OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: _Raúl_ on February 06, 2019, 09:51:00 am
-
This is my first post here so first things first, thanks a lot to everyone that makes opnsense possible.
I've read on release notes that is a known error on uefi / bhyve and it is under investigation. I use it with bhyveload instead uefi and it hangs booting after update to 19.1, probably related. I've looked for several days, threads, tweets ... without success, where can I find the progress on this situation?
Thanks a lot in advance.
-
If you're using FreeBSD as the host, make sure you're passing in the -w option to ignore unimplemented MSRs.
-
I did test 12.0-p3 yesterday with this script https://github.com/opnsense/tools/blob/master/build/boot.sh#L43-L51 and whatever this is some people are seeing it's not a general issue with 19.1 or 11.2 as this boots fine.
Any help with providing the steps to reproduce is highly appreciated.
Cheers,
Franco
-
In this particular case, it's because we at HardenedBSD ported over a cool security feature from OpenBSD: disabling a specific Intel backdoor called Intel SDBG. We have to toggle a not-well-known MSR that FreeBSD's bhyve freaks out on. We implemented a workaround in HardenedBSD's bhyve that FreeBSD refuses to import upstream, though they initially promised they would.
-
But why did it not freak in my test?
-
Were you already passing in the -w option? How were you booting opnsense 19.1 in bhyve?
-
*click* https://github.com/opnsense/tools/blob/master/build/boot.sh#L43-L51
-
Interesting. Perhaps it's not the Intel SDBG disable, then. Lemme double-check a few things and I'll get back to you soon-ish. Probably around a week or so.
-
ok, thanks <3
-
If you're using FreeBSD as the host, make sure you're passing in the -w option to ignore unimplemented MSRs.
I use churchers/vm-bhyve to manage vm's. Looking at the sources, there is a config parameter called 'ignore_bad_msr' witch translates on that -w parameter. After adjust the config, log reports: [bhyve options: -c 4 -m 2G -AHPw .... it was '-AHP' before, without that 'w' you suggested .
Now it works here flawlessly. Thanks a lot!.
-
I can also confirm '-w' works for opnsense 19.1.x and vanilla HBSD 11.
HBSD 12 does not need it, so I asume once opnsense is based on that we can drop it again.