How To Customize and Recompile Your Kernel on FreeBSD 10.1

Introduction

The FreeBSD operating system utilizes the GENERIC kernel by default. This is a default configuration used to support a large variety of hardware out of the box. However, there are many different reasons for compiling a custom kernel, which include security, enhanced functionality, or better performance.

FreeBSD utilizes two branches of code for its operating system: stable and current. Stable is the current code release that is that is production ready. Current is the latest code release from the development team and has some of the latest bleeding edge features but is more prone to bugs and system instability. This guide will utilize the stable branch.

In this tutorial, we will recompile a FreeBSD kernel with a custom configuration.

Prerequisites

To follow this tutorial, all you will need is:

• One FreeBSD 10.1 Droplet.

If you’re new to FreeBSD, you can check out the Getting Started with FreeBSD series of tutorials.

Step 1 — Obtaining the Source Code

In this step, we will pull the OS source code.

FreeBSD, like many other flavors of UNIX, provides the source code for its operating system for public download and modification. In order to recompile the kernel, first you will need to pull this source code from FreeBSD’s version control system.

The FreeBSD foundation utilizes Subversion for its code repositories, so let’s first install Subversion’s binary port.

sudo pkg install subversion  

The default shell for FreeBSD is tcsh, which utilizes an internal hash table for commands in $PATH. After subversion installs, you should rehash the directory tables.

rehash

Finally, check out a copy of the latest stable branch to the /usr/src directory.

sudo svn co https://svn0.us-east.FreeBSD.org/base/stable/10 /usr/src

You may be prompted to accept a server certificate. Enter p to accept it after checking that the fingerprint matches the one toward the bottom of this page.

Step 2 — Creating Your Custom Configuration

In this step, we will customize our new kernel configuration.

The standard naming convention for kernel configuration files is the name of the kernel in all caps. This tutorial’s configuration will be called EXAMPLE. Kernel configuration files live inside the /usr/src/sys/architecture/conf directory; the architecture used at DigitalOcean is AMD64.

Change to the configuration directory.

cd /usr/src/sys/amd64/conf

Create and open the EXAMPLE file for editing using ee or your favorite text editor.

sudo ee EXAMPLE

You can find the example configuration located here. Copy and paste the contents into EXAMPLE, then save and close the file.

This example kernel configuration is for a minimal kernel build tailored for a DigitalOcean Droplet. Specifically, the GENERIC kernel configuration has support enabled for a lot of different hardware; EXAMPLE has all legacy and unneeded devices removed, leaving only the required device drivers needed to run a Droplet. There is also support enabled for the packet filter firewall (pf), traffic shaping (altq), file system encryption (geom_eli), and IP security (IPsec).

However, you can read more about the configuration options in the FreeBSD documentation and experiment on your own!

Step 3 — Building and Installing Your New Kernel

In this step, we will begin the kernel recompilation.

Change back to the /usr/src directory and issue a make buildkernel utilizing your new configuration file.

cd /usr/src
sudo make buildkernel KERNCONF=EXAMPLE

This can take some time depending on the amount of resources you utilize for your Droplet. The average time on a 1 GB Droplet is about 90 minutes.

Once your kernel recompilation has finished, it is time to begin the install.

sudo make installkernel KERNCONF=EXAMPLE

When that completes, reboot your system.

sudo shutdown -r now

Your server should now begin to shut down its currently running services, sync its disks, and reboot into your new kernel. You can log in to your Droplet’s console to watch the boot process.

Once your server reboots, log back in. You can check that your new kernel config is being used with the following command:

sysctl kern.conftxt | grep ident

The output should be:

ident    EXAMPLE

Conclusion

Congratulations! You have successfully reconfigured and recompiled your kernel.