Errors about EFI partition upgrade - What to do?

TangoOversway

The short version is I keep getting several error messages a day on my pfSense notifications:

ERROR: The EFI partition on this device is too small to receive the updated arm64 EFI loader. Contact TAC at https://www.netgate.com/tac-support-request for assistance upgrading this device.

Same message, multiple times a day. I contacted tac support through the link and haven't received any response. I know my device is over a year old, so I don't know if I can still get the level of support that includes sending me the software this issue needs.

So where do I go from here?

More details: I'm on a Netgate SG-1100 and had only used it for a short while before I could permanently install it last May. I updated it at the time and this past month, when I started working on OpenVPN configuration, I checked the version and it said it was the latest, but it was at version 2.4.4. (Also, my understanding is that the version numbers like 2.x or 2.x.x are for pfSense not running on Netgate devices, so something like 22.01 is an appropriate number.

I was able to upgrade to 2.5, which was listed as deprecated and, from there, had the choice to upgrade to 22.01. From there, again, a choice to upgrade to a higher version - but that led to errors because of the EFI partition size. Which leads to the short version above - I get multiple errors a day telling me to contact TAC. I have and haven't had a response.

SteveITS

@tangooversway Support usually responds within 15-30 minutes for a firmware request. I’d try again.

Re error, unfortunately you need to reinstall. See https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems

After installing, install the System patches package as there are quite a few for 23.01.

Edit: https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html

Also AFAIK the message shows during upgrade attempts. We have several clients that have 2100s and aren’t receiving alerts. Even if it’s not an email I was on one today renewing a cert for which we did receive an alert, and nothing shown.

rcoleman-netgate

@tangooversway said in Errors about EFI partition upgrade - What to do?:

I have and haven't had a response.

When you contacted TAC how did you do so?
We reply to all messages that come in through https://go.netgate.com/

If you sent an email to an address it might have been lost in the shuffle - we do not have a regular "email us here" address for TAC tickets, however.

TangoOversway

@rcoleman-netgate

@rcoleman-netgate said in Errors about EFI partition upgrade - What to do?:

When you contacted TAC how did you do so?

I used the contact form in the link in the notification I quoted. (Link: https://www.netgate.com/tac-support-request)(I've since edited the post and made the message into a block of code to make it more distinct.) I included in the description what the issue was and that, from what I understood, I needed a software package to continue.

I believe, when I first got the error, when trying to upgrade, that I followed the link and, since it was just a contact page, also searched for info on it - which is where I read something about getting a package from TAC to use to continue. (I think that might have been this page or one like it that told me to contact TAC.)

@steveits said in Errors about EFI partition upgrade - What to do?:

Re error, unfortunately you need to reinstall.

I can deal with that. I started with pfSense on a Soekris box and, due to parental illness and a move and so on, I didn't get a chance to even log into that box for a number of years. By the time I got back to it, Soekris was out of business (I guess outsold by Raspberry Pi), and it was just too old to update. Migrating settings from that antique (in computer terms) to the SG-1100 was a nightmare. So as long as I can save the current settings, reinstall, and reload the settings file, it will be far easier than that upgrade!

rcoleman-netgate

Worth noting @TangoOversway that I checked our customer database and did not see anything from your registered email here on the forums -- so if you filled out the form please let us know what email address it was under so we can investigate it.

TangoOversway

@rcoleman-netgate

@rcoleman-netgate said in Errors about EFI partition upgrade - What to do?:

Worth noting @TangoOversway that I checked our customer database and did not see anything from your registered email here on the forums -- so if you filled out the form please let us know what email address it was under so we can investigate it.

Interesting, since I made sure the form went through, but something might have gone wonky. It was under the same email address I use in my account settings for this forum. (The one that ends in a gTLD instead of a "normal" TLD, if that helps.) So would the best thing for me to do now be to send in another request to get what I need? Or is there a reinstall guide or a link to get what I need?

rcoleman-netgate

@tangooversway said in Errors about EFI partition upgrade - What to do?:

So would the best thing for me to do now be to send in another request to get what I need? Or is there a reinstall guide or a link to get what I need?

Yes, re-use the form. If you didn't get a confirmation email then the form didn't actually go through in a manner that HubSpot likes.

TangoOversway

@rcoleman-netgate

@rcoleman-netgate said in Errors about EFI partition upgrade - What to do?:

Yes, re-use the form. If you didn't get a confirmation email then the form didn't actually go through in a manner that HubSpot likes.

Okay - I know for sure it didn't go through because I didn't get an email confirmation.

I figure if I just say, "Need to reinstall due to EFI boot issue," that's enough - instead of putting in a full explanation?

TangoOversway

@rcoleman-netgate

Submitted it again and got an email acknowledgement with an issue number. Thank you!