A Narrative History of BSD, Dr. Kirk McKusick
Systems, Science and FreeBSD, George Neville-Neil
The Realities of DTrace on FreeBSD, by George Neville Neil (EuroBSDcon 2017)
Tuning FreeBSD for routing and firewalling, by Olivier Cochard-Labbé (EuroBSDcon 2017)
Brian Kidney: The Realities of DTrace on FreeBSD - BSDCan 2017
An introduction to the implementation of ZFS by Kirk McKusick
FreeBSD is not a Linux distribution
FreeBSD: Not a Linux Distro, George Neville-Neil
FreeBSD is not a Linux distribution: Philip Paes
Convincing a Linux guy to use FreeBSD :-)
What is FreeBSD by Gavin Atkinson
Case Study: Switching from Linux to FreeBSD
Jordan Hubbard - FreeBSD: The Next 10 Years
Rick Reed - WhatsApp: Half a billion unsuspecting FreeBSD users
Michael W. Lucas talks FreeBSD
NYLUG Presents: George Neville-Neil on FreeBSD and Linux, a comparative analysis (Feb 19, 2014)
LFNW 2018: Switching to the BSDs: A crash course in FreeBSD, FreeNAS, TrueOS and OpenBSD
George Neville-Neil, Security Fantasies and Realities for the BSDs
FreeBSD BSDCons
FreeBSD ASIANBSDCON 2018
P01A: Institutionalizing FreeBSD Isolated and Virtualized Hosts -- Michael Dexter
P02A: Tuning FreeBSD for routing and firewalling -- Olivier Cochard Labbe
P03A: PC BSD evolves into TrueOS - Kris Moore
P04A: FreeBSD ARM32ARM64 Porting to a new board - Emmanuel Vadot
P05A: Profiling the FreeBSD kernel boot -- Colin Percival
P06A: Role based Access Control in BCHS Web Applications -- Kristaps Dzonsons
P07A: OpenBSD/x-ray: OpenBSD on medical x-ray machines -- Henning Brauer
P08A: Improving netdump hardware support and performance with iflib -- Sam Gwydir
FreeBSD ASIANBSDCON 2017
AsiaBSDCon 2017 Opening - Hiroki Sato
P01A: Understandings NFSv4 ACLs - John Hixson
P01B: Bulk building in the many core era - Joerg Sonnenberger
P01C: OpenBSD pf+rdomains create splendid multi tenancy firewalls - Philipp Buehler
Tweaking a Running Kernel
Tuning tips
https://cooltrainer.org/a-freebsd-desktop-howto/
http://www.packetwatch.net/documents/guides/2008030201.php
Firewalling with OpenBSD's PF packet filter
Building-bsd-home-router-pt-4-installing-pfsense/
comparative-introduction-to-freebsd-for-linux-users
How to clean and rebuild all ports with Portmaster
http://www.wonkity.com/~wblock/docs/html/disksetup.html
The pain of a Realtek (RTL8111/RTL8168) ethernet card
Linux® emulation in FreeBSD
How to Become a FreeBSD Committer
Bios
Build ports
Reference
* Creating a FreeBSD Port Patch
* Build your own FreeBSD ports and make packages out of them using jails, poudriere and portshaker
Portmaster
portmaster -L - Check all update for ports portmaster -a - Upgrade ports portmaster -af - Rebuild of installed application
Build ports with Poudriere
Create it ports tree for poudriere
poudriere ports -c
Configure poudriere, file system, ram, etc…
/usr/local/etc/poudriere.conf
List port tree
poudriere ports -l PORTSTREE METHOD TIMESTAMP PATH default portsnap 2019-07-10 21:47:49 /usr/local/poudriere/ports/default
Create it jail for build and the target system
poudriere jail -c -j freebsd_11-2x64 -v 11.2-RELEASE -a amd64
List the jails
sudo poudriere jail -l JAILNAME VERSION ARCH METHOD TIMESTAMP PATH freebsd_11-2x64 11.2-RELEASE-p11 amd64 ftp 2019-07-10 20:48:07 /usr/local/poudriere/jails/freebsd_11-2x64
Copy your port files to /usr/local/poudriere/default/ and then build it port for example
sudo poudriere testport -o lang/halide -j freebsd_11-2x64
Debug ports
Just put the following line to /etc/make.conf. Then recompile port with debug symbol.
