1
19.7 Development Series / Re: Move to FreeBSD 12?
« on: February 17, 2019, 08:35:17 pm »I could offer a dedicated server to build weekly ISOs to reach a broader base of testers
Now that would be awesome!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Now that would be awesome!
2
19.7 Development Series / Re: Move to FreeBSD 12?
« on: February 17, 2019, 08:05:42 pm »
In early March, Franco and I plan to start work on incorporating HardenedBSD 12, with the goal of releasing OPNsense 20.1 based on HardenedBSD 12.
3
19.1 Production Series / Re: Kernel panic after upgrade
« on: February 15, 2019, 01:59:59 am »@TheGrandWazoo
I think it is UEFI specific also. Which would make sense considering the broad spectrum of hardware and virtual platforms being impacted.
Looking at the contents of the ISO and comparing between 18.7 and 19.1. The files supporting EFI boot have been updated. Being /BOOT/BOOT1.EFI and /BOOT/LOADER.EFI
https://wiki.freebsd.org/UEFI
https://www.freebsdfoundation.org/freebsd-uefi-secure-boot/ Bit easier to understand but is looking at Secure Boot
Looks to be a FreeBSD or HardenedBSD issue?
Edit: Tried a Hyper-V install using HardenedBSD-11-STABLE-v1100056.13-amd64-bootonly
Kernel Panic at the same point. Similar output, non responsive.
FYI: I'll be looking at the Hyper-V boot issue soon. I'm teaming up with a member of the HardenedBSD Foundation who relies on Hyper-V in parts of his infrastructure. As soon as our schedules match up, we'll be working this out together.
I'll report back as soon as I have more information. Thanks for your continued patience and support!
4
Hardware and Performance / Re: PCENGINES APU[1-5] Bios
« on: February 14, 2019, 07:48:52 pm »Hi all,
my name is Piotr Król and I'm the founder of 3mdeb Embedded Systems Consulting company. As stated here 3mdeb maintains PC Engines Open Source Firmware on behalf of PC Engines. Please note we are a licensed provider of coreboot consulting services. If you are doing some high-end security stuff with hardware please let us know - we are very interested in TPM, secure/verified boot, Xen, virtualization, SRTM/DRTM, and other things. We sometimes write about that on our blog .
We are working on our mission of Open Source Firmware for a network appliance. Soon you should hear about another known brand of a network appliance to switch to Open Source Firmware. Stay tuned.
I would like to thank tillsense, miroco and others for keeping this thread and exchanging valuable information related to PC Engines hardware and firmware.
Our goal is to provide open and healthy discussion about firmware quality, priorities and what can be improved. It would be great to get feedback from OPNsense community and understand your needs. We will be glad to address problems if there would be enough resources. We are committed to long term support and monthly releases.
P.S. Please note that there is some report about v4.9.0.2 instability here. This is because we enabled CPU Performance Boost, which in some workloads may give 20% boost - problem is that we can't validate all possible configuration so there may be some problems in the field. If some can afford to test we would appreciate your feedback.
Very rarely do I see such quality transparent collaboration and communication. I don't really have anything technical to add, but I'd like to say thank you, Piotr, for supporting PC Engines. I absolutely love these little APU devices. Firmware work tends to be underappreciated, but it's hard work and I would like to thank you for your efforts.
Putting my HardenedBSD and OPNsense hats on: if there's anything HardenedBSD and/or OPNsense can do to support PC Engines and 3mdeb, please let me know.
5
19.1 Production Series / Re: Kernel panic after upgrade
« on: February 13, 2019, 08:46:32 pm »
I thought the bhyve UEFI boot issue was worked around by passing the -w flag to bhyve. Are there other issues related to booting OPNsense 19.1 in bhyve?
6
19.1 Production Series / Re: Call for testing: New netmap enabled kernel
« on: February 12, 2019, 07:51:30 pm »
One thing I did notice was that suricata seems to go crazy when in IPS mode and configured to monitor gif interfaces. Brings the entire network stack down. I'm gonna guess that netmap doesn't work with tunneling interfaces (at least, not yet?) Thank goodness for the serial console port on the APU devices.
7
19.1 Production Series / Re: Call for testing: New netmap enabled kernel
« on: February 12, 2019, 02:52:56 pm »
Deployed successfully on another APU4c4 in a lab environment with tunneled IPv6. Working great!
8
18.7 Legacy Series / Re: enable PAE
« on: February 12, 2019, 01:36:13 pm »
PAE isn't really functional except on FreeBSD HEAD (13-CURRENT) where it recently received some much-needed love.
9
Intrusion Detection and Prevention / Re: ET Pro Telemetry Edition token
« on: February 12, 2019, 01:34:31 pm »
Never mind. I just had to be a little more patient. Sorry for the noise!
10
Intrusion Detection and Prevention / [SOLVED] ET Pro Telemetry Edition token
« on: February 11, 2019, 07:16:51 pm »
Hey all,
How soon after hitting the "go" button to "order" the free ET Pro Telemetry Edition ruleset should I get the email with the token?
How soon after hitting the "go" button to "order" the free ET Pro Telemetry Edition ruleset should I get the email with the token?
11
19.1 Production Series / Re: Call for testing: New netmap enabled kernel
« on: February 11, 2019, 07:14:36 pm »
Installation of the test world+kernel sets on the APU4c4 securing HardenedBSD's build network and infrastructure succeeded without issue. I've got Suricata running in IPS mode and only inspecting traffic on the LAN interface. Seems to be working fine for me for now. I'll be placing the firewall under load over the next few days and will report back.
12
19.1 Production Series / Re: cpdup failure in 19.1-rc1 installer
« on: February 11, 2019, 06:37:51 pm »
Yup. For those, like me, who had to act in "emergency mode", I wrote an article about how to solve this: https://github.com/lattera/articles/blob/master/hardware/apu/2019-02-05_flashing_bios/article.md
I ended up using legacy v4.0.23, but I could upgrade to 4.9.0.1, I guess.
I ended up using legacy v4.0.23, but I could upgrade to 4.9.0.1, I guess.
13
19.1 Production Series / Re: Kernel panic after upgrade
« on: February 11, 2019, 03:23:30 pm »
I have a spare R410 lying around. The RAM in it is dead. If you can hold out until I can buy new RAM (within a week or so), I'd be happy to test out on my (currently dead) R410.
14
19.1 Production Series / Re: Kernel panic after upgrade
« on: February 08, 2019, 07:41:51 pm »
You can also set them for only the current boot by escaping to the loader prompt in the bootloader. So when you see the OPNsense boot menu, hit select option 3, then type:
set vm.pmap.pti="0"
set hw.ibrs_disable="1"
boot
Doing this does disable Meltdown/Spectre mitigations. But only for that one boot just to see if that's the problem.
set vm.pmap.pti="0"
set hw.ibrs_disable="1"
boot
Doing this does disable Meltdown/Spectre mitigations. But only for that one boot just to see if that's the problem.
15
19.1 Production Series / Re: Kernel panic after upgrade
« on: February 07, 2019, 07:27:52 pm »
What happens when you set:
hw.ibrs_disable=1
vm.pmap.pti=0
hw.ibrs_disable=1
vm.pmap.pti=0