Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi
National Institute of Advanced Industrial Science and Technology,
Tsukuba Central 2, Umezono 1-1-1, Tsukuba, Ibaraki 305-8568, Japan
Hideyuki Tan
Alphasystems Inc., 6-6-1 Kami-kodanaka, Nakahara-ku, Kawasaki 211-0053, Japan
Kazuhiro Goto
Oita Industrial Research Institute, 1-4361-10 Takaenishi,Oita, Oita 870-1117, Japan
Keywords: Internet boot, KNOPPIX, Self-certifying File System(SFS)
Abstract: KNOPPIX is a bootable CD with a collection of GNU/Linux software. KNOPPIX is very convenient but it
requires downloading 700MB iso image and burning a CD-ROM when it is renewed. In order to solve this
problem we make SFS-KNOPPIX which boots from Internet with SFS (Self-certifying File System). SFS-
KNOPPIX requires 20MB boot-loader with Linux-kernel and miniroot. Root file system is obtained from
Internet with SFS at boot time. It enables to change root file system and makes easy to try new version of
KNOPPIX. In this paper we describe the detail of SFS-KNOPPIX and its performance.
In early 1990’s diskless machines were popular
because hard-disk and CD-ROM drive were
expensive. They could boot from network with help
of a server. A client broadcasts a message of
BOOTP protocol with MAC address on the LAN
and the BOOTP server sends back IP address. The
kernel image is transferred by TFTP protocol form
the server. The client boots with the kernel and
mounts NFS as a root file system. It offers easy
maintenance environment, because whole software
and configuration files are stored on the server. Even
if an application or configuration has a security hole,
it is easy to change for each client. Unfortunately it
is not easy to extend to Internet, because the boot
procedure depends on a broadcast protocol and
personal information of client machine has to send
on the network, for example MAC address.
On the other hand 1CD bootable OS becomes
popular recently. For example, KNOPPIX[Knopper
2000], DemoLinux, Mepis, Adios, etc. They can
boot OS on any IBM PCs, because boot sequence
finds devices and setup drivers automatically.
Unfortunately they require downloading 700MB iso
image and burning a CD-ROM, when it is renewed.
We propose SFS-KNOPPIX to mix the easy
maintenance environment of LAN boot and
anonymous boot ability of 1CD OS. In this paper we
describe the detail of SFS-KNOPPIX and its
performance. The rest of the paper is organized as
follows. We introduce 1CD Linux “KNOPPIX” in
section 2 and secure Internet file system “Self-
certifying File System (SFS)”[Mazières 2000, Fu
2002] in section 3. In section 4 the detail of SFS-
KNOPPIX is presented. In section 5 we report the
performance. We discuss some future works in
section 6 and conclude in section 7.
KNOPPIX is a bootable CD with a collection of
GNU/Linux software (Knopper, 2000). It is not
necessary to install anything on a hard disk and
enables to run GNU/Linux on IBM PCs. KNOPPIX
can be used as a normal desktop Linux because it
includes powerful graphical desktop environment
(KDE), office software (OpenOffice.org), Web
browser (Konqueror, and Mozilla), image
manipulation software (GIMP), many games, etc.
Suzaki K., Iijima K., Yagi T., Tan H. and Goto K. (2005).
In Proceedings of the First International Conference on Web Information Systems and Technologies, pages 214-218
DOI: 10.5220/0001233102140218
CD bootable Linux isn’t an exclusive feature of
KNOPPIX. There are many distributions;
DemoLinux, Mepis, Slax, Adios, etc. Among them,
KNOPPIX is first popular CD bootable Linux,
because automatic hardware detection/configuration
(Autoconfig) and compressed loop back device
(cloop) are excellent.
Autoconfig function of KNOPPIX detects
individual devices and load suitable device drivers.
Autoconfig is achieved by “/etc/init.d/knoppix-
autoconfig” script. The script is consisted of
hardware detection part and driver setup part.
Hardware detection is done by the “hwsetup” binary
which is based on “kudzu”; Red Hat Linux hardware
probing library. After hardware detection, driver is
setup by setup-scripts like “xmk86config”. If
network card is detected and DHCP is available, IP
address is automatically set up.
Cloop is a compressed loop-back device. Loop
back device enables us to mount a file as block
device. It reduces the space needed on the CD to
about 50% down to 25% of the original file system.
