2.4.4 fails upgrade and fresh installation

jbhowlesr

When I try install 2.4.4, the installer fails with a repeated register dump

0_1537845085789_pfsense 2.4.4 crash dump.jpg

I tried the upgrade from 2.4.3_1 to 2.4.4 first but received the above and it just keep spitting this out repeatedly. So moved to fresh install and received the same.

I tried setting the bios for UEFI only with no luck. I tried disabling CSM altogether and still getting the same

My box is a Kaby Lake Celeron based with 6 Intel 1gb NIC ports and I’m using an msata SSD.

I tried reverting to 2.4.3_1 which installs fine but snort and pfblocker have been updated and they cause 2.4.3_1 to crash.

Help please

jimp

That looks like a problem with your disk controller, or its driver. But it's referring to sdhci which is generally for mmc/eMMC not for mSATA disks.

We had some issues similar to that with eMMC on certain devices with 2.4.4, the driver in FreeBSD 11.2 was trying to use a different mode than before, and the driver didn't get along too well with that.

You might search around and see if anyone else on FreeBSD has a matching chipset issue to yours. There may be a workaround specific to your hardware.

jbhowlesr

@jimp the board is a system on chip Celeron 3865U which is 7th generation and supports AES-NI. The board doesn’t have a chipset to my knowledge since it’s an SoC. The board itself is a Pico ITX I believe or the size just above.

I did reach out to the board maker to ask for a bios update. That’s the only thing that strikes me as a possibility.

jbhowlesr

@jimp tried switching to a standard sata based hard drive while disabling PCIe altogether with zero luck. Not sure what else to do at this point. Bout ready to give up and go to a different software set to use like Untangle or Sophos. This 2.4.4 update has rendered my unit unusable with pfsense because even if I revert to the previous version of this software, the utilities I prefer to run have been updated and will not run on the previous version of pfsense. So, I feel like this stuff should have been properly vetted before launching such drastic system update. There is literally no reason my hardware shouldn't be support in 2.4.4. Especially since it is secure boot capable and compliant with Windows 10 ver 1709 and MS Intune. The issue to me seems like a driver issue with something included in 2.4.4. UEFI is fully enabled in this systems bios by default so I am of mind that there is no issue with my hardware.

Still waiting for some resolution here but it is starting to feel like none is coming.

jimp

We cannot possibly test every combination of hardware we do not sell. 2.4.4 was in beta for a very long time. At any point you could have tested it out on that hardware.

Additionally, the problem appears to be a FreeBSD compatibility issue -- something which we do not have any control over.

Try to replicate the problem on FreeBSD 11.2 and open an issue upstream with FreeBSD if/when the problem still happens there.

The error you show appears to be from mmc/eMMC like I said and not a SATA/mSATA/m.2 disk, so it's also possible that is something you need to disable on the board or in the BIOS, or find a FreeBSD device hint that matches your hardware to put in at the loader prompt to disable the controller (like hint.sdhci.0.disable=1) or maybe some other related tunable like hw.sdhci.enable_msi=0 or some combination of hw.sdhci.quirk_set and/or quirk_clear, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228340 )

jbhowlesr

@jimp The problem, I never get far enough to do any of this. The images above is what happens when I try to fresh install. The system simply never starts the installation and therefor no console options appear. Even if I upgrade and reboot, what is shown in the photo occurs in the boot and pfsense never starts up. Essentially, the system is prevented from even loading or installing.

jimp

You can add those to /boot/loader.conf.local before upgrading, or either way you can do that at a loader prompt. At the boot menu, choose the loader prompt option. If no boot menu shows up, press space when you see the loader spinner (|) moving.

jbhowlesr

@jimp Sorry for the extreme delay in getting back to you. Let make sure I got this correct. Go to fresh install and when I see the spinning (|), press space to bring up a prompt and type /boot/loader.conf.local? I'm not familiar with the command line side of pfsense but if you can explain this a little further that would be great. I've been using untangle for the last month because I am unable to load 2.4.4 and I'm itching to get back to pfsense. Is there some other screen shots I can post to help the troubleshooting process out?

stephenw10

If you are coming from 2.4.3 you can just add those values to the file /boot/loader.conf.local before you upgrade. You may need to create that file.

If you are installing 2.4.4 fresh, or have already upgraded and it won't boot, you need to set those values at the loader prompt in order to allow it to boot and then add them to the file.
That process is detailed here for disabling ACPI but obviously you would want to disable sdhci instead:
https://www.netgate.com/docs/pfsense/hardware/boot-troubleshooting.html#disabling-acpi

Let us know if that helps. That has worked for others in your situation though.

