Changing the Boot Order¶
The Netgate 4200 ships with a factory default boot order which may not be optimal for all users. This document describes methods for changing the boot order on the 4200 which can reduce the boot time.
There are two primary methods for changing the boot order: By changing settings
in the BIOS, and by using the efibootmgr utility on pfSense® software.
Users tend to find making changes in the BIOS easier to follow, but doing so
requires local console access and downtime while making changes. Changes made
through the efibootmgr utility can be performed remotely while the device is
running and take effect immediately, allowing the next boot to use the new
settings.
BIOS Boot Order¶
Changing the boot order in the BIOS is relatively straightforward but requires rebooting the device and accessing the BIOS configuration. The device will be offline during this time, so these actions must be performed from a local serial console either directly connected to a client system or by other means of out-of-band access.
To alter the BIOS Boot Order in this way, take the steps in the following sections.
Access the BIOS Boot Settings¶
The first task is to access the BIOS configuration as follows:
Reboot the device.
During the boot sequence, press either the
DelorEsckey when prompted to enter the BIOS.
The Netgate 4200 BIOS Prompt¶
Navigate to the Boot tab.
The Netgate 4200 BIOS Boot Option Priorities¶
From here, make any desired changes in the Boot Option Priorities section, such as those in the following sections.
Make pfSense software boot first¶
To give pfSense software top priority when booting, make the following changes:
Highlight Boot Option #1 with the up/down arrow keys.
Press the
Enterkey to open the device choice menu.
The Netgate 4200 BIOS Boot Device Selection¶
Select the entry which corresponds to pfSense software using the up/down arrow keys.
This entry may be labeled pfSense+, FreeBSD, or share the name of the disk, such as Ultra HS-COMBO.
Press the
Enterkey to select the device.
Disable Redundant/Unnecessary Entries¶
To disable unnecessary entries, such as for PXE or for operating system entries which are no longer present or needed, take the following steps:
Highlight the first unnecessary boot option in the list with the up/down arrow keys, for example a PXE boot option.
Press the
Enterkey to open the device choice menu.Select the
Disabledoption using the up/down arrow keys.
The Netgate 4200 BIOS Boot Device Disabled¶
Press the
Enterkey to select the option.Repeat these steps for all other PXE entries.
Note
As each option is disabled, the remaining options move up in the list, so it may appear as though the change is not having any effect until several of the ports are disabled.
The Netgate 4200 BIOS Boot Options with PXE Entries Disabled¶
Save and Exit the BIOS Configuration¶
Press the F4 key to save and exit or navigate to Save & Exit and
choose Save Changes and Exit.
After the system boots, reboot it again to confirm the boot order is correct.
Temporary Boot Order Override¶
It is possible to temporarily override the BIOS boot order for a single boot, for example to boot from a USB drive when installing or reinstalling pfSense software:
Reboot the device.
During the boot sequence, press either the
DelorEsckey when prompted to enter the BIOS.Navigate to the Save & Exit tab.
Use the arrow keys to highlight an option in the Boot Override section.
Press the
Enterkey to boot from the selected device.
The Netgate 4200 BIOS Boot Override Selection¶
Using efibootmgr¶
The efibootmgr utility can alter the EFI boot order while pfSense software
is running. This allows administrators to make changes to the boot order
remotely without causing any downtime. Making the changes is more complicated
than using the BIOS method, however.
