Many years ago I thought multibooting operating systems was quite the cool thing to do. This was before VMware when my budget was tighter and so was my living space. Recently with my
new laptop configuration I moved to an all-Ubuntu setup, upon which I loaded VMware Server. VMware Server had Windows XP and FreeBSD 6.2 VMs at its disposal. I've spent nearly all my time in Ubuntu, never really needing to turn to Windows or FreeBSD for desktop work.
With the arrival of Ubuntu 7.04, I decided to try a new approach with my laptop. The OEM HDD was 60 GB, which is somewhat small given my use of VMs. Furthermore, I fairly regularly buy brand new hard drives when I make major operating system shifts. I think the best backup I could ever have is an entire old hard drive, and HDDs are cheap compared to the value of the data on them. Moving from 6.10 to 7.04 seemed like a good time to replace the 60 GB HDD with a
Seagate Momentus 5400.3 ST9160821AS 160GB 5400 RPM 8MB Cache Serial ATA150.
I also decided to go back to a multiboot situation for those extraordinary circumstances when VMware just won't do. I foresee two situations which require something besides Linux. First, I've been unable to use Skype or other sound utilities on Ubuntu due to some weird sound driver issues. This compels me to reload Windows XP from the recovery CD in order to access the Windows sound drivers shipped by Lenovo. Second, I am attending Black Hat this summer, and I don't trust Windows or Linux to that crowd. Sure, FreeBSD is "just as vulnerable" but the majority of the attackers will be looking for Windows and Linux users. Booting into FreeBSD and staying there will reduce my exposure surface.
In order to triple-boot, I started by reinstalling Windows XP from the Lenovo recovery CD and DVD. Good grief, what a painful and long process. Sure, it worked, but it just looked ugly. Thankfully the media booted from a USB optical drive. I also have to remove all the vendor garbage installed on top of Windows. Ugh. At least Windows XP is available now.
Next, I installed Ubuntu 7.04 (desktop edition), again using the external optical drive. I used Gparted to create a partition for FreeBSD, then let Ubuntu take the remaining biggest chunk for itself. Ubuntu installed without a hitch -- very nice.
Finally, I installed FreeBSD. Being my favorite OS, I was ambitious. I decided to try the newest 7.0 CURRENT snapshot (200706), released within the last few days. Unfortunately, I couldn't get FreeBSD to install from the external optical drive. I decided to try PXE booting, but I couldn't get all the way through the installation. I then downshifted to 6.2 RELEASE and my life got easier. Here's what I set up.
I made my old Thinkpad a20p the PXE server. I created a /freebsd directory to hold the contents of the /boot directory on the 6.2 RELEASE CD-ROM, i.e.:
orr:/# ls -ald /freebsd
drwxr-xr-x 3 root wheel 512 Jun 10 20:18 /freebsd
orr:/# ls /freebsd/boot/
beastie.4th boot2 kernel loader.rc screen.4th
boot cdboot loader mbr support.4th
boot0 defaults loader.4th mfsroot
boot0sio device.hints loader.conf modules
boot1 frames.4th loader.help pxeboot
Notice the presence of mfsroot in that directory. That is
not what ships on the CD -- mfsroot.gz is the original file:
orr:/# ls -al /cdrom/boot/mfsroot.gz
-r--r--r-- 1 root wheel 1063814 Jan 12 06:33 /cdrom/boot/mfsroot.gz
Use 'gzip -d mfsroot.gz' to create the mfsroot file needed by the installation process. Also, edit loader.conf to have the following:
orr:/# cat /freebsd/boot/loader.conf
mfsroot_load="YES"
mfsroot_type="mfs_root"
mfsroot_name="/boot/mfsroot"
vfs.root.mountfrom="ufs:/dev/md0c"
Now I enabled TFTP and told it where to find what the installation needed:
#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
tftp dgram udp wait root /usr/libexec/tftpd tftpd -l /freebsd
Note what the original says and how I changed it. The omission of the -s flag is probably not needed. Be sure to start inetd via 'inetd' as root.
