SFS-KNOPPIX WHICH BOOTS FROM INTERNET

Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi

National Institute of Advanced Industrial Science and Technology,

Tsukuba Central 2, Umezono 1-1-1, Tsukuba, Ibaraki 305-8568, Japan

Hideyuki Tan

Alphasystems Inc., 6-6-1 Kami-kodanaka, Nakahara-ku, Kawasaki 211-0053, Japan

Kazuhiro Goto

Oita Industrial Research Institute, 1-4361-10 Takaenishi,Oita, Oita 870-1117, Japan

Keywords: Internet boot, KNOPPIX, Self-certifying File System(SFS)

Abstract: KNOPPIX is a bootable CD with a collection of GNU/Linux software. KNOPPIX is very convenient but it

requires downloading 700MB iso image and burning a CD-ROM when it is renewed. In order to solve this

problem we make SFS-KNOPPIX which boots from Internet with SFS (Self-certifying File System). SFS-

KNOPPIX requires 20MB boot-loader with Linux-kernel and miniroot. Root file system is obtained from

Internet with SFS at boot time. It enables to change root file system and makes easy to try new version of

KNOPPIX. In this paper we describe the detail of SFS-KNOPPIX and its performance.

1 INTRODUCTION

In early 1990’s diskless machines were popular

because hard-disk and CD-ROM drive were

expensive. They could boot from network with help

of a server. A client broadcasts a message of

BOOTP protocol with MAC address on the LAN

and the BOOTP server sends back IP address. The

kernel image is transferred by TFTP protocol form

the server. The client boots with the kernel and

mounts NFS as a root file system. It offers easy

maintenance environment, because whole software

and configuration files are stored on the server. Even

if an application or configuration has a security hole,

it is easy to change for each client. Unfortunately it

is not easy to extend to Internet, because the boot

procedure depends on a broadcast protocol and

personal information of client machine has to send

on the network, for example MAC address.

On the other hand 1CD bootable OS becomes

popular recently. For example, KNOPPIX[Knopper

2000], DemoLinux, Mepis, Adios, etc. They can

boot OS on any IBM PCs, because boot sequence

finds devices and setup drivers automatically.

Unfortunately they require downloading 700MB iso

image and burning a CD-ROM, when it is renewed.

We propose SFS-KNOPPIX to mix the easy

maintenance environment of LAN boot and

anonymous boot ability of 1CD OS. In this paper we

describe the detail of SFS-KNOPPIX and its

performance. The rest of the paper is organized as

follows. We introduce 1CD Linux “KNOPPIX” in

section 2 and secure Internet file system “Self-

certifying File System (SFS)”[Mazières 2000, Fu

2002] in section 3. In section 4 the detail of SFS-

KNOPPIX is presented. In section 5 we report the

performance. We discuss some future works in

section 6 and conclude in section 7.

2 KNOPPIX

KNOPPIX is a bootable CD with a collection of

GNU/Linux software (Knopper, 2000). It is not

necessary to install anything on a hard disk and

enables to run GNU/Linux on IBM PCs. KNOPPIX

can be used as a normal desktop Linux because it

includes powerful graphical desktop environment

(KDE), office software (OpenOffice.org), Web

browser (Konqueror, and Mozilla), image

manipulation software (GIMP), many games, etc.

214

Suzaki K., Iijima K., Yagi T., Tan H. and Goto K. (2005).

SFS-KNOPPIX WHICH BOOTS FROM INTERNET.

In Proceedings of the First International Conference on Web Information Systems and Technologies, pages 214-218

DOI: 10.5220/0001233102140218

 SciTePress

CD bootable Linux isn’t an exclusive feature of

KNOPPIX. There are many distributions;

DemoLinux, Mepis, Slax, Adios, etc. Among them,

KNOPPIX is first popular CD bootable Linux,

because automatic hardware detection/configuration

(Autoconfig) and compressed loop back device

(cloop) are excellent.

Autoconfig function of KNOPPIX detects

individual devices and load suitable device drivers.

Autoconfig is achieved by “/etc/init.d/knoppix-

autoconfig” script. The script is consisted of

hardware detection part and driver setup part.

Hardware detection is done by the “hwsetup” binary

which is based on “kudzu”; Red Hat Linux hardware

probing library. After hardware detection, driver is

setup by setup-scripts like “xmk86config”. If

network card is detected and DHCP is available, IP

address is automatically set up.

Cloop is a compressed loop-back device. Loop

back device enables us to mount a file as block

device. It reduces the space needed on the CD to

about 50% down to 25% of the original file system.

