Loader.conf.local deleted on restart

kpa

That is not good. The loader.conf.local file should never be touched by the firmware (the PfSense OS) no matter how good the intentions for doing so are. Validation of the file and notification of errors would be ok but silent modifications are definitely not.

chbmb

I can confirm I'm seeing loader.conf.local being deleted after a reboot on the current stable release of pfSense. Here's my shell output.

EDIT: Running on x64 hardware with a VGA install from USB.

chbmb@thinkpad ~ $ ssh admin@192.168.0.1
Password for admin@pfSense.localdomain:
....pfSense - Netgate Device ID: xxxxxxxxxxxxxxxxxxxx

*** Welcome to pfSense 2.4.3-RELEASE-p1 (amd64) on pfSense ***

 WAN (wan)       -> pppoe0     -> v4/PPPoE: xxx.xxx.xxx.xxx/xx
 LAN (lan)       -> em1        -> v4: 192.168.0.1/24
 GUEST (opt1)    -> em1.10     -> v4: 192.168.10.1/24
 VM (opt2)       -> em1.20     -> v4: 192.168.20.1/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 8

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: dmesg | grep console
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: dmesg | grep uart
uart2: <16550 or compatible> port 0x2e0-0x2e7 irq 7 on acpi0
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: echo comconsole_port="0x2e0" > /boot/loader.conf.local
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  311296 May 10 20:06 /boot/loader
-r--r--r--  1 root  wheel    7127 May 10 20:06 /boot/loader.4th
-rw-r--r--  1 root  wheel     159 Jun  4 00:19 /boot/loader.conf
-r-xr-xr-x  1 root  wheel  402432 May 10 20:06 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 20:06 /boot/loader.help
-rw-r--r--  1 root  wheel      22 Jun  4 00:19 /boot/loader.conf.local
-r--r--r--  1 root  wheel     350 May 10 20:06 /boot/loader.rc
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: reboot

chbmb@thinkpad ~ $ ssh admin@192.168.0.1
Password for admin@pfSense.localdomain:
....pfSense - Netgate Device ID: xxxxxxxxxxxxxxxxxxxx

*** Welcome to pfSense 2.4.3-RELEASE-p1 (amd64) on pfSense ***

 WAN (wan)       -> pppoe0     -> v4/PPPoE: xxx.xxx.xxx.xxx/xx
 LAN (lan)       -> em1        -> v4: 192.168.0.1/24
 GUEST (opt1)    -> em1.10     -> v4: 192.168.10.1/24
 VM (opt2)       -> em1.20     -> v4: 192.168.20.1/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 8

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: dmesg | grep console
uart2: console (115200,n,8,1)
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  311296 May 10 20:06 /boot/loader
-r--r--r--  1 root  wheel    7127 May 10 20:06 /boot/loader.4th
-rw-r--r--  1 root  wheel     159 Jun  4 00:26 /boot/loader.conf
-r-xr-xr-x  1 root  wheel  402432 May 10 20:06 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 20:06 /boot/loader.help
-r--r--r--  1 root  wheel     350 May 10 20:06 /boot/loader.rc

chbmb

As a workaround I've set the system immutable flag, which preserves loader.conf.local across reboots.

chflags schg /boot/loader.conf.local

Turn it off with:

chflags noschg /boot/loader.conf.local

stephenw10

Curious. I'm not seeing that here. The file is touched, that timestamp matches the reboot, but the contents are the same.

Steve

chbmb

@stephenw10 said in Loader.conf.local deleted on restart:

Curious. I'm not seeing that here. The file is touched, that timestamp matches the reboot, but the contents are the same.

Steve

Yeah, I see that @Derelict couldn't reproduce it either, mine is a completely fresh install of 2.4.3 and the only package I've installed is Telegraf, so I'm at a loss to explain it as well.

