# Maximizing a Custom Kernel



## JoshuaBranson (Jul 26, 2011)

I'm planning on eventually building a custom kernel for my computer (as soon as I get FreeBSD on it). My question is this. Is an entirely monolithic custom-ly built kernel (that has no modules) better than a custom kernel that uses as many modules as possible?

Let me explain that better. Suppose I have hardware x, y, and z on my computer. That means I can essentially custom build two types of kernels:

Type 1: uses no modules and supports only x, y, and z hardware. (support for the hardware is "built-into" the kernel, which means that the part of the kernel that supports x, y, and z hardware cannot be unloaded from the kernel.

Type 2: uses three modules that support only x, y, and z hardware. Any of the three modules that support hardware x, y, z can be unloaded from the kernel at any time.

Type 3 is a mix of type 1 and 2. It can unload 1 module that will remove support of hardware x.

Which custom built kernel would be best? By best I mean, I want it to be as stable, secure, and fast as it possible can be.


----------



## fonz (Jul 26, 2011)

JoshuaBranson said:
			
		

> Is an entirely monolithic custom-ly built kernel (that has no modules) better than a custom kernel that uses as many modules as possible?


Slightly depends on how often the hardware (or kernel component in general) is used. Drivers for a NIC are usually better compiled into the core kernel _(only the one you're actually using of course)_ but a driver for a sound board can be left as a module if you don't play sound that often.

Having said that... In most situations it doesn't actually make a big difference. If you're really after squeezing maximum security, stability and speed out of your system there are plenty of other things where there's more to gain.

Fonz


----------



## SirDice (Jul 26, 2011)

I tend to build a kernel with the things built in that are absolutely needed. Things like filesystems and network drivers. Audio and additional hardware I don't really need to run the thing I keep as modules.


----------



## silverglade00 (Jul 26, 2011)

You might also take into consideration changes to hardware. For a desktop computer, you might change out the sound card or video card, for example. You might want to leave those as modules, but put your disk controller drivers into the kernel since those will most likely not change.


----------



## JoshuaBranson (Jul 26, 2011)

fonz said:
			
		

> If you're really after squeezing maximum security, stability and speed out of your system there are plenty of other things where there's more to gain.
> 
> Fonz



 What other things can you do that will increase security and stability?


----------



## UNIXgod (Jul 26, 2011)

JoshuaBranson said:
			
		

> What other things can you do that will increase security and stability?



sysctl()(8)
security()(7)
jail()(8)
tuning()(7)

and lastly:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html

as for your kernel. I keep a slim kernel and load modules as I see fit. I keep my nic driver in the kernel( actually I think you have to) and have loader()(8) deal with the rest.


----------



## DutchDaemon (Jul 26, 2011)

Unofficial FreeBSD Security Checklist / Links / Resources


----------