The first step is to view the current boot settings by entering the
efibootmgr command at a console or SSH shell prompt:
# efibootmgr
Boot to FW : false
BootCurrent: 0014
Timeout : 3 seconds
BootOrder : 0009, 0000, 000C, 000D, 000E, 000F, 0010, 0011, 0012, 0013, 0014, 000A
Boot0009* Fedora
Boot0000* Fedora
Boot000C* UEFI: PXE IPv4 Intel(R) Ethernet Controller I226-V
Boot000D* UEFI: PXE IPv6 Intel(R) Ethernet Controller I226-V
Boot000E* UEFI: PXE IPv4 Intel(R) Ethernet Controller I226-V
Boot000F* UEFI: PXE IPv6 Intel(R) Ethernet Controller I226-V
Boot0010* UEFI: PXE IPv4 Intel(R) Ethernet Controller I226-V
Boot0011* UEFI: PXE IPv6 Intel(R) Ethernet Controller I226-V
Boot0012* UEFI: PXE IPv4 Intel(R) Ethernet Controller I226-V
Boot0013* UEFI: PXE IPv6 Intel(R) Ethernet Controller I226-V
+Boot0014* UEFI: Generic Ultra HS-COMBO, Partition 1
Boot000A* UEFI: Built-in EFI Shell
Note
The example output above is from a factory default setup, which will be similar to most devices in the field unless they have been reinstalled.
The output includes several items, including a list of the current boot device and boot order.
Locate pfSense Software Entry¶
The first task is to locate the entry which corresponds to pfSense software.
This entry may be labeled pfSense+, FreeBSD, or share the name of the
disk, such as Ultra HS-COMBO. The ID of this entry should also match the ID
listed in BootCurrent in the output of efibootmgr.
For example, in the previous example output, the current boot device is:
BootCurrent: 0014
This id, 0014, corresponds with the following entry in the list:
+Boot0014* UEFI: Generic Ultra HS-COMBO, Partition 1
Note
This entry is marked with a + starting the line indicating it is the
current boot entry as well. The * after the ID indicates the entry is
active. The Boot part of the ID should be skipped/omitted as entries are
only referenced by the hexadecimal digits portion of the ID. Leading zeroes
may also be omitted.
In this case, the 0014 entry is the proper target and the one which should
be given priority. Keep a note of this ID as it will be required in the
following sections.
Make pfSense software boot first¶
To give pfSense software top priority when booting, use the -o parameter to
efibootmgr to set a new boot order. IDs not listed in the -o parameter
will be deactivated.
Only Boot pfSense Software¶
For example, to boot only from pfSense software and ignore all others, use:
# efibootmgr -o 0014
Note
The BIOS may automatically reactivate PXE entries in this list during boot, but they will be placed at the end, so they will not interfere.
Note
The output of efibootmgr may not show deactivated entries, to view all
entries in the table, use efibootmgr -v.
Give pfSense Software Priority¶
Alternately, to keep the other entries but move pfSense software to the top, first look at the current Boot Order:
BootOrder : 0009, 0000, 000C, 000D, 000E, 000F, 0010, 0011, 0012, 0013, 0014, 000A
Take the current list, move the pfSense software entry ID to the start, and surround the list with quotes:
# efibootmgr -o "0014, 0009, 0000, 000C, 000D, 000E, 000F, 0010, 0011, 0012, 0013, 000A"
Instead of quotes, the IDs can also be passed without spaces:
# efibootmgr -o 0014,0009,0000,000C,000D,000E,000F,0010,0011,0012,0013,000A
Also, leading zeroes can be omitted:
# efibootmgr -o 14,9,0,C,D,E,F,10,11,12,13,A
Removing Redundant/Unnecessary Entries¶
There may be entries in the efibootmgr list which are redundant or
unnecessary.
Warning
While it is possible to delete entries, there is some risk involved, so omitting the unused entries from the boot order is sufficient as the unreferenced entries are harmless.
In the example output there are two entries for operating systems which are no longer present on the disk:
Boot0009* Fedora
Boot0000* Fedora
To delete these entries, for example, use efibootmgr -B -b <id>:
# efibootmgr -B -b 0009
# efibootmgr -B -b 0000
Note
If the default entries are removed (e.g. PXE or USB media), the BIOS will add them back automatically to the end of the list, so removing them is unnecessary.
Finish Up¶
The changes take effect immediately so the only remaining step is to reboot the device and confirm it uses the expected boot order.