Fresh install on Silicom IA3003 (Netgate 8200)
-
Good Day, I have just completed an install of pfSense + on a Silicom IA3003, which is the OEM version of the Netgate 8200 appliance. I registered for pfSense + once I had the Device ID so the installation would be the full version of pfSense + instead of the CE version and then having to upgrade.
The installation seemed to go fine; however, since rebooting post the install, I am getting stuck just after the printed message: Performing automatic boot verification...done.
I know the console is still active as I can see messages about the interfaces going Down / UP if I unplug and re-plug the LAN link. the file attached is the complete boot log.... Nothing is jumping out at me as an issue.
Thoughts???
[EDIT] - 1/18/25 T 15:03 -05:00
So I adjusted the "Cons:" output during my previous boots (log file attached above). I opted to not make that change this time and it seems the situation is worse. If I don't cycle through the console settings at the initial boot selection screen for pfSense, then the system hangs right at the beginning of the boot process. The last thing printed in the console is:
| __ _ __ / _|___ ___ _ __ ___ ___ _ | '_ \| |_/ __|/ _ \ '_ \/ __|/ _ \ _| |_ | |_) | _\__ \ __/ | | \__ \ __/ |_ _| | .__/|_| |___/\___|_| |_|___/\___| |_| |_| /---- Welcome to Netgate pfSense Plus ----\ __________________________ | | / ___\ | 1. Boot Multi user [Enter] | | /` | 2. Boot Single user | | / :-| | 3. Escape to loader prompt | | _________ ___/ /_ | | 4. Reboot | | /` ____ / /__ ___/ | | 5. Cons: Serial | | / / / / / / | | | | / /___/ / / / | | Options: | | / ______/ / / _ | | 6. Kernel: default/kernel (1 of 1) | |/ / / / _| |_ | | 7. Boot Options | / /___/ |_ _| | | | / |_| | | | /_________________________/ \-----------------------------------------/ | Autoboot in 0 seconds. [Space] to pause Loading kernel... /boot/kernel/kernel text=0x1a4c98 text=0xff3048 text=0x17ed568 data=0x180+0xe80 data=0x24c808+0x3b37f8 0x8+0x1d4108+0x8+0x1e9a19 Loading configured modules... /boot/kernel/opensolaris.ko size 0x1e2a8 at 0x37be000 /boot/kernel/zfs.ko size 0x619a40 at 0x37dd000 can't find '/etc/hostid' /boot/entropy size=0x1000 staging 0x67e00000-0x6c51a000 (not copying) tramp 0x6c51a000 PT4 0x6c51b000 Start @ 0xffffffff803a5000 ... \ -
Go read the reply in this thread: https://forum.netgate.com/topic/141691/defect-etc-rc-d-hostid-file-for-zfs-not-generated-from-uuid/4?_=1669295521699.
It's not supposed to matter if the
/etc/hostidfile is not present, but according to the linked post creating that file using the process described fixed the "no boot" issue. Probably can't hurt to try. I guess maybe use Option #2 to boot into single user mode and then try the fix posted. -
Thank you for that. I searched but didn’t come across this post. I’ll give that a shot. Appreciate the reply.
-
Thank you for the suggestion, but unfortunately it didn't solve the issue. I booted into single user mode and remounted the file system to read/write. I was able to execute the correct sequence of commands to build the /etc/hostid file but this has not corrected the booting issue. I am still stuck at the same "Performing automatic boot verification...done." message as the last printed message in the console.
boot snippet
Starting CRON... done. Starting package AWS VPC Wizard...done. Starting package IPsec Profile Wizard...done. Starting package Netgate Firmware Upgrade...done. Starting package WireGuard...done. Netgate pfSense Plus 24.11-RELEASE amd64 20250111-1611 Bootup complete Performing automatic boot verification...done.
I'm going to start to dig in to the boot sequence and see if I can figure out what is hanging but not printing to the console.
-
It doesn't have the required loader values for the console because:
netgate0: <unknown hardware> netgate0: version: 0.1The boot loader usually recognises the device and passes device specific values. I'd guess yours has a different BIOS that doesn't pass the smbios values the loader uses for recognition.
You probably need:
console="efi"For the early boot hang at least.