Steve

stephenw10

Looking at the actual error you're seeing you might also try:
hint.sdhci_pci.1.disabled=1

Steve

jbhowlesr

@stephenw10 How do I do this on a blank installation? As in there is nothing installed on the box currently and no previous version to edit commands on.

jbhowlesr

@stephenw10 Sorry bro but after 4 months, I am still no further with fixing this situation and this forum either doesn't understand the problem or doesn't know how to fix it. I have clearly stated that the system is blank and pfsense will not install. SO there is no means to update or edit commands. Plus, the few links that have been posted so far seem all want me to update and fiddle with commands in a running system which this is not.

So here I am, 6 months since pfsense update to this new code and I am no closer to fixing it. I understand none of the people in this forum want to do anymore then issue hints instead of fixes. Fact is though that unless I get this going, I will stop recommending pfsense to my clients and choose other venders.

Grimson

@jbhowlesr said in 2.4.4 fails upgrade and fresh installation:

Fact is though that unless I get this going, I will stop recommending pfsense to my clients and choose other venders.
so please help me or loose my client base. Oh, and to be clear, all the help hints issued so far, I don't understand them whatsoever so they are not helpful whatsoever.

Given that you obviously aren't using Netgate/pfSense hardware the loss won't be that big.

You have already been given information on how to proceed:

@jimp said in 2.4.4 fails upgrade and fresh installation:

You can add those to /boot/loader.conf.local before upgrading, or either way you can do that at a loader prompt. At the boot menu, choose the loader prompt option. If no boot menu shows up, press space when you see the loader spinner (|) moving.

@stephenw10 said in 2.4.4 fails upgrade and fresh installation:

If you are coming from 2.4.3 you can just add those values to the file /boot/loader.conf.local before you upgrade. You may need to create that file.

If you are installing 2.4.4 fresh, or have already upgraded and it won't boot, you need to set those values at the loader prompt in order to allow it to boot and then add them to the file.
That process is detailed here for disabling ACPI but obviously you would want to disable sdhci instead:
https://www.netgate.com/docs/pfsense/hardware/boot-troubleshooting.html#disabling-acpi

Let us know if that helps. That has worked for others in your situation though.

Steve

If none of this works then you should choose better hardware.

jbhowlesr

This post is deleted!

jbhowlesr

@grimson

Look, let’s start over here.

The system is completely blank having a new SSD installed.

Let’s take a step back. I create the install media and boot the system off of it. It boots the media and before giving any prompts or (I) spinning pipes, I get the error in the photo in the beginning of this thread.

I have poured through the system bios which is quite extensive but find no reference or option for sdhci.

I have checked the vender site for a bios update but none exist. It’s a Intel 7th generation muliticore SoC based system with 16gb of ram and a 120gb SSD. All running on a 35watt tdp package.

So being that there is no installed system in the drive, how do I access or edit a loader.conf file? This has been my dilemma. If someone could answer that I’d be very thankful.

For my clients. They are building a large data center and I am in the progress of building them them security appliances with them planning on purchasing a large support contract with netgate.

Grimson

@jbhowlesr said in 2.4.4 fails upgrade and fresh installation:

Let’s take a step back. I create the install media and boot the system off of it. T boots the media and before giving any prompts or (I) spinning pipes, I get the error in the photo in the beginning of this thread.

Well if the basic loader already fails you need to choose different/better hardware, especially if this will be a core part of a large production setup. It's as simple as that.

If your clients are willing to pay a large support contract a few bucks for a fitting pfSense appliance shouldn't be a problem.

jbhowlesr

@grimson they don’t want to waste funds buying non reparable hardware and rely on warranty services to replace whole systems. It’s a waste of time and only contributes to the already massive e-waste issue.

Using built systems that can be repurposed or repaired with off the shelf parts and put back into service quickly is what they want.

Pfsense made appliances only serve one purpose. An assembled system such as I’m building can be repurposed to another platform or use at a moments notice.

So let’s leave “better hardware” comments out shall we.

Rico

You don't even see this screen when booting the Installer?

-Rico

Grimson

@jbhowlesr said in 2.4.4 fails upgrade and fresh installation:

So let’s leave “better hardware” comments out shall we.

Your current hardware has issues booting with FreeBSD 11.2, so your choices for running pfSense on it are:

Try workarounds like the ones mentioned here.
Use different hardware
Create a bug report with the FreeBSD devs and hope they can fix it, after that wait for a pfSense version that uses a FreeBSD base containing the fix.

Try to boot FreeBSD 12, if that works you could be lucky and use the upcoming pfSense 2.5.0 builds.

jbhowlesr

@rico it will appear briefly but not show a spinning pipe (I) symbol.

The system is a Intel 7th gen Quad Core with 16gb Ram and SSD. It’s really fast.