WITH_DEBUG= yes
more information in
/usr/ports/Mk/bsd.port.mk
Debug Makefile
Debug makefile for your port
make -d A
Desktop tips
Steam on FreeBSD
Bitcoin Full Node
Tuning Power Laptops
Optimus on Freebsd - Hot fix
Comment out Nvidia-related parts from your xorg.conf :
... Section "Device" Identifier "Card0" Driver "intel" BusID "PCI:0:2:0" EndSection #Section "Device" # Identifier "Card1" # Driver "nvidia" # BusID "PCI:1:0:0" #EndSection ...
Then add the following bits to rc.conf(5) :
kld_list='i915kms'
NTPD synchronize
ntpdate_enable="YES" ntpdate_hosts="in.pool.ntp.org"
Or manually update time and date
securelevel on 2 then you cannot set time only about second.
ntpdate -b pool.ntp.org sudo service ntpd start
Disable Beep
# sysctl hw.syscons.bell=0
or if you use XFCE
set bell-style none
Change standard shell to fish
You must add line in /etc/shells for example fish shell
/usr/local/bin/fish
Change shell and path your favorite shell
chsh -s /usr/local/bin/fish
Paths for shell
If you need PATH for example compiler or some options
# ASAN settings set -x ASAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x ASAN_OPTIONS verbosity=1 set -x ASAN_OPTIONS symbolize=1 set -x ASAN_OPTIONS detect_stack_use_after_scope=1 # UBSAN settings set -x UBSAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x UBSAN_OPTIONS verbosity=2 # MSAN set -x MSAN_SYMBOLIZER_PATH /usr/local/llvm50/bin/llvm-symbolizer set -x MSAN_OPTIONS fsanitize-memory-track-origins=2 set -x MSAN_OPTIONS verbosity=2 set -x MSAN_OPTIONS symbolize=1
Nano tuning
set constantshow set smooth set autoindent set casesensitive set historylog set morespace syntax "comments" ".*" color blue "^#.*" ## nanorc files include "/usr/local/share/nano/asm.nanorc" include "/usr/local/share/nano/awk.nanorc" include "/usr/local/share/nano/c.nanorc" include "/usr/local/share/nano/cmake.nanorc" include "/usr/local/share/nano/css.nanorc" include "/usr/local/share/nano/debian.nanorc" include "/usr/local/share/nano/fortran.nanorc" include "/usr/local/share/nano/gentoo.nanorc" include "/usr/local/share/nano/groff.nanorc" include "/usr/local/share/nano/html.nanorc" include "/usr/local/share/nano/java.nanorc" include "/usr/local/share/nano/makefile.nanorc" include "/usr/local/share/nano/man.nanorc" include "/usr/local/share/nano/mgp.nanorc" include "/usr/local/share/nano/mutt.nanorc" include "/usr/local/share/nano/nanorc.nanorc" include "/usr/local/share/nano/objc.nanorc" include "/usr/local/share/nano/ocaml.nanorc" include "/usr/local/share/nano/patch.nanorc" include "/usr/local/share/nano/perl.nanorc" include "/usr/local/share/nano/php.nanorc" include "/usr/local/share/nano/pov.nanorc" include "/usr/local/share/nano/python.nanorc" include "/usr/local/share/nano/ruby.nanorc" include "/usr/local/share/nano/sh.nanorc" include "/usr/local/share/nano/tcl.nanorc" include "/usr/local/share/nano/tex.nanorc" include "/usr/local/share/nano/xml.nanorc"
QT Creator - Debugging
I cannot debug C/C++ programs because message “No symbol table is loaded. Use the \”file\“ command” …
Best solution is install devel/gdb with path /usr/local/bin/gdb
Touchpad
Touchpad reference
https://forums.freebsd.org/threads/how-to-use-synaptics-driver-for-better-touchpad-features.54872/
http://freebsd.1045724.x6.nabble.com/Glidepoint-Scrolling-td4084250.html
https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/x.html#idp59892168
https://forums.freebsd.org/threads/synaptics-touchpad-on-dell-inspiron-5150.19707/
http://kenbsd.blogspot.com/2015/12/setting-up-horizontal-scroll-on-freebsd.html
https://www.reddit.com/r/freebsd/comments/7o2v62/your_xorgconfd_touchpad_configuration/
https://forums.freebsd.org/threads/synaptics-touchpad-right-key-on-r60.10125/
https://forums.freebsd.org/threads/solved-mouse-pointer-wont-move-for-acer-laptop-touchpad.37329/
https://lists.freebsd.org/pipermail/freebsd-x11/2009-July/008638.html
https://forums.freebsd.org/threads/synaptics-driver-not-loading-elantech-touchpad.59207/#post-339241
Mount
Mount msdosfs
# ls /dev/da* # mount_msdosfs /dev/da0 /media/usb
ReMount /etc/fstab
mount -av
Mount ext2/ext3/ext4
Fuse-ext2 mounts an ext2/ext3/ext4 partition or image file
For control kernels fuse modules is command:
kldstat
If you don't have fuse.ko module in the kernel you use this command
kldload fuse
Then mount your partition
fuse-ext2 /dev/your_partition /media/
Mount NTFS
For mounting ntfs file system you must kernel module loaded.