PXE needs a DHCP server. I installed isc-dhcp3-server and created the following conf file:
orr:/# grep -v ^# /usr/local/etc/dhcpd.conf
option domain-name "taosecurity.com";
option domain-name-servers 172.16.2.1;
default-lease-time 6000;
max-lease-time 72000;
ddns-update-style ad-hoc;
log-facility local7;
subnet 1.1.1.0 netmask 255.255.255.0 {
range 1.1.1.128 1.1.1.192;
option routers 1.1.1.1;
}
host neely {
hardware ethernet 00:16:D3:23:7C:A7;
fixed-address 1.1.1.2;
next-server 1.1.1.1;
filename "boot/pxeboot";
option root-path "1.1.1.1:/freebsd";
}
The PXE/DHCP server is 1.1.1.1 and it's connected via crossover cable to 1.1.1.2, the x60s.
I added these to /etc/rc.conf to enable DHCP.
dhcpd_enable="YES" # dhcpd enabled?
dhcpd_flags="-q" # command option(s)
dhcpd_conf="/usr/local/etc/dhcpd.conf" # configuration file
dhcpd_ifaces="fxp0" # ethernet interface(s)
fxp0 is the interface connected to the x60s.
Thus far the PXE client will be able to access the pxeboot program, but the installer needs NFS to continue the process. For that I created this /etc/exports file:
orr:/# cat /etc/exports
/freebsd -ro -network 1.1.1.0 -mask 255.255.255.0
/cdrom -ro -network 1.1.1.0 -mask 255.255.255.0
These lines in /etc/rc.conf enabled inetd and NFS:
inetd_enable="YES"
nfs_server_enable="YES"
rpcbind_enable="YES"
It's a good idea to test what's exported.
orr:/# showmount -e 1.1.1.1
Exports list on 1.1.1.1:
/cdrom 1.1.1.0
/freebsd 1.1.1.0
Initially I wanted to set up the a20p as a NATing gateway from the x60s, so the x60s could reach the Internet. I ended up just pointing the installer towards 1.1.1.1:/cdrom and using NFS to retrieve the installation sets. I installed the User distribution because I want to try the new modular Xorg 7.2 later. When done FreeBSD looked like this via df -h:
Filesystem Size Used Avail Capacity Mounted on
/dev/ad4s3a 1.9G 36M 1.7G 2% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/ad4s3e 989M 22K 910M 0% /home
/dev/ad4s3g 2.9G 4.0K 2.7G 0% /nsm
/dev/ad4s3h 1.1G 12K 1.0G 0% /tmp
/dev/ad4s3d 9.7G 306M 8.6G 3% /usr
/dev/ad4s3f 2.9G 7.9M 2.7G 0% /var
The major setback for the x60s with FreeBSD is lack of native support for the wireless NIC. I plan to try the
ClearChain Intel 3945ABG driver at some point. Right now I'm just using an old wireless NIC recognized as wi0.
To enable FreeBSD in Ubuntu's GRUB boot loader, I added this entry:
title FreeBSD
root (hd0,2,a)
kernel /boot/loader
savedefault
makeactive
chainloader +1
I based this on the following fdisk -l output from Linux.
Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 3060 24579418+ 7 HPFS/NTFS
/dev/sda2 18830 19457 5044410 6 FAT16
/dev/sda3 3061 6081 24266182+ a5 FreeBSD
/dev/sda4 6082 18829 102398310 5 Extended
/dev/sda5 * 6082 18305 98189248+ 83 Linux
/dev/sda6 18306 18829 4208998+ 82 Linux swap / Solaris
Partition table entries are not in disk order
Overall I'm pleased with this setup. I would have liked trying FreeBSD 7.0 CURRENT but 6.2 will meet my needs.
FreeBSD on the Lenovo Thinkpad X60s by M.C. Widerkrantz has some tips, as does
JoeKuze.com.
I plan to begin moving data to the new setup using a AZiO ENC211SU31 eSATA+USB 2.0 External 2.5" Hard Drive Enclosure that will hold the original 60 GB HDD.
The second is 
The third is 
Eventually we should all be wearing the 
.jpg)
This is just a brief post on terminology. Recently I've heard people discussing "threat models" and "attack models." When I reviewed Gary McGraw's excellent 
Several of you leaving comments, posting your own blog entries, and sending me email seem to think my 
