OPNsense aarch64 firmware repository

[Maurice]

OPNsense 24.7.9 aarch64 packages and sets released. Includes hotfix 24.7.9_1.

[Maurice]

OPNsense 24.7.10 aarch64 packages and sets released. Includes hotfix 24.7.10_2 (kernel, core and plugins).

@franco May I ask why the hotfixed kernel isn't named 24.7.10_2? I renamed it using
make rename-kernel VERSION=24.7.10
to emulate your release, but was wondering why that decision was made.

[franco]

We don't have revisions support for kernels. It is supposed to be a rare occurrence. :)


Cheers,
Franco

[Maurice]

Hm, the kernel I built was named kernel-24.7.10_2-aarch64, I had to explicitly rename it to 24.7.10.
But I guess what you're saying is that opnsense-update wouldn't know what to do with kernel-24.7.10_2?

Cheers
Maurice

[franco]

Correct, it's intentional that opnsense-update will not take revisions to the kernel so opnsense-update can be corrected but keeps fixed on the same kernel. It was an early design choice that hopefully does not need revisiting.

You can still grab these kernels with opnsense-update manually (-r) though.


Cheers,
Franco

[Maurice]

OPNsense 24.7.11 aarch64 packages and sets released. Includes hotfix 24.7.11_2.

[oneplane]

A big thank you to keeping this going! I'm mostly using this in local virtual machines on macOS where the aarch64 images work really well.
I used to have my local CI build ARM images but I got lazy and didn't really keep up with the updates and never setup a repo to do in-place upgrades with... but your solution has been a blast!

Some details: this works with native hardware accelerated virtualisation as well as QEMU; but on recent macOS releases you either have to do local user networking (slow, emulated, think: SLIRP) or vmnet which is what Apple supplies. Downside is that it only wants to do NAT, Host-only (PTP) or Bridged networking, and you cannot create something like a Open vSwitch yourself, there is no more TUN/TAP and even VDE doesn't really work anymore. But! You can create a Bond interface with 0 members, which even when down will pass L2 frames like a champ (even VLANs), and it works with vmnet natively as well. End result: accelerated machines and networking for your local networking needs.

[Maurice]

OPNsense 24.7.12 aarch64 packages and sets released.

[Update 2025-01-23]
Hotfix 24.7.12_2 released.

[Update 2025-01-29]
Hotfix 24.7.12_4 released.

In other news, GitHub Sponsors is now available as an option to support these efforts. I intend to keep the server public and frequently updated for the foreseeable future. Your contribution helps to maintain these efforts.

[Maurice]

OPNsense 25.1.r1 aarch64 packages and sets released.

This is mostly a test for my new FreeBSD 14.2 build system. There is no supported upgrade path from 24.7 yet. But if you are in the mood for experiments, you could upgrade manually. Be aware that your config may not be migrated properly, so don't use on production systems:

Code Select Expand

fetch -o /usr/local/etc/pkg/fingerprints/OPNsense/trusted https://opnsense-update.walker.earth/FreeBSD:14:aarch64/25.1/opnsense-update.walker.earth.20241220
opnsense-update -u -A 25.1 -r 25.1.r1

You're also welcome to test one of the 25.1.r1 VM images from my GitHub.

My 25.1-aarch64 builds use a new signing key. The fingerprint will be included in the next 24.7.x update / hotfix. The new public key is:

Code Select Expand

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvjmZd/4LGgOwvsOW35iH
novsNd+39Y1dWFhLFnYDLQ7Jp+xYeYmFwhLSxxR6mJcHCRQpzL1vX1aCB+6OZNgd
2wfQW44CEW//9hhoAJK/6QUwLmpB7OfFMy8/dnVacAdzLhmdqBjowBMoiRxQ8L7Q
tPGiztsBOK6UsytMquVKmAloo7NxNVK3pDcJpjoN48mS/78NmcW/xoFsP6j55n77
WOpkm2ExklTrpENymFocD/RzKApmTyZMkoeeH3PfdPEj8rd8ZGgposGra1Da0wUb
6moiP1yqnuyS9Wdt91IQ01cWW+DRi/OIZhSJxPrsNvMQQrcS46LviCIJ5nbjPRVq
QAnMXONUbTSR5x4BdUUELTWOCDNonIe3vglpfOB6QYnAZMCi+StY+NVv4hjp92UT
hLCy3hB846ubriIq4LLBVrmMufFuR/1cIPcd2zwyAbjOOsjGSKlL6szjsodBkFnp
Ha+BYY1JtBVe6tCkTF5RRpktK16fml8nYe8fxELDsq3ffayQDi6Uo49gNwGddDC2
VeLskIgweTecMFbwT1Nw2DNNi45RT9w/X5Li+kqgPfUbPWBrQNroH1HfDAmS8/RX
fg70S7WW1czb29tPXk9OR0gaA4hPc3iAlexB5AN+dJ/VsJwzhcVxC7dcSbA069bd
g1TGwGknb36h4NhTiiI0+XkCAwEAAQ==
-----END PUBLIC KEY-----