-
Hmm, I'll check that right now. I can see that the kenv shows the following from the BIOS:
of course this is what I see when booted into single user mode, and after I toggle the console setting in the initial boot menu. I assume adding the console="efi" to loader.conf.local can resolve this if it's not being picked up automatically (with out having to toggle the console at the boot menu).COLUMNS="128" FS5:\efi\boot\bootx64.efi="1" LINES="40" acpi.oem="INSYDE" acpi.revision="2" acpi.rsdp="0x000000007effe014" acpi.rsdt="0x000000007effe0ac" acpi.xsdt="0x000000007effe120" acpi.xsdt_length="36" acpi_dsdt_load="NO" acpi_dsdt_name="/boot/acpi_dsdt.aml" acpi_dsdt_type="acpi_dsdt" acpi_video_load="NO" audit_event_load="NO" audit_event_name="/etc/security/audit_event" audit_event_type="etc_security_audit_event" autoboot_delay="3" bitmap_load="NO" bitmap_name="splash.bmp" bitmap_type="splash_image_data" boot_serial="YES" boot_single="YES" bootenv_autolist="YES" bootenvs[0]="zfs:pfSense/ROOT/default" bootenvs_count="1" bootfile="kernel" comconsole_pcidev="" comconsole_port="1016" comconsole_speed="115200" console="efi" cpu_microcode_load="NO" cpu_microcode_name="/boot/firmware/ucode.bin" cpu_microcode_type="cpu_microcode" currdev="zfs:pfSense/ROOT/default:" debug.ddb.capture.bufsize="524288" efi-version="2.50" efi_8250_uid="0" efi_com_speed="115200" efi_max_resolution="1x1" entropy_cache_load="YES" entropy_cache_name="/boot/entropy" entropy_cache_type="boot_entropy_cache" entropy_efi_seed="YES" hint.acpi.0.disabled="0" hint.acpi_throttle.0.disabled="1" hint.atkbd.0.at="atkbdc" hint.atkbd.0.irq="1" hint.atkbdc.0.at="isa" hint.atkbdc.0.port="0x060" hint.atrtc.0.at="isa" hint.atrtc.0.irq="8" hint.atrtc.0.port="0x70" hint.attimer.0.at="isa" hint.attimer.0.irq="0" hint.attimer.0.port="0x40" hint.fd.0.at="fdc0" hint.fd.0.drive="0" hint.fd.1.at="fdc0" hint.fd.1.drive="1" hint.fdc.0.at="isa" hint.fdc.0.drq="2" hint.fdc.0.irq="6" hint.fdc.0.port="0x3F0" hint.p4tcc.0.disabled="1" hint.ppc.0.at="isa" hint.ppc.0.irq="7" hint.psm.0.at="atkbdc" hint.psm.0.irq="12" hint.sc.0.at="isa" hint.sc.0.flags="0x100" hint.smbios.0.mem="0x7c51d000" hint.uart.0.at="isa" hint.uart.0.flags="0x10" hint.uart.0.irq="4" hint.uart.0.port="0x3F8" hint.uart.1.at="isa" hint.uart.1.irq="3" hint.uart.1.port="0x2F8" hostuuid_load="YES" hostuuid_name="/etc/hostid" hostuuid_type="hostuuid" hw.e6000sw.default_disabled="1" hw.hn.use_if_start="1" hw.hn.vf_transparent="0" hw.uart.console="io:1016,br:115200" hw.usb.no_pf="1" kern.geom.label.disk_ident.enable="0" kern.geom.label.gptid.enable="0" kern.ipc.nmbclusters="1000000" kern.ipc.nmbjumbo9="524288" kern.ipc.nmbjumbop="524288" kernel="kernel" kernel_options="" kernel_path="/boot/kernel" kernelname="/boot/kernel/kernel" kernels_autodetect="YES" loaddev="zfs:pfSense/ROOT/default:" loader_brand="pfSense" loader_color="NO" loader_conf_dirs="/boot/loader.conf.d" loader_logo="pfSensebw" loader_menu_title="Welcome to Netgate pfSense Plus" local_loader_conf_files="/boot/loader.conf.local" machdep.hwpstate_pkg_ctrl="1" module_blacklist="drm drm2 radeonkms i915kms amdgpu" module_path="/boot/kernel;/boot/modules;/boot/dtb;/boot/dtb/overlays" module_verbose="2" net.isr.maxthreads="-1" net.link.ifqmaxlen="128" net.pf.request_maxcount="400000" net.pf.states_hashsize="1048576" nextboot_conf="/boot/nextboot.conf" opensolaris_load="YES" ram_blacklist_load="NO" ram_blacklist_name="/boot/blacklist.txt" ram_blacklist_type="ram_blacklist" screensave_load="NO" screensave_name="green_saver" script.lang="lua" smbios.bios.reldate="2023-05-16" smbios.bios.revision="13.5" smbios.bios.vendor="INSYDE