Missing kernel modules on 2.7.0 release
-
@LuKePicci said in Missing kernel modules on 2.7.0 release:
https://redmine.pfsense.org/issues/14086
That was marked resolved when the required modules were added back, such as if_gif.
We were previously building a large number of unused modules that were only taking up space.
Is there a specific module you are looking for?Steve
-
@stephenw10 well, as stated in the previous thread, we have many working deployments which are using the tpm.ko driver for Azure IoT Hub provisioning. Since freebsd support in .Net is likely to merge in time for the dotnet 8.0 cutoff, it would be nice not to make steps backward in this scenario.
That said, I think the best would be to package remaining drivers into installable packages. We will need to do that if needed drivers won't be provided anymore.
-
Ah interesting. So in this case i has to be able to access the TPM hardware to provision pfSense as an IoT device?
-
@stephenw10 Yeah, exactly. I can describe the IoT hub integration further in a different thread of you're interested. Here I'd only like to get a guideline for getting stripped out kernel modules into pfsense again. Is it technically possible to get pkgs out of them?
-
Yes, technically it's possible. There is internal discussion happening as I type this.
That kernel module is included in 23.05.1. Is there some reason you can't use that?
-
@stephenw10 Yup, I can extract that module from 23.05.1 if present and use it inside 2.7.0, this way I can avoid build it on my own. But there are some other unrelated things we need to fix in order to upgrade our userbase to 2.7.0 so we will probably get ready for upgrading to FreeBSD 14 long after you managed to get these modules back in packages. I'll stay tuned.
-
What I meant was are you not able to use 23.05.1 instead of 2.7 since it includes the kernel modules. I'm just trying to understand your use case here since it's not anything I've seen before.
-
@stephenw10 Oh sorry, I was misunderstanding. Well, I'm talking about a relevant number of our own white-label appliances we rent to customers. AFAIK the Plus release channel will be priced $129/yr for commercial purposes. IMHO the price would not be an issue per se, but it would be more complex to us, at the current state, to also manage customers licensing for the Plus subscription. I think we would register as Netgate partners first and then evaluate how to implement Netgate licensing automation (which is something we already do as CSP for M365/Azure resources), but still this is not related to the issue I intended to discuss here. Again, I would be happy to discuss our own use case in a separate thread.
-
Ah Ok, so not actually running in Azure. The TPM driver is required to verify the device remotely?
-
@stephenw10 Yes, it uses TSS.MSR TPM stack in order to do device attestation based on the TPM More about hat: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-tpm-attestation