KNOPPIX stores root file system to a cloop file and

mounts it at boot time. 700MB volume of CD-ROM

is almost occupied by cloop file

“/KNOPPIX/KNOPPIX”. The rest of the volume is

files for boot. Figure 1 shows the image of

KNOPPIX CD-ROM. A cloop file is loopback-

mounted and read a file on-the-fly decompression.

Figure 1: The contents of KNOPPIX CD

3 SFS

Self-certifying File System(SFS) is a secure network

file system for Internet [Mazières 2000, Fu 2002].

SFS provides a suitable and more secure alternative

to the widely deployed NFS file system.

SFS cryptographically secures all client-server

network communications with encryption and a

message authentication code. To prevent rogue

servers from impersonating valid ones, each SFS

server has a public key which is generated by SHA-1

hash. A server’s files all reside under a so-called

self-certifying pathname derived from its public key.

Self-certifying pathnames contain enough

information for an SFS client to connect to a server

and establish a cryptographically secure channel.

SFS consists of two programs run at boot time.

SFS clients must run the SFS client daemon (sfscd),

which creates “/sfs” directory and implements the

auto-mounting of remote SFS servers. SFS servers

must run the SFS server daemon (sfssd), which

makes local file systems available to SFS clients on

TCP port 4. “sfscd” is responsible for automatically

mounting new remote file systems. On the server

machine, “sfssd” accepts incoming SFS connections

and de-multiplexes these requests to the appropriate

SFS server daemons. The client and server file

system daemons communicate with the kernel using

NFS loopback.

4 SFS-KNOPPIX

FS-KNOPPIX is a combination of KNOPPIX and

SFS, which enables to boot KNOPPIX form

Internet. Unfortunately SFS-KNOPPIX is not

perfect Internet boot, because nobody could get IP

address and kernel image form Internet. LAN boot

depend on BOOTP and TFTP server to allocate IP

address and get a kernel image.

SFS-KNOPPIX is a customized KNOPPIX,

which is got rid of cloop file in the CD (Figure 2). A

cloop file is obtained form Internet using SFS at

boot time. The original KNOPPIX requires

downloading 700MB iso image but SFS-KNOPPIX

requires 20MB iso image, which is just a boot loader

of KNOPPIX. SFS-KNOPPIX doesn’t need to

download a whole cloop file, because SFS is a file

system which allows random access to cloop file. It

means that only necessity block of data is transferred

when application requires. It can reduce network

traffic. The performance is shown in Section 5.

Figure 2: The contents of SFS-KNOPPIX CD

SFS-KNOPPIX WHICH BOOTS FROM INTERNET

215

Another merit of SFS-KNOPPIX is to be

selectable of a cloop file when it boots. Figure 2

shows the image of selection of a cloop file. In

original KNOPPIX a cloop file is build in the CD-

ROM. This merit means that we don’t need to make

a CD-ROM even if new KNOPPIX is released. We

can try new KNOPPIX via SFS server with low

network traffic.

The boot seqeunce of SFS-KNOPPIX is three

stages, as is normal KNOPPIX. Figure 3 shows the

role of each stage. The first and third stage are

alomost similar but the second stage grews comlex.

Figure 3: Boot procedure of SFS-KNOPPIX

The kernel of SFS-KNOPPIX includes drivers of

Network Interface card(NIC), because network has

to setup up in the second stage. The kernel of normal

KNOPPIX doesn’t include drivers of NIC, because a

driver module of NIC is dymamically added at

Autoconfig in the third stage.

In the second stage of SFS-KNOPPIX, “linuxrc”

mount CD-ROM file system(iso9660) to “/stand” at

first. The action is different from normal-KNOPPIX.

The reason is that miniroot is small to include SFS

client binary. CD-ROM file system includes static

linked binary of SFS client. This technique comes

from BSD “stand” boot. Using “/stand” software, IP

address is set by DHCP. SFS client daemon “sfscd”

is launched and connects to a SFS server. SFS server

is selectable form a list.

Cloop file is also selectable from SFS server.

The selection message is displayed at the boot

sequence. After the selection, cloop file is loopback

mounted to “/KNOPPIX” from the SFS server. After

that, infrastructure of RAM-DISK root file system is

setup in the same manner of normal KNOPPIX.

In the third stage, “init” is executed in the same

manner of normal KNOPPIX, because SFS-

KNOPPIX uses a same cloop file of normal

KNOPPIX. The different point is network setup. A

NIC is detected in the Autoconfig procedure, but it

has already linked. The setup of NIC is ignored.

5 PERFORMANCE

We evaluated performance of SFS-KNOPPIX. We

measured the boot time and network traffic. SFS-

KNOPPIX booted with the same cloop file on the

SFS server. The specification of server and client

machine is the following.

