Yes, I know there is already a thread about this: https://forum.opnsense.org/index.php?topic=48145.0
I didn't want to dig it out but I want to add some more information and have a little summary.
I suppose some people will stumble over this in the future as many people (me included) are not aware that they have to update their boot loader themself.
I only saw this ASCII message by chance when I did a change in my BIOS settings, otherwise my OPNsense box is headless (running without input devices and monitor).
**********************************************************************
**********************************************************************
***** *****
***** BOOT LOADER IS TOO OLD. PLEASE UPGRADE. *****
***** *****
**********************************************************************
**********************************************************************
^ This is the message we are talking about, it originates in the FreeBSD base system, so the check is in upstream, not in OPNsense itself.
Here is the actual code to it: https://github.com/freebsd/freebsd-src/blob/50caa0ea0c16499c40e785b5aa37053b180b2830/stand/lua/core.lua#L579
All it does is to check if the boot loader is below revision 3.0
You can check the revision of the boot loader installed in the OS with this command:
strings /boot/loader.efi | grep "EFI loader"
Output:
DFreeBSD/amd64 EFI loader, Revision 3.0
You can check the revision of the boot loader actually loaded with this command:
strings /boot/efi/efi/freebsd/loader.efi | grep "EFI loader"
Output:
FreeBSD/amd64 EFI loader, Revision 1.1
There's also another method of finding out if you boot from MBR or GPT:
efibootmgr -v
Output:
Boot to FW : false
BootCurrent: 0001
Timeout : 2 seconds
BootOrder : 0001, 0002, 0000
+Boot0001* UEFI OS HD(1,GPT,f7a9b7de-952f-11ee-a368-00e04c681a07,0x28,0x82000)/File(\EFI\BOOT\BOOTX64.EFI)
gpt/efiboot0:/EFI/BOOT/BOOTX64.EFI /boot/efi//EFI/BOOT/BOOTX64.EFI
Boot0002* Hard Drive BBS(HD,,0x0)
Boot0000 ipfire VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)
HD(2,MBR,0x1aca948e,0x100800,0x10000)/File(\EFI\IPFIRE\GRUBX64.EFI)
Unreferenced Variables:(As you see I once used IPFire :)
So the easiest way to update your boot loader is to use the shell script of Emrion which was already discussed in the old thread.
Connect to your OPNsense box via SSH or the serial console.
Only input:
curl -O https://raw.githubusercontent.com/Emrion/uploaders/refs/heads/main/loaders-update
chmod +x loaders-update
./loaders-update show-me
./loaders-update shoot-me
y
y
y
Input and output:
root@OPNsense:~ # curl -O https://raw.githubusercontent.com/Emrion/uploaders/refs/heads/main/loaders-update
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 18231 100 18231 0 0 99.33k 0 0
root@OPNsense:~ # chmod +x loaders-update
root@OPNsense:~ # ./loaders-update show-me
loaders-update v1.3.2
One or more efi partition(s) have been found.
Examining ada0p1...
Efi partition ada0p1 is already mounted in /boot/efi.
Would run: cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
Would run: cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
One or more freebsd-boot partition(s) have been found.
The root file system is zfs.
Examining ada0...
Would run: gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0
-------------------------------
Your current boot method is UEFI.
Boot device: ada0p1 File(\EFI\BOOT\BOOTX64.EFI)
Updatable EFI loader: 2
Updatable BIOS loader: 1
-------------------------------
root@OPNsense:~ # ./loaders-update shoot-me
loaders-update v1.3.2
One or more efi partition(s) have been found.
Examining ada0p1...
Efi partition ada0p1 is already mounted in /boot/efi.
About to execute: cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
Are you sure (y/N)? y
About to execute: cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
Are you sure (y/N)? y
One or more freebsd-boot partition(s) have been found.
The root file system is zfs.
Examining ada0...
About to execute: gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0
Are you sure (y/N)? y
partcode written to ada0p2
bootcode written to ada0
-------------------------------
Your current boot method is UEFI.
Boot device: ada0p1 File(\EFI\BOOT\BOOTX64.EFI)
Updated EFI loader: 2
Updated BIOS loader: 1
-------------------------------
root@OPNsense:~ #
That's all folks.
@franco Is it possible to integrate the loaders-update shell script into the update process? Or are there any reasons against it?
Resources:
https://github.com/Emrion/uploaders/tree/main
https://www.freshports.org/sysutils/loaders-update
https://forums.freebsd.org/threads/verify-loader-version.96446/
https://www.jan0sch.de/post/freebsd-upgrade-uefi-bootloader/
https://github.com/opnsense/ports/tree/master/sysutils/loaders-update