Corp." smbios.bios.version="CORDOBA-03.00.00.03-SLt" smbios.chassis.maker="Silicom" smbios.chassis.serial="2038234152" smbios.chassis.tag="None" smbios.chassis.type="Other" smbios.chassis.version="R404" smbios.memory.enabled="16777216" smbios.planar.location="Type2 - Board Chassis Location" smbios.planar.maker="Silicom" smbios.planar.product="80300-0214-G02" smbios.planar.serial="2038234152" smbios.planar.tag="Type2 - Board Asset Tag" smbios.planar.version="R404" smbios.socket.enabled="1" smbios.socket.populated="1" smbios.system.family="Not Specified" smbios.system.maker="Silicom" smbios.system.product="80500-0214-G02-SL00x" smbios.system.serial="2038234152" smbios.system.sku="Not Specified" smbios.system.uuid="ada50951-0296-410c-a3ec-5cbb337b0738" smbios.system.version="R404" smbios.version="3.0" splash_bmp_load="NO" splash_pcx_load="NO" splash_txt_load="NO" twiddle_divisor="16" verbose_loading="NO" vesa_load="NO" vfs.root.mountfrom="zfs:pfSense/ROOT/default" zfs_be_active="zfs:pfSense/ROOT/default" zfs_be_currpage="1" zfs_be_root="pfSense/ROOT" zfs_load="YES" dev.ax.sph_enable="0" -
I added console="efi" to /boot/loader.conf.local but I still get stuck at the initial boot:
Loading kernel... /boot/kernel/kernel text=0x1a4c98 text=0xff3048 text=0x17ed568 data=0x180+0xe80 data=0x24c808+0x3b37f8 0x8+0x1d4108+0x8+0x1e9a19- Loading configured modules... /etc/hostid size=0x25 /boot/kernel/zfs.ko size 0x619a40 at 0x37be000 /boot/kernel/opensolaris.ko size 0x1e2a8 at 0x3dd8000 /boot/entropy size=0x1000 staging 0x67e00000-0x6c51a000 (not copying) tramp 0x6c51a000 PT4 0x6c51b000 Start @ 0xffffffff803a5000 ... \ -
@svandive said in Fresh install on Silicom IA3003 (Netgate 8200):
hw.uart.console="io:1016,br:115200"
Did you set that ^?
We do not set it. The only other difference I see, except all the led driver stuff which is missing, is:
hint.uart.0.at=acpi -
So I did not set the hw.uart.console. This must be being picked up from the UEFI.
I should make sure this is clear. The machine I am installing on is NOT a Netgate 8200 purchased from Netgate but rather the same machine (Silicom Cordoba) that I use and work as part of my job. The only difference is the smbios on the Netgate 8200 is pre-programed with these two fields:
smbios.system.maker="Netgate"
smbios.system.product="8200"I was originally planning on simply installing pfSense Plus on here since I had the hardware and I need a Firewall for a new stub in my lab at work. I figured since Netgate uses the Silicom box it would be a tested / known white-box to run pfSense on. Reality has been a bit more cumbersome.
I have tried setting the two fields above (Netgate and 8200), and when the box boots pfSense does load the loader.conf.lua environment settings for the LEDs. However this has not helped me with booting. :-)
I have been able to resolve the initial boot up issue. the final issue I seem to be having is I am still getting stuck at the final stage of the boot up process. The console stops at the line:
Performing automatic boot verification...done.
I'm not able to get the menu to show but I am able to login now via the Web GUI. Any thoughts why console won't get to the end stage and show the login?
-
Anything shown in the system log?
Some hung process shown in the Diag > System Activity?
-
I corrected the issue that was causing the console to hang at the end of the boot cycle and not allowing the login screen / menu to appear.
What appears to be the final hurdle is getting past a hang-up that appears to be occurring when analyzing if any serial interface has been configured for GDB kernel debugging. At least that is the next message printed to the console when the unit boots properly, (GDB: no debug ports present). Below is all I get on the console and then it hangs.