[SFS server]

Pentium4 2.66Ghz, 512MB memory, 1Gbps

NIC

[SFS client]

PentiumM 1.0Ghz, 512MB memory, 100Mbps

NIC, 24X CD-ROM Drive

The target cloop file on SFS server is the one

which is extracted form knoppix_v3.4_20040510-

20040520.iso.

5.1 Boot Time

We measured the boot time. The boot time is

defined as the time when default desktop manager

“KDE” is finished. The boot time sometimes

changed longer by machine condition. We picked up

the typical boot time. Table 1 shows the boot time of

SFS-KNOPPIX and CD-KNOPPIX.

Table 1: Boot Time

SFS CD-ROM

boot time 80sec 180sec

SFS-KNOPPIX is faster than normal CD-ROM

KNOPPIX. It is caused that the network bandwidth

is wider than CD-ROM.

A part of boot time depends on Autoconfig. It

isn’t constant because sequence of Autoconfig

depends on the equipped devices. It works different

on each machine. The result of 80 second on SFS-

KNOPPIX means only one example.

5.2 Network Traffic

We measured the network traffic on SFS server. The

traffic is used to read cloop file as the root file

system. It is measured from the time of loopback-

mount to the finish time of KDE. To measure the

network traffic we used “tcpdump” on SFS server.

Figure 4 shows the transferred data. The

amount of transferred data is 80MB. The half of

transferred data is used for X-Window and KDE.

KDE is a rich window manager and requires much

WEBIST 2005 - INTERNET COMPUTING

216

data. If we use a light window manager it will be

faster.

Figure 4: Transferred data of SFS-KNOPPIX.

X axis is time (second) and Y axis is transferred data (byte)

Figure 5 shows the throughput of network traffic.

The maximum of throughput is 40Mbps. The

average time of throughput is 2.0 Mbps. From the

result we confirm SFS-KNOPPIX doesn’t use up the

network bandwidth(100Mbps) and SFS server can

allow multiple connections of clients.

Figure 5: Throughput of network traffic

X axis is time (second) and Y axis is throughput (bps).

6 DISCUSSIONS

6.1 BOOT Device

SFS-KNOPPIX uses CD-ROM as a boot device,

because there is no method to obtain a kernel image

from Internet. Most Network-Interface-Cards have

PXE (Pre-boot Execution Environment) function but

they support BOOTP and TFTP protocol for LAN

boot. As another method, we were hoping for

iSCSI(Internet SCSI) but the situation isn’t changed.

We are still looking for a method to boot from

Internet without the support of software.

6.2 From C/S to P2P

SFS-KNOPPIX is still Client and Server model.

Scalability is limited by the ability of SFS server.

The role of SFS is a read-only file system. We can

replace SFS with read-only P2P file system. We

have plan to try P2P file system “ Co-operative File

System” [Dabek 2001] which is based on SFS in

near future.

7 CONCLUSIONS

We proposed SFS-KNOPPIX which mounted SFS at

boot time and loopback-mounted a cloop file on the

SFS as the root file system. SFS-KNOPPIX allows

us to change root file system by selection of cloop

file. The Autoconfig function of KNOPPIX allows

us to boot on any IBM PCs. The mixture of SFS and

KNOPPIX makes easy to try new OS and

applications from Internet.

The performance of SFS-KNOPPIX is faster than

normal CD-ROM KNOPPIX but the evaluation

environment is ideal and the analysis isn’t sufficient.

We will extend the evaluation to Internet and

analyze the detail of performance. It will make clear

the advantage of SFS-KNOPPIX.

REFERENCES

Klaus Knopper, “Building a self-contained auto-

configuring Linux system on an iso9660 file system”,

4th Annual Linux Showcase&Conference

Atlanta,2000.

http://www.knopper.net/knoppix-info/knoppix-als2000-

folien.pdf

David Mazières, Self-certifying file system, PhD thesis,

MIT, May 2000.

ftp://cag.lcs.mit.edu/pub/dm/papers/mazieres:thesis.ps.gz

Kevin Fu, Michael Kaminsky, and David Mazières,

“Using SFS for a Secure Network File

System”,USENIX ;login: magazine, December 2002.

http://www.usenix.org/publications/login/2002-

12/pdfs/Fu.pdf

Frank Dabek, M. Frans Kaashoek, David Karger, Robert

Morris, and Ion Stoica, ”Wide-area cooperative

storage with CFS”, In Proceedings of the 18th ACM

Symposium on Operating Systems Principles (SOSP

'01), 2001.

http://www.pdos.lcs.mit.edu/papers/cfs:sosp01/cfs_sos

p.pdf

SFS-KNOPPIX WHICH BOOTS FROM INTERNET

217

WEBIST 2005 - INTERNET COMPUTING

218