Upgrade from 25.7 to 26.1 results in a bootlock

[transmissionend]

Hello everyone,

I currently have a reproducible issue with OPNsense on a PC Engines APU2D4 and would appreciate any hints or similar experiences.

## Hardware / Setup

* PC Engines APU2D4
* Serial console only (no VGA)
* mSATA SSD
* FreeBSD base installation with GELI encryption
* Afterwards bootstrapped to OPNsense

## Initial Situation

The system previously worked fine with OPNsense 25.7.

The upgrade to 26.1 was performed from an existing FreeBSD installation using:


opnsense-update -ur 26.1
pkg upgrade

The upgrade process itself completes successfully without errors.

---

# Problem

After:

* successfully upgrading to 26.1 with 3 reboots
  or
* performing a completely fresh FreeBSD - OPNsense 26.1 (bootstrap) installation and restoring my old configuration

the system gets stuck during the boot process.

Without restoring the config on fresh FreeBSD - OPNsense 26.1 (bootstrap) installation, it boots normally.

But with restored config:

* GELI unlock works
* boot messages continue normally
* output then appears to stop at:


amdtemp0: found 4 cores and 1 sensors


---

# Important Findings:

After additional testing, the system also seems to not be completely frozen on newer versions.

If I:

* install a fresh FreeBSD + OPNsense 25.7
* then restore the same old config

the APU2 shows EXACTLY the same behavior at serial:

* console output appears to stop at `amdtemp0`

HOWEVER, with the older 25.7 version:

* network interfaces are initialized correctly
* the WebGUI is fully reachable
* routing/firewall functionality works normally

This strongly suggests that:

* the serial console and/or
* console login / getty / tty handling

stops working correctly after restoring the configuration.

---

# Additional Observations

* newly attached USB devices are still detected
* corresponding kernel messages continue to appear on the serial console
* the kernel/system itself therefore still appears to be running

On OPNsense 26.1 additionally (with also old config restore:

* no reachable interfaces/WebGUI
* possibly an additional issue related to config/plugins/interface mapping

---

# Additional Important Information:

During the original FreeBSD installation I enabled all optional security hardening settings offered by the installer, including:

* hide_uids
* hide_gids
* hide_jail
* procfs restrictions
* read_msgbuf
* random_pid
* additional sysctl/hardening options

(Possibly relevant regarding tty/getty/login/serial console behavior.)

---

# Current Suspicions

At the moment I suspect a combination of:

* serial console/getty issue
* old console/TTY settings in config.xml
* possible plugin incompatibility
* old interface/VLAN mapping
* FreeBSD 14 / OPNsense 26.1 interaction on APU2
* possible interaction with enabled FreeBSD hardening options

Currently the behavior looks more like:

* console/login broken plus some init issues or something else during startup
  rather than:
* a complete system freeze.

---

# Planned Analysis

Next I plan to:

* boot the system with the restored config until the apparent "hang"
* power it off
* boot the mSATA in another machine
* analyze logs and config.xml there
=> however, as a FreeBSD beginner, recovering/debugging FreeBSD bootloader issues is still somewhat tricky for me and can take some time

Relevant files are probably:

/var/log/system/latest.log
/var/log/boot/latest.log
/var/log/configd/latest.log
/conf/config.xml


---

# Questions

1. Has anyone experienced similar issues with

   * APU2
   * serial console
   * restored configs
   * OPNsense 26.1
   * FreeBSD 14?

2. Are there any known issues involving

   * old console/TTY settings
   * plugins
   * getty/serial login
   * restored config.xml on 26.1?

3. Could the enabled FreeBSD hardening options be relevant here?



Thanks in advance