KNOPPIX stores root file system to a cloop file and
mounts it at boot time. 700MB volume of CD-ROM
is almost occupied by cloop file
“/KNOPPIX/KNOPPIX”. The rest of the volume is
files for boot. Figure 1 shows the image of
KNOPPIX CD-ROM. A cloop file is loopback-
mounted and read a file on-the-fly decompression.
Figure 1: The contents of KNOPPIX CD
Self-certifying File System(SFS) is a secure network
file system for Internet [Mazières 2000, Fu 2002].
SFS provides a suitable and more secure alternative
to the widely deployed NFS file system.
SFS cryptographically secures all client-server
network communications with encryption and a
message authentication code. To prevent rogue
servers from impersonating valid ones, each SFS
server has a public key which is generated by SHA-1
hash. A server’s files all reside under a so-called
self-certifying pathname derived from its public key.
Self-certifying pathnames contain enough
information for an SFS client to connect to a server
and establish a cryptographically secure channel.
SFS consists of two programs run at boot time.
SFS clients must run the SFS client daemon (sfscd),
which creates “/sfs” directory and implements the
auto-mounting of remote SFS servers. SFS servers
must run the SFS server daemon (sfssd), which
makes local file systems available to SFS clients on
TCP port 4. “sfscd” is responsible for automatically
mounting new remote file systems. On the server
machine, “sfssd” accepts incoming SFS connections
and de-multiplexes these requests to the appropriate
SFS server daemons. The client and server file
system daemons communicate with the kernel using
NFS loopback.
FS-KNOPPIX is a combination of KNOPPIX and
SFS, which enables to boot KNOPPIX form
Internet. Unfortunately SFS-KNOPPIX is not
perfect Internet boot, because nobody could get IP
address and kernel image form Internet. LAN boot
depend on BOOTP and TFTP server to allocate IP
address and get a kernel image.
SFS-KNOPPIX is a customized KNOPPIX,
which is got rid of cloop file in the CD (Figure 2). A
cloop file is obtained form Internet using SFS at
boot time. The original KNOPPIX requires
downloading 700MB iso image but SFS-KNOPPIX
requires 20MB iso image, which is just a boot loader
of KNOPPIX. SFS-KNOPPIX doesn’t need to
download a whole cloop file, because SFS is a file
system which allows random access to cloop file. It
means that only necessity block of data is transferred
when application requires. It can reduce network
traffic. The performance is shown in Section 5.
Figure 2: The contents of SFS-KNOPPIX CD
Another merit of SFS-KNOPPIX is to be
selectable of a cloop file when it boots. Figure 2
shows the image of selection of a cloop file. In
original KNOPPIX a cloop file is build in the CD-
ROM. This merit means that we don’t need to make
a CD-ROM even if new KNOPPIX is released. We
can try new KNOPPIX via SFS server with low
network traffic.
The boot seqeunce of SFS-KNOPPIX is three
stages, as is normal KNOPPIX. Figure 3 shows the
role of each stage. The first and third stage are
alomost similar but the second stage grews comlex.
Figure 3: Boot procedure of SFS-KNOPPIX
The kernel of SFS-KNOPPIX includes drivers of
Network Interface card(NIC), because network has
to setup up in the second stage. The kernel of normal
KNOPPIX doesn’t include drivers of NIC, because a
driver module of NIC is dymamically added at
Autoconfig in the third stage.
In the second stage of SFS-KNOPPIX, “linuxrc”
mount CD-ROM file system(iso9660) to “/stand” at
first. The action is different from normal-KNOPPIX.
The reason is that miniroot is small to include SFS
client binary. CD-ROM file system includes static
linked binary of SFS client. This technique comes
from BSD “stand” boot. Using “/stand” software, IP
address is set by DHCP. SFS client daemon “sfscd”
is launched and connects to a SFS server. SFS server
is selectable form a list.
Cloop file is also selectable from SFS server.
The selection message is displayed at the boot
sequence. After the selection, cloop file is loopback
mounted to “/KNOPPIX” from the SFS server. After
that, infrastructure of RAM-DISK root file system is
setup in the same manner of normal KNOPPIX.