[Maurice]

OPNsense 25.1.r2 aarch64 packages and sets released.

[Maurice]

OPNsense 25.1 aarch64 packages and sets released.

The upgrade path from 24.7.x is the same as on amd64 - update to OPNsense 24.7.12_4 (also released today) to unlock the upgrade.

[Maurice]

OPNsense 25.1.1 aarch64 packages and sets released.

[Nordom]

OPNsense 24.1 aarch64 ....  is working well on Orange Pi 5 Plus.

Would you mind sharing your build or the steps you took? I'm trying to get it working on my OPI5+ as well. Thank you.

The first step is to change the firmware of the OPI5+ to use EDK2 firmware.
https://github.com/edk2-porting/edk2-rk3588
If you do that then you can use the OPNsense images.

I have an OPI5+. I burned the EDK2 image to my sdcard and it boots. How do I get an aarch64 image? Do I need to manually build one? Can I use a VM aarch64 from https://github.com/maurice-w/opnsense-vm-images?

On the OP first post, there are steps on how you can update your existing aarch64 Opnsense.
There is also a step to build it. I followed those steps. I created a FreeBSD 14.2 VM. I followed the steps on https://github.com/opnsense/tools, but when I ran the command

Code Select Expand

make prefetch-base,kernel,packages MIRRORS=https://opnsense-update.walker.earth nothing happened.

I cannot seem to find a prebuilt ISO anywhere for aarch64 so I cannot run OPs update steps to get the latest version. There is one here: https://personalbsd.org/?p=1561 But it doesn't actually work. It kernel panics. I suspect it does something with EDK2, but it is beyond me.

I am sorry for being a newb, but I really cannot figure this out and would love some help! Can someone point me where I can get an OpnSense aarch64 image?

[Maurice]

A VM image should work, but you'll have to convert it to raw. And don't write the entire image to the SD card - this would overwrite the EDK2 firmware. Instead, copy the individual partitions from the VM image to the SD card.

If you want to build your own image, there are step-by-step instructions on my GitHub.

Cheers
Maurice

[Nordom]

A VM image should work, but you'll have to convert it to raw. And don't write the entire image to the SD card - this would overwrite the EDK2 firmware. Instead, copy the individual partitions from the VM image to the SD card.

Maurice,

• When I wrote the EDK2 image to my SD card it created a 8MB UBoot partition, leaving the rest of my 32GB card unassigned.
• I DLed VM image https://github.com/maurice-w/opnsense-vm-images/releases/download/25.1/OPNsense-25.1-ufs-efi-vm-aarch64.qcow2.bz2
• Ran
  Code Select Expand
  qemu-image resize OPNsense-25.1-ufs-efi-vm-aarch64.qcow2.bz2 20G
• Ran
  Code Select Expand
  qemu-image convert OPNsense-25.1-ufs-efi-vm-aarch64.qcow2.bz2 OPNsense-25.1-raw.raw
• To test this I used QEMU's Virtual Machine Manager to boot from the raw using aarch64 architecture and selecting FreeBSD 14.2 as the OS. It booted, but went to shell, so maybe I didn't do something right
• created a / partition using ext4 on the SD card using the remainder of the space on the SD card
• Copied the raw file to the new / partition
• Booted opi5+ and nothing loaded besides the EDK2 menu system

I couldn't get EDK2 to see the image or recognize the / partition I created, or maybe it did, but my image wasn't formatted right. In any case  my opi5+ did boot. I could access the EDK2 menus, but if I tried continue past boot manager nothing would happen. I know the EDK2 part goes beyond your personal experience, but did I correctly setup the RAW or did I miss a step?