For control kernels fuse modules is command:
kldstat
and load FUSE kernel module:
kldload fuse
and then you can mount ntfs filesystem.
# ls /dev/da* # ntfs-3g /dev/your_partition /mnt/
Automounting Removable Media
Uncomment in config file in /etc/auto_master
/media -media -nosuid
Add lines to /etc/devd.conf
notify 100 { match "system" "GEOM"; match "subsystem" "DEV"; action "/usr/sbin/automount -c"; };
Reload service
service automount reload service devd restart
and added configuration /etc/rc.conf
autofs_enable="YES"
Introduction ZFS
Mount ZFS
zpool import
For control command mount.
Mount ZFS from Live CD
zpool import -fR /media zroot
Tuning zfs on i386
If you will have i386 OS you must set wm.kmem_size=“512M” and vm.kmem_size_max=“” is minimal value.
This is little tunables more information on http://www.freebsd.cz/doc/handbook/zfs-advanced.html
vfs.zfs.prefetch_disable=0 vm.kmem_size="512M" vm.kmem_size_max="768M" vfs.zfs.arc_max="40M" vfs.zfs.vdev.cache.size="5M"
Resize partition
We added space for virtual disk (VirtualBox, or other) but we have disk CORRUPT
lol@ ~/> gpart show ada0 => 40 41942960 ada0 GPT (39G) [CORRUPT] 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 2008 - free - (1.0M)
Fix is easy :
gpart recover ada0
Now we need resize partion 3.
lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 39978968 - free - (19G)
lol@ ~/> zpool list NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT zroot 17.9G 17.3G 621M - 76% 96% 1.00x ONLINE -
For device is Busy , we have set this value:
lol@ ~/> sysctl kern.geom.debugflags=16 kern.geom.debugflags: 0 -> 16
Now resize partition number 3
lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 39978968 - free - (19G) lol@ ~/> sudo gpart resize -i 3 ada0 ada0p3 resized lol@ ~/> gpart show => 40 81919920 ada0 GPT (39G) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 77723608 3 freebsd-zfs (37G)
Last step with zfs pool:
lol@ ~/> sudo zpool set autoexpand=on zroot lol@ ~/> sudo zpool online -e zroot ada0p3 ada0p3
Control space in zpool.Size of zroot is right.
lol@ ~/> zpool list NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT zroot 37G 17.3G 19.7G - 36% 46% 1.00x ONLINE -
lol@ ~/Desktop> sudo sysctl kern.geom.debugflags=0 kern.geom.debugflags: 16 -> 0
Virtualbox
Virtuabox in FreeBSD
Added line with kernel module to /boot/loader.conf
vboxdrv_load="YES"
Added line for bridged or host-only networking to /etc/rc.conf
vboxnet_enable="YES"
Added to group
pw groupmod vboxusers -m yourusername chown root:vboxusers /dev/vboxnetctl chmod 0660 /dev/vboxnetctl
Permanent permisions added lines to /etc/devfs.conf
own vboxnetctl root:vboxusers perm vboxnetctl 0660
FreeBSD as guest Virtualbox
Write to /etc/rc.conf
vboxguest_enable="YES" vboxservice_enable="YES"
Wifi and FreeBSD
How to setup WIFI card
pciconf -l - look for if see wifi hardware sudo ifconfig wlan0 create wlandev wpi0 sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf
How to setup USB WIFI
Add kernel module to /boot/loader.conf
# Kernel module for wifi if_ath_load="YES" if_iw_load="YES" # Next wifi kernel modules wlan_wep_load="YES" wlan_ccmp_load="YES" wlan_tkip_load="YES"
Add to configure /etc/rc.conf this lines. Configure you wifi device.
wlans_run0="wlan0" create_args_wlan0="wlanmode sta country CZ indoor"
Look to your hardware if you have drivers.
