Messages

For shits and giggles I created a Hyper-V gen1 VM, installed 19.1 and updated to the latest-as-of-yet 19.1.2, ran fine under gen1. Mounted the disk under a Gen2, and *poof*, still crash. So no, 19.1.2 didn't fix it, although we would have already known that.

While I totally understand the limited resources of the team (all respect for them!), it's getting hard for us to rely on this given that 18.x is now EOL (ie not secure in my book) but 19.x doesn't run at all.

Microsoft's documentation shows that FreeBSD isn't supported in gen2: https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v#BKMK_FreeBSD

However, the documentation linked to above shows the 10.x line, not the 11.2 version that OPNsense is on.

There's also this document: https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v#use-uefi-firmware

I've started work on debugging Hyper-V regressions. My employer lent me some hardware to test on. I've got it for a period of one to three weeks. I hope to report back soon with results.

My employer has lent me some hardware in which I can install Windows Server on to test Hyper-V. I'll report back when I've tested and know more.

To get around this, I installed 18.7, then followed the upgrade procedure to get me to 19.1.2.

I'm getting the attached error when attempting to install OPNsense 19.1 on an APU3 running BIOS firmware v4.9.0.2.

If the price is right, I will be looking to acquire a budget-friendly system on which to run Hyper-V. HardenedBSD's budget for this kind of thing would be $500 USD.

Just a quick reminder that HardenedBSD accepts donations, both monetary and hardware. We appreciate all contributions of any kind.

If the price is right, I will be looking to acquire a budget-friendly system on which to run Hyper-V. HardenedBSD's budget for this kind of thing would be $500 USD.

Just a quick reminder that HardenedBSD accepts donations, both monetary and hardware. We appreciate all contributions of any kind.

You'll need to have FreeNAS pass the -w option to bhyve. I don't run FreeNAS, so you'll need to consult FreeNAS's documentation to see how to do that (I don't know if they even have that documented).

I could offer a dedicated server to build weekly ISOs to reach a broader base of testers

Now that would be awesome!

In early March, Franco and I plan to start work on incorporating HardenedBSD 12, with the goal of releasing OPNsense 20.1 based on HardenedBSD 12.

@TheGrandWazoo

I think it is UEFI specific also. Which would make sense considering the broad spectrum of hardware and virtual platforms being impacted.

Looking at the contents of the ISO and comparing between 18.7 and 19.1. The files supporting EFI boot have been updated. Being /BOOT/BOOT1.EFI and /BOOT/LOADER.EFI

https://wiki.freebsd.org/UEFI
https://www.freebsdfoundation.org/freebsd-uefi-secure-boot/     Bit easier to understand but is looking at Secure Boot


Looks to be a FreeBSD or HardenedBSD issue?

Edit:  Tried a Hyper-V install using HardenedBSD-11-STABLE-v1100056.13-amd64-bootonly
Kernel Panic at the same point. Similar output, non responsive.

FYI: I'll be looking at the Hyper-V boot issue soon. I'm teaming up with a member of the HardenedBSD Foundation who relies on Hyper-V in parts of his infrastructure. As soon as our schedules match up, we'll be working this out together. :)

I'll report back as soon as I have more information. Thanks for your continued patience and support!

Hi all,
my name is Piotr Król and I'm the founder of 3mdeb Embedded Systems Consulting company. As stated here 3mdeb maintains PC Engines Open Source Firmware on behalf of PC Engines. Please note we are a licensed provider of coreboot consulting services. If you are doing some high-end security stuff with hardware please let us know - we are very interested in TPM, secure/verified boot, Xen, virtualization, SRTM/DRTM, and other things. We sometimes write about that on our blog .

We are working on our mission of Open Source Firmware for a network appliance. Soon you should hear about another known brand of a network appliance to switch to Open Source Firmware. Stay tuned.

I would like to thank tillsense, miroco and others for keeping this thread and exchanging valuable information related to PC Engines hardware and firmware.

Our goal is to provide open and healthy discussion about firmware quality, priorities and what can be improved. It would be great to get feedback from OPNsense community and understand your needs. We will be glad to address problems if there would be enough resources. We are committed to long term support and monthly releases.

P.S. Please note that there is some report about v4.9.0.2 instability here. This is because we enabled CPU Performance Boost, which in some workloads may give 20% boost - problem is that we can't validate all possible configuration so there may be some problems in the field. If some can afford to test we would appreciate your feedback.

Very rarely do I see such quality transparent collaboration and communication. I don't really have anything technical to add, but I'd like to say thank you, Piotr, for supporting PC Engines. I absolutely love these little APU devices. Firmware work tends to be underappreciated, but it's hard work and I would like to thank you for your efforts.

Putting my HardenedBSD and OPNsense hats on: if there's anything HardenedBSD and/or OPNsense can do to support PC Engines and 3mdeb, please let me know.

I thought the bhyve UEFI boot issue was worked around by passing the -w flag to bhyve. Are there other issues related to booting OPNsense 19.1 in bhyve?

One thing I did notice was that suricata seems to go crazy when in IPS mode and configured to monitor gif interfaces. Brings the entire network stack down. I'm gonna guess that netmap doesn't work with tunneling interfaces (at least, not yet?) Thank goodness for the serial console port on the APU devices. :)

Deployed successfully on another APU4c4 in a lab environment with tunneled IPv6. Working great!

PAE isn't really functional except on FreeBSD HEAD (13-CURRENT) where it recently received some much-needed love.