ProtectLI type mini PCs - info on BIOS change to fix boot failure

Daksol · September 1, 2022, 11:35am

FYI for those hosting pfSense on a particular type of miniature PC - a particular BIOS setting is required with certain versions of FreeBSD - without the setting the unit will not restart from a power off etc.

This applies to a number of units branded by “Protectli” - photo of typical unit below. But this problem occurred with my unbranded unit I got from AliExpress - there are a number of sellers. Tom did a review of the ProtectlI brand units back in 2016 on the Youtube - https://www.youtube.com/watch?v=FMNkJBtDWYE

Case size: NUC type, about 130mmx130mm
Processor: Atom 4 core inc AES-NI
NICs: four ports 
pfSense version: 2.6.0
storage: 32 GB NVME stick
cooling: passively cooled, no fans etc
Year: 2019

Problem: unit did not restart automatically after unit was powered on again after a wiring closet change

I pulled the unit out, connecting it to a monitor etc

saw that the unit was not restarting.
error message was related to lack of boot media

So I assumed that I had somehow damaged the NVME system drive - and commenced work to see if I could re-image.
It started in “Live-USB” mode from a POP-OS USB stick.

But it would not boot from a USB thumb drive flashed with the “memstick” pfSense v2.6.

Error message like:-
can’t find '/boot/entropy'
can’t find '/boot/hostid'

I searched for this and there is a post on the Netgate forums

which in turn points to the Proetectli support page
https://protectli.com/kb/how-to-install-pfsense-ce-2-4-on-the-vault-2/?intsrc=eu

The action to fix this is to make a change in the CPU Firmware

Firmware Section: Advanced → CSM Confuguration → Boot Options Filter
Value: set to “UEFI” only mode (and not 'UEFI and Legacy’, not ‘Legacy only’)

I had restarted this unit without problems a number of times during the original install and reconfigure. So this problem must be related to one of the recent pfSense updates which included a particular version of FreeBSD. So when it failed to restart I assumed the worst!

Lesson? - when a server is updated, confirm it will still happily restart automatically!

Edit: fixed small error in details of fix

Greg_E · September 1, 2022, 1:56pm

The CSM stuff has been a pain in my backside for years! It’s getting to the point where most things will UEFI boot so not as much of a problem, but every once in a while…

tbigs2011 · September 29, 2022, 4:57am

Thank you for this! I was just about to deploy two of the Protectli boxes and would have surely run into this issue.

Greg_E · September 29, 2022, 1:09pm

The Protectli boxes seem to work, there are a lot of people running pfsense on them.

tbigs2011 · October 9, 2022, 3:18am

I agree! My fault for not being clear. I just got done deploying two of them. I just made sure I updated the BIOS as pointed out in this post.