In the third stage, “init” is executed in the same
manner of normal KNOPPIX, because SFS-
KNOPPIX uses a same cloop file of normal
KNOPPIX. The different point is network setup. A
NIC is detected in the Autoconfig procedure, but it
has already linked. The setup of NIC is ignored.
We evaluated performance of SFS-KNOPPIX. We
measured the boot time and network traffic. SFS-
KNOPPIX booted with the same cloop file on the
SFS server. The specification of server and client
machine is the following.
[SFS server]
Pentium4 2.66Ghz, 512MB memory, 1Gbps
[SFS client]
PentiumM 1.0Ghz, 512MB memory, 100Mbps
NIC, 24X CD-ROM Drive
The target cloop file on SFS server is the one
which is extracted form knoppix_v3.4_20040510-
5.1 Boot Time
We measured the boot time. The boot time is
defined as the time when default desktop manager
“KDE” is finished. The boot time sometimes
changed longer by machine condition. We picked up
the typical boot time. Table 1 shows the boot time of
Table 1: Boot Time
boot time 80sec 180sec
SFS-KNOPPIX is faster than normal CD-ROM
KNOPPIX. It is caused that the network bandwidth
is wider than CD-ROM.
A part of boot time depends on Autoconfig. It
isn’t constant because sequence of Autoconfig
depends on the equipped devices. It works different
on each machine. The result of 80 second on SFS-
KNOPPIX means only one example.
5.2 Network Traffic
We measured the network traffic on SFS server. The
traffic is used to read cloop file as the root file
system. It is measured from the time of loopback-
mount to the finish time of KDE. To measure the
network traffic we used “tcpdump” on SFS server.
Figure 4 shows the transferred data. The
amount of transferred data is 80MB. The half of
transferred data is used for X-Window and KDE.
KDE is a rich window manager and requires much
data. If we use a light window manager it will be
Figure 4: Transferred data of SFS-KNOPPIX.
X axis is time (second) and Y axis is transferred data (byte)
Figure 5 shows the throughput of network traffic.
The maximum of throughput is 40Mbps. The
average time of throughput is 2.0 Mbps. From the
result we confirm SFS-KNOPPIX doesn’t use up the
network bandwidth(100Mbps) and SFS server can
allow multiple connections of clients.
Figure 5: Throughput of network traffic
X axis is time (second) and Y axis is throughput (bps).
6.1 BOOT Device
SFS-KNOPPIX uses CD-ROM as a boot device,
because there is no method to obtain a kernel image
from Internet. Most Network-Interface-Cards have
PXE (Pre-boot Execution Environment) function but
they support BOOTP and TFTP protocol for LAN
boot. As another method, we were hoping for
iSCSI(Internet SCSI) but the situation isn’t changed.
We are still looking for a method to boot from
Internet without the support of software.
6.2 From C/S to P2P
SFS-KNOPPIX is still Client and Server model.
Scalability is limited by the ability of SFS server.
The role of SFS is a read-only file system. We can
replace SFS with read-only P2P file system. We
have plan to try P2P file system Co-operative File
System [Dabek 2001] which is based on SFS in
near future.
We proposed SFS-KNOPPIX which mounted SFS at
boot time and loopback-mounted a cloop file on the
SFS as the root file system. SFS-KNOPPIX allows
us to change root file system by selection of cloop
file. The Autoconfig function of KNOPPIX allows
us to boot on any IBM PCs. The mixture of SFS and
KNOPPIX makes easy to try new OS and
applications from Internet.
The performance of SFS-KNOPPIX is faster than
normal CD-ROM KNOPPIX but the evaluation
environment is ideal and the analysis isn’t sufficient.
We will extend the evaluation to Internet and
analyze the detail of performance. It will make clear
the advantage of SFS-KNOPPIX.
Klaus Knopper, “Building a self-contained auto-
configuring Linux system on an iso9660 file system”,
4th Annual Linux Showcase&Conference
David Mazières, Self-certifying file system, PhD thesis,
MIT, May 2000.
Kevin Fu, Michael Kaminsky, and David Mazières,
“Using SFS for a Secure Network File
System”,USENIX ;login: magazine, December 2002.
Frank Dabek, M. Frans Kaashoek, David Karger, Robert
Morris, and Ion Stoica, ”Wide-area cooperative
storage with CFS”, In Proceedings of the 18th ACM
Symposium on Operating Systems Principles (SOSP
'01), 2001.