Happy to try troubleshooting if anyone can think of anything.

stephenw10

Try putting something else in the file, something not ever specified in loader.conf. I used:

legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1

Steve

chbmb

@stephenw10 said in Loader.conf.local deleted on restart:

Try putting something else in the file, something not ever specified in loader.conf. I used:

legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1

Steve

Interestingly, when I did that the file was persistent.

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  311296 May 10 20:06 /boot/loader
-r--r--r--  1 root  wheel    7127 May 10 20:06 /boot/loader.4th
-rw-r--r--  1 root  wheel     159 Jun  5 18:41 /boot/loader.conf
-rw-r--r--  1 root  wheel      30 Jun  7 21:30 /boot/loader.conf.local
-r-xr-xr-x  1 root  wheel  402432 May 10 20:06 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 20:06 /boot/loader.help
-r--r--r--  1 root  wheel     350 May 10 20:06 /boot/loader.rc
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: cat /boot/loader.conf.local
legal.intel_ipw.license_ack=1
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: reboot
Connection to 192.168.0.1 closed by remote host.
Connection to 192.168.0.1 closed.
chbmb@thinkpad ~ $ ssh admin@192.168.0.1
Password for admin@pfSense.localdomain:
pfSense - Netgate Device ID: xxxxxxxxxxxxxxxxxxxx

*** Welcome to pfSense 2.4.3-RELEASE-p1 (amd64) on pfSense ***

 WAN (wan)       -> pppoe0     -> v4/PPPoE: xxx.xxx.xxx.xxx/32
 LAN (lan)       -> em1        -> v4: 192.168.0.1/24
 GUEST (opt1)    -> em1.10     -> v4: 192.168.10.1/24
 VM (opt2)       -> em1.20     -> v4: 192.168.20.1/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 8

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  311296 May 10 20:06 /boot/loader
-r--r--r--  1 root  wheel    7127 May 10 20:06 /boot/loader.4th
-rw-r--r--  1 root  wheel     159 Jun  7 21:33 /boot/loader.conf
-rw-r--r--  1 root  wheel      30 Jun  7 21:33 /boot/loader.conf.local
-r-xr-xr-x  1 root  wheel  402432 May 10 20:06 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 20:06 /boot/loader.help
-r--r--r--  1 root  wheel     350 May 10 20:06 /boot/loader.rc

chbmb

And then, once again, when I make my changes the file is deleted on reboot. However the changes are picked up as evidenced by dmesg | grep console at the beginning and end of the below output. However that is not the case on subsequent reboots,

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: dmesg | grep console
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: rm /boot/loader.conf.local 
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  311296 May 10 20:06 /boot/loader
-r--r--r--  1 root  wheel    7127 May 10 20:06 /boot/loader.4th
-rw-r--r--  1 root  wheel     159 Jun  7 21:33 /boot/loader.conf
-r-xr-xr-x  1 root  wheel  402432 May 10 20:06 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 20:06 /boot/loader.help
-r--r--r--  1 root  wheel     350 May 10 20:06 /boot/loader.rc
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: echo comconsole_port="0x2e0" > /boot/loader.conf.local
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  311296 May 10 20:06 /boot/loader
-r--r--r--  1 root  wheel    7127 May 10 20:06 /boot/loader.4th
-rw-r--r--  1 root  wheel     159 Jun  7 21:33 /boot/loader.conf
-rw-r--r--  1 root  wheel      22 Jun  7 21:37 /boot/loader.conf.local
-r-xr-xr-x  1 root  wheel  402432 May 10 20:06 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 20:06 /boot/loader.help
-r--r--r--  1 root  wheel     350 May 10 20:06 /boot/loader.rc
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: reboot
Connection to 192.168.0.1 closed by remote host.
Connection to 192.168.0.1 closed.
chbmb@thinkpad ~ $ ssh admin@192.168.0.1
Password for admin@pfSense.localdomain:
....pfSense - Netgate Device ID: xxxxxxxxxxxxxxxxx

