Jump to content
beaverly72

pfSense VM fails to boot after upgrade to 6.8.0-rc8

33 posts in this topic Last Reply

Recommended Posts

On 12/13/2019 at 3:32 PM, joelones said:

@bastl

So I updated to 6.8 stable and decided to try this workaround. I did try the Skylake emulation for my AMD FX8320 and it didn't quite seem to like it very much and gave an unsupported CPU error when I tried to start the VM. I guess my CPU is either too old or lacks the instructions to emulate Skylake properly. Maybe I need to model an older Intel CPU, like Sandybridge or something?? I know my model is a Opteron_G5.

 

I had no choice but to opt for Emulated QEMU64 mode, hopefully the lack of AES-NI won't impact overall CPU performance with respect to VPN usage.

 

EDIT: I seem to have gotten pfSense to boot with AES-NI on my AMD wit this:

 


<cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Opteron_G5</model>
    <vendor>AMD</vendor>
    <feature policy='require' name='vme'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='tsc-deadline'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='arat'/>
    <feature policy='require' name='tsc_adjust'/>
    <feature policy='require' name='bmi1'/>
    <feature policy='require' name='mmxext'/>
    <feature policy='require' name='fxsr_opt'/>
    <feature policy='require' name='cmp_legacy'/>
    <feature policy='require' name='cr8legacy'/>
    <feature policy='require' name='osvw'/>
    <feature policy='disable' name='rdtscp'/>
    <feature policy='disable' name='svm'/>
  </cpu>

 

I'm about to try going from rc7 to 6.8 - rc8 failed for me, but I didn't know why until now.  I currently have:

 

  <cpu mode='host-passthrough' check='none'>
    <topology sockets='1' cores='6' threads='1'/>
    <feature policy='require' name='topoext'/>
  </cpu>

will this work for my threadripper and maintain AES-NI support?  Thanks

 

<cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Opteron_G5</model>
    <vendor>AMD</vendor>
    <topology sockets='1' cores='6' threads='1'/>
	<feature policy='require' name='vme'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='tsc-deadline'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='arat'/>
    <feature policy='require' name='tsc_adjust'/>
    <feature policy='require' name='bmi1'/>
    <feature policy='require' name='mmxext'/>
    <feature policy='require' name='fxsr_opt'/>
    <feature policy='require' name='cmp_legacy'/>
    <feature policy='require' name='cr8legacy'/>
    <feature policy='require' name='osvw'/>
    <feature policy='disable' name='rdtscp'/>
    <feature policy='disable' name='svm'/>
  </cpu>

This is all way beyond my VM level so it's a blind cut & paste job for me.

Share this post


Link to post
1 hour ago, DZMM said:

I'm about to try going from rc7 to 6.8 - rc8 failed for me, but I didn't know why until now.  I currently have:

This is all way beyond my VM level so it's a blind cut & paste job for me.

You should go back to page 1 and look for bastl's post with the Skylake emulation and use that.

 

The reason it didn't work for the previous poster was because his CPU is FX 8320 which came out before Skylake (so it can't emulate Skylake hence unsupported CPU). Threadripper works fine with Skylake emulation.

 

Generally, as long as your host CPU has AES NI + your emulating CPU also has AES NI + you don't disable it then it should have it.

 

 

 

Share this post


Link to post
On 12/12/2019 at 5:45 AM, bastl said:

I found a workaround for this!

 

The culprit is the cpu-mode "host-passthrough". If I switch to "Emulated QEMU64" the VM boots up again. Switching it in the gui should work if you havn't setup any special CPU flags. Another way is to edit the xml like the following:

 

change


  <cpu mode='host-passthrough' check='none'>
    <topology sockets='1' cores='2' threads='1'/>
  </cpu>

to


  <cpu>
    <topology sockets='1' cores='2' threads='1'/>
  </cpu>

also forces the CPU into emulated QEMU64 mode.

 

Another option is to emulate a Intel Skylake CPU for example with the following:


  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Skylake-Client</model>
    <topology sockets='1' cores='2' threads='1'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='disable' name='pcid'/>
    <feature policy='disable' name='hle'/>
    <feature policy='disable' name='erms'/>
    <feature policy='disable' name='invpcid'/>
    <feature policy='disable' name='rtm'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='disable' name='spec-ctrl'/>
  </cpu>

 

Edit:

"AES-NI CPU Crypto" isn't supported on "Emulated QEMU64" mode. For future Pfsense versions this is a requirement if I remember correctly.

I also had this problem when upgrading to 6.8 and used your emulate a Intel Skylake CPU on my Threadripper as a workaround for now until this issue gets resolved. Thank You

Share this post


Link to post

Greetings everybody, so I have the same issue as others here, so I stayed with 6.7.2 hoping that maybe 6.8.1 would solve this

unfortunatly not, so besides the workaround (that may induce a loss in performance), will this be fixed ? or we shall wait for unraid 6.9?

thank you

regards

Share this post


Link to post

As of 6.8.2 this is still an issue, although I can confirm using the emulated CPU still works

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.