__ _ __ / _|___ ___ _ __ ___ ___ _ | '_ \| |_/ __|/ _ \ '_ \/ __|/ _ \ _| |_ | |_) | _\__ \ __/ | | \__ \ __/ |_ _| | .__/|_| |___/\___|_| |_|___/\___| |_| |_| /---- Welcome to Netgate pfSense Plus ----\ __________________________ | | / ___\ | 1. Boot Multi user [Enter] | | /` | 2. Boot Single user | | / :-| | 3. Escape to loader prompt | | _________ ___/ /_ | | 4. Reboot | | /` ____ / /__ ___/ | | 5. Cons: Serial | | / / / / / / | | | | / /___/ / / / | | Options: | | / ______/ / / _ | | 6. Kernel: default/kernel (1 of 1) | |/ / / / _| |_ | | 7. Boot Options | / /___/ |_ _| | | | / |_| | | | /_________________________/ \-----------------------------------------/ Loading kernel... /boot/kernel/kernel text=0x1a4c98 text=0xff3048 text=0x17ed568 data=0x180+0xe80 data=0x24c808+0x3b37f8 0x8+0x1d4108+0x8+0x1e9a19- Loading configured modules... /boot/kernel/zfs.ko size 0x619a40 at 0x37be000 /boot/entropy size=0x1000 /boot/kernel/opensolaris.ko size 0x1e2a8 at 0x3dd9000 /etc/hostid size=0x25 staging 0x67e00000-0x6c51a000 (not copying) tramp 0x6c51a000 PT4 0x6c51b000 Start @ 0xffffffff803a5000 ... \It is very odd behavior. If I stop the autoboot at this menu and interact with the menu in some way, (e.g. cycle through the Consoles (option 5) or access the loader prompt (option 3)) I am able to select option 1 and the machine will boot into pfSense properly. If I don't touch the menu and allow the autoboot to cycle down, the machine will hang just after printing:
Start @ 0xffffffff803a5000 ...
to the console. I have searched through all of the loader config files, but I'm not able to identify where the kernel flag for GDB is being set, or where I need to look to find answers to why the bootstrapping is getting hung up at this point. I suspect it might have something to do with the configuration of uart.0; however, I'm not really able to nail this down.
You had asked in an earlier post if I was setting the variable
hw.uart.console="io:1016,br:115200"
I don't have this configured in loader.conf.local, and I've not seen it set anywhere else. Also, when I stop at the initial boot menu and drop down to the loader prompt, the variable is not set at that stage and does not show up in the output from a "show" command. However, after booting up and looking at the output from "kenv" I do see it set.
The other issue I am seeing that is related to troubleshooting this problem is my "loader.conf.local" file keeps getting reverted to an earlier revision. When I first started working on this device and directly after the initial install of pfSense, the loader.conf.local file was empty. I added the following to it:
smbios.system.maker="Netgate" smbios.system.product="8200" legal.intel_ipw.license_ack="1" legal.intel_iwi.license_ack="1" console="efi"I have since tried adding other various variables to this file, but anytime I reboot, the file always reverts back to just having the five (5) entries that I listed above. This is extremely odd, and I cannot for the life of me figure out how this file is being reverted back to a version that only has these five (5) entries. I would expect that if the OS was going to overwrite the file, it would be empty post-boot, not reverted to this already modified state sans my most recent updates to the file.
-
Well I figured out why loader.conf.local is seeming to be reverted. It's due to the script:
/etc/inc/pfsense-utils.inc
The fields I had been adding are specifically ones that are removed by this script.
/* These values should be removed from loader.conf and loader.conf.local * As they will be replaced when necessary. */ $remove = array( "hint.cordbuc.0", "hint.e6000sw.0", "hint.gpioled", "hint.mdio.0.at", "hint-model.", "hw.e6000sw.default_disabled", "hw.hn.vf_transparent", "hw.hn.use_if_start", "hw.usb.no_pf", "net.pf.request_maxcount", "vm.pmap.pti", ); if (!$local) { /* These values should only be filtered in loader.conf, not .local */ $remove = array_merge($remove, array( "autoboot_delay", "boot_multicons", "boot_serial", "comconsole_speed", "comconsole_port", "console", "debug.ddb.capture.bufsize", "hint.uart.0.flags", "hint.uart.1.flags", "net.link.ifqmaxlen", "hint.hwpstate_intel.0.disabled", "loader_conf_files", "machdep.hwpstate_pkg_ctrl", "net.pf.states_hashsize" )); }I had been adding the "hint.gpioled" fields that would normally be picked up by loading loader.conf.lua if the unit is detected as a Netgate 8200. However, I noticed that my configuration in loader.conf.local that configures the two "smbios" fields to trick the software into thinking it is truly installing on a Netgate 8200 wasn't always being picked up before loader.conf.lua was read and processed, so I thought adding it to loader.conf.local would be a safe bet. As it turns out, the script pfsense-utils.inc doesn't like me doing that and is removing these entries.
Mystery solved. Now if I can just figure out why the bootstrapping process is getting hung up at the start, I'll be golden.