*** Welcome to pfSense 2.4.3-RELEASE-p1 (amd64) on pfSense ***

 WAN (wan)       -> pppoe0     -> v4/PPPoE: xxx.xxx.xxx.xxx/32
 LAN (lan)       -> em1        -> v4: 192.168.0.1/24
 GUEST (opt1)    -> em1.10     -> v4: 192.168.10.1/24
 VM (opt2)       -> em1.20     -> v4: 192.168.20.1/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 8

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  311296 May 10 20:06 /boot/loader
-r--r--r--  1 root  wheel    7127 May 10 20:06 /boot/loader.4th
-rw-r--r--  1 root  wheel     159 Jun  7 21:38 /boot/loader.conf
-r-xr-xr-x  1 root  wheel  402432 May 10 20:06 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 20:06 /boot/loader.help
-r--r--r--  1 root  wheel     350 May 10 20:06 /boot/loader.rc
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: dmesg | grep console
uart2: console (115200,n,8,1)

stephenw10

Hmm, odd.
What if you add the license line first and keep the comconsole line in addition?

Steve

stephenw10

I have one box with a very similar line that has no issues but it's running 2.3.5:

[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: cat /boot/loader.conf.local
comconsole_port="0x2F8"
legal.intel_wpi.license_ack=1
legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1

[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  262144 May 10 21:07 /boot/loader
-r--r--r--  1 root  wheel    6747 May 10 21:07 /boot/loader.4th
-rw-r--r--  1 root  wheel     133 Jun 10 17:49 /boot/loader.conf
-rw-r--r--  1 root  wheel     113 Sep 21  2017 /boot/loader.conf.local
-r-xr-xr-x  1 root  wheel  393724 May 10 21:07 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 21:07 /boot/loader.help
-r--r--r--  1 root  wheel     350 May 10 21:07 /boot/loader.rc

Interesting that it does not get touched at boot.....

Steve

chbmb

Interesting.

So editing the /boot/loader.conf.local to give this

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: cat /boot/loader.conf.local
legal.intel_wpi.license_ack=1
legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1
comconsole_port=0x2e0

Then after a reboot

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: ls -la /boot/loader*
-r-xr-xr-x  1 root  wheel  311296 May 10 21:06 /boot/loader
-r--r--r--  1 root  wheel    7127 May 10 21:06 /boot/loader.4th
-rw-r--r--  1 root  wheel     159 Jun 11 20:06 /boot/loader.conf
-rw-r--r--  1 root  wheel      90 Jun 11 20:06 /boot/loader.conf.local
-r-xr-xr-x  1 root  wheel  402432 May 10 21:06 /boot/loader.efi
-r--r--r--  1 root  wheel   14766 May 10 21:06 /boot/loader.help
-r--r--r--  1 root  wheel     350 May 10 21:06 /boot/loader.rc
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: cat /boot/loader.conf.local
legal.intel_wpi.license_ack=1
legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1

So it's removing the comconsole_port=0x2e0 entry, which if there is nothing else in the file, results in it being deleted.

stephenw10

Do you have a comconsole_port setting in loader.conf that might be conflicting?

What hardware are you running on that requires this change? I wonder if it's being recognised incorrectly.

Steve

chbmb

No comconsole_port setting in loader.conf

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: cat /boot/loader.conf
kern.cam.boot_delay=10000
boot_multicons="YES"
boot_serial="YES"
console="comconsole,vidconsole"
comconsole_speed="115200"
autoboot_delay="3"
hw.usb.no_pf="1"

Running on an i5 SBC which has multiple serial ports, but disabled all of them in BIOS except the one I'm using.

stephenw10

Hmm, we're looking into this. Should be able to come back with something shortly.

Steve

jimp

Try the commit on https://redmine.pfsense.org/issues/8571 as a patch in the System Patches package. That should fix the behavior.

chbmb

@jimp @stephenw10

Can confirm that patch has fixed the issue. Thanks for looking into it.

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: cat /boot/loader.conf.local
comconsole_port="0x2e0"
legal.intel_wpi.license_ack=1
legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1