Changing the Boot Order using efibootmgr (AMI Only)¶
The boot order can be changed by the efibootmgr utility on pfSense® Plus
software on Netgate 4200 devices using AMI firmware.
The efibootmgr utility can alter the EFI boot order while pfSense® Plus
software is running. This allows administrators to make changes to the boot
order remotely without causing any downtime. Making the changes is more
complicated than using the firmware setup method, however.
View Current Settings¶
The first step is to view the current boot settings by entering the
efibootmgr command at a console or SSH shell prompt:
# efibootmgr
Boot to FW : false
BootCurrent: 0014
Timeout : 3 seconds
BootOrder : 0009, 0000, 000C, 000D, 000E, 000F, 0010, 0011, 0012, 0013, 0014, 000A
Boot0009* Fedora
Boot0000* Fedora
Boot000C* UEFI: PXE IPv4 Intel(R) Ethernet Controller I226-V
Boot000D* UEFI: PXE IPv6 Intel(R) Ethernet Controller I226-V
Boot000E* UEFI: PXE IPv4 Intel(R) Ethernet Controller I226-V
Boot000F* UEFI: PXE IPv6 Intel(R) Ethernet Controller I226-V
Boot0010* UEFI: PXE IPv4 Intel(R) Ethernet Controller I226-V
Boot0011* UEFI: PXE IPv6 Intel(R) Ethernet Controller I226-V
Boot0012* UEFI: PXE IPv4 Intel(R) Ethernet Controller I226-V
Boot0013* UEFI: PXE IPv6 Intel(R) Ethernet Controller I226-V
+Boot0014* UEFI: Generic Ultra HS-COMBO, Partition 1
Boot000A* UEFI: Built-in EFI Shell
Note
The example output above is from a factory default setup, which will be similar to most devices in the field unless they have been reinstalled.
The output includes several items, including a list of the current boot device and boot order.
Locate pfSense® Plus Software Entry¶
The next task is to locate the entry which corresponds to pfSense® Plus
software. This entry may be labeled pfSense+, FreeBSD, or share the name
of the disk, such as Ultra HS-COMBO. The ID of this entry should also match
the ID listed in BootCurrent in the output of efibootmgr.
For example, in the previous example output, the current boot device is:
BootCurrent: 0014
This id, 0014, corresponds with the following entry in the list:
+Boot0014* UEFI: Generic Ultra HS-COMBO, Partition 1
Note
This entry is marked with a + starting the line indicating it is the
current boot entry as well. The * after the ID indicates the entry is
active. The Boot part of the ID should be skipped/omitted as entries are
only referenced by the hexadecimal digits portion of the ID. Leading zeroes
may also be omitted.
In this case, the 0014 entry is the proper target and the one which should
be given priority. Keep a note of this ID as it will be required in the
following sections.
Make pfSense® Plus software boot first¶
To give pfSense® Plus software top priority when booting, use the -o
parameter to efibootmgr to set a new boot order. IDs not listed in the
-o parameter will be deactivated.
Only Boot pfSense® Plus Software¶
For example, to boot only from pfSense® Plus software and ignore all others, use:
# efibootmgr -o 0014
Note
AMI firmware may automatically reactivate PXE entries in this list during boot, but they will be placed at the end, so they will not interfere.
Note
The output of efibootmgr may not show deactivated entries, to view all
entries in the table, use efibootmgr -v.
Give pfSense® Plus Software Priority¶
Alternately, to keep the other entries but move pfSense® Plus software to the top, first look at the current Boot Order:
BootOrder : 0009, 0000, 000C, 000D, 000E, 000F, 0010, 0011, 0012, 0013, 0014, 000A
Take the current list, move the pfSense® Plus software entry ID to the start, and surround the list with quotes:
# efibootmgr -o "0014, 0009, 0000, 000C, 000D, 000E, 000F, 0010, 0011, 0012, 0013, 000A"
Instead of quotes, the IDs can also be passed without spaces:
# efibootmgr -o 0014,0009,0000,000C,000D,000E,000F,0010,0011,0012,0013,000A
Also, leading zeroes can be omitted:
# efibootmgr -o 14,9,0,C,D,E,F,10,11,12,13,A
Removing Redundant/Unnecessary Entries¶
There may be entries in the efibootmgr list which are redundant or
unnecessary.
Warning
While it is possible to delete entries, there is some risk involved, so omitting the unused entries from the boot order is sufficient as the unreferenced entries are harmless.
In the example output there are two entries for operating systems which are no longer present on the disk:
Boot0009* Fedora
Boot0000* Fedora
To delete these entries, for example, use efibootmgr -B -b <id>:
# efibootmgr -B -b 0009
# efibootmgr -B -b 0000
Note
If the default entries are removed (e.g. PXE or USB media), the AMI firmware will add them back automatically to the end of the list, so removing them is unnecessary.
Finish Up¶
The changes take effect immediately so the only remaining step is to reboot the device and confirm it uses the expected boot order.