# Look for if see wifi hardware (wpi, run0) pciconf -l # Create a device with name wlan0 sudo ifconfig wlan0 create wlandev wpi0 # Create wpa_supplicant configure file with ssid network sudo wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf # Scan your wifi networks ifconfig wlan0 up scan SSID/MESH ID BSSID CHAN RATE S:N INT CAPS lol 00:13:46:49:41:76 11 54M -90:96 100 EPS WPA WME trololo 00:11:95:c3:0d:ac 1 54M -83:96 100 EPS WPA # IP address from DHCP server sudo dhclient wlan0
GELI
Install CD -> Partition -> Shell gpart create -s gpt vtbd0 gpart add -t freebsd-boot -s 512k -a 4k vtbd0 gpart add -t freebsd-ufs -a 1M vtbd0 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 vtbd0 geli init -b -g vtbd0p2 geli attach vtbd0p2 newfs -j /dev/vtbd0p2.eli mount /dev/vtbd0p2.eli /mnt - /tmp/bsdinstall_etc/fstab /dev/vtbd0p2.eli / ufs rw,noatime 1 1 - /tmp/bsdinstall_boot/loader.conf geom_eli_load="YES" exit (installer will continue) Change /dev/vtbd0p2.eli to gptid/rawuuid (gpart list): /dev/gptid/015ceb9a-90a4-11e6-b8fc-1392a9ed1847 / ufs rw,noatime 1 1
FreeBSD Security
Security on FreeBSD
To check the status of the securelevel on a running system: Add to /etc/sysctl.conf
kern.securelevel=2 security.bsd.see_other_uids=0 security.bsd.stack_guard_page=1 net.inet.ip.random_id=1
Enabling and Utilizing Process Accounting
Tracking information such as CPU statistics and executed commands.
touch /var/account/acct chmod 600 /var/account/acct accton /var/account/acct echo 'accounting_enable="YES"' >> /etc/rc.conf
Troubleshooting with FreeBSD
SSH
Too many authentication failures
If You are not able to authenticate via ssh and message “Too many authentication failures” is logged in /var/log/auth.log you probably have more than 2 keys loaded in your ssh agent that are failing to authenticate. To solve this unload keys you are not using from ssh agent (ssh-add -d path/ ssh-add -D), use ssh -i path_to_key or create an appropriate section in your ~/.ssh/config with IdentityFile.
BOOT on FreeBSD
Fatal double fault FreeBSD 10.3 - i386 , FreeBSD 11 - i386
The fatal double fault is a problem on FreeBSD - i386 with ZFS file system.
As described in /usr/src/UPDATING entry 20121223, rebuilding the kernel with options KSTACK_PAGES=4 has been observed to resolve the boot-time crash. This, however, is not an ideal solution for inclusion in the GENERIC kernel configuration, as increasing KSTACK_PAGES implicitly decreases available usermode threads in an environment that is already resource-starved.
You must do this steps for new kernel:
# mkdir -p /usr/src # svnlite co svn://svn.freebsd.org/base/releng/10.2 /usr/src # make -C /usr/src kernel-toolchain # printf "include GENERIC\noptions KSTACK_PAGES=4\n" > /usr/src/sys/i386/conf/ZFS # make -C /usr/src buildkernel KERNCONF=ZFS # make -C /usr/src installkernel KERNCONF=ZFS
For FreeBSD 10.3 - More information on page https://www.freebsd.org/releases/10.3R/errata.html For FreeBSD 11.0 - More information on page https://www.freebsd.org/releases/11.0R/errata.html
How to boot from live CD
If is a problem with boot on FreeBSD and cannot run the system. Back to FreeBSD menu and choose option 3. ( Escape to loader prompt ) For help in command line is command help or ? (list of commands ) help set are options for the command set
For boot from CD is commnad
set boot_cdrom (for mount filesystem) boot
Look for a mounted filesystem with command mount.If you haven't zfs filesystem mounted you must run command and connect zpool :
zpool import -f zroot
How to mount disk with geli from live CD
Boot live system …
geli attach /dev/ada0p3 password:
The command mount only part of filesystem. For example /usr; /tmp; /var; but not /boot
zpool import -f /mnt zroot
The command mount /boot etc..
zfs mount zroot/ROOT/default