pfSense
Under construction
The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. ref.
pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. ref.
- pfSense 2.4 or higher
- An external storage device such as a USB stick (all models), mSATA or SATA drive (UP2 only)
- Use an mSATA or SATADOM module to load the OS
- Disable the eMMC controller in the BIOS for faster boots
See the Limitations section for more details.
pfSense 2.4 installs easily on the UP Squared.
Booting the pfSense 2.4 memory stick version from a USB drive the first time through will take a long time due to timeouts of the eMMC 5.0 controller in that FreeBSD does not recognize the SD card. It is therefore recommended to disable eMMC in the UP Squared BIOS to speed up the boot process.
Since FreeBSD 11 does not support the Intel Apollo Lake eMMC 5.0 controller, you will need an external drive to install pfSense 2.4. It is recommended to use an mSATA drive for the mPCIe slot, a SATA DOM or external SATA drive connected to the onboard SATA port or another USB stick that is different than the USB stick you are installing from.
Then you will be able to install pfSense normally following the prompts.
FreeBSD 11 has the proper drivers for Intel SpeedStep to reduce power usage.
# grep -i speedstep /var/run/dmesg.boot est0: on cpu0 est1: on cpu1 est2: on cpu2 est3: on cpu3
However, unlike Linux kernels, the FreeBSD kernel does not enable this feature with a default installation. You must explicitly enable it.
You can see the C1, C2 and C3 states below for the Intel N4200 Pentium cpu of the Apollo Lake chipset in the UP^2:
# sysctl dev.cpu | grep freq dev.cpu.0.freq_levels: 1101/0 1100/0 1000/0 900/0 800/0 dev.cpu.0.freq: 1100
FreeBSD 11 has an option called PowerD that can be used to downclock the Intel CPUs using Speedstep. See the powerd Man Page for more information.
The UP boards use Intel's System-on-a-Chip (SoC) to enable several devices made available by these platforms. In Linux and FreeBSD based operating systems, this means the kernel needs to have drivers written specifically for these devices. While Linux has had support for Intel's Apollo Lake and Cherry Trail chipsets for some time now, FreeBSD 11 has not yet fully implemented all the drivers required for these chipsets. Therefore, some limitations are expected on the UP hardware.
Please follow up with FreeBSD and pfSense on their progress of these chipsets and their bug lists.
Listed below are known limitations as tested by the UP team.
As of pfSense 2.4 RC, FreeBSD 11 does not have drivers for:
- No FreeBSD driver for Intel's Apollo Lake (UP2) or Cherry Trail (UP and UP Core) eMMC 5.0 Storage Devices
- No FreeBSD driver for UP Shop's mPCIe 3G Cellular Modem Device
- No FreeBSD driver for UP Shop's Intel M.2 2230 Wifi/Bluetooth Device
- No FreeBSD kernel modes for the GPIO pinouts
The FreeBSD 12 kernel does show some promise in the drivers for the UP Shop's mPCIe Cellular Modem and M.2 Intel Wifi/Bluetooth device drivers. However, at the time of this writing, it is untested as it is not part of pfSense 2.4.
Work has started on pfSense 2.5 that was recently announced in Q4 2017, and it will be based on FreeBSD 12.
As mentioned above, FreeBSD 11 has a bug in their eMMC 5.0 driver implementation. It does see the controllers:
sdhci_pci0: mem 0x91318000-0x91318fff,0x91317000-0x91317fff ire 39 at device 28.0 on pci0 sdhci_pci0: 1 slot(s) allocated mmc0: on sdhci_pci0 ... sdhci_pci1: mem 0x91316000-0x91316fff,0x91315000-0x91315fff irc 42 at device 30.0 on pci0 sdhci_pci0: 1 slot(s) allocated mmc1: on sdhci_pci1
But when it probes for the details, you may experience long timeouts and repeated messages like these:
sdhci_pci0-slot0: Controller timeout sdhci_pci0-slot0: Controller timeout sdhci_pci0-slot0: Controller timeout sdhci_pci0-slot0: Controller timeout mmc0: No compatible cards found on bus ... sdhci_pci1-slot0: Controller timeout sdhci_pci1-slot0: Controller timeout sdhci_pci1-slot0: Controller timeout sdhci_pci1-slot0: Controller timeout mmc0: No compatible cards found on bus
A bug has been logged with FreeBSD that remains open as of the time of this writing.
The resolution at this time is to disable the eMMC controller in the BIOS and to use either an mSATA or SATA device (UP^2) or a USB stick to load pfSense onto. It is also recommended to change the system tmp locations within pfSense to memory, to save the life of the USB stick.
