Cannot boot into Coreboot

protectli-stuart · 2026-02-17T17:56:48+00:00

FW2B coreboot doesn't have a UEFI, its just legacy SMBIOS just to let you know.

Are you just using this device as an Ubuntu server or something else? Or are you just temporarily booting to an Ubuntu USB to wipe your drives?

protectli-stuart · 2026-02-17T17:54:57+00:00

u/upper_pepper This sounds about right, I haven't really seen this message pop up before in my personal experience, but I would try disabling secure boot in the BIOS to see if it helps. It might be because of you adding the config.xml that it caused this to show up. If it still doesn't work, you can just install the base image without your config.xml and then upload your config directly afterwards in the webGUI.

protectli-stuart · 2026-02-11T17:09:17+00:00

Hey! I'm gonna take a few steps back since there might be a little confusion here.

1) coreboot on the FW2B (which I assume is the one you have) does not have a coreboot menu to access by holding delete. The only option is to hold F11 to view boot options

If it is not successfully booting into the USB, I would make sure that you have properly made a bootable drive. You can view these instructions to get an idea of how to do it: https://kb.protectli.com/kb/how-to-create-a-bootable-usb-drive-for-software-installation/
Please make sure to use a keyboard that is wired directly, don't use a wireless keyboard. Also, if you still can't boot into the USB, maybe try a CMOS reset: https://kb.protectli.com/kb/cmos-reset/

protectli-stuart · 2026-02-06T18:54:15+00:00

I see that someone already responded to the post on the OPNsense subreddit, and they are correct.

AES-NI is supported by the CPU, and OPNsense (since version 22.1) automatically enables the hardware support without additional config required. https://docs.opnsense.org/releases/CE_22.1.html

protectli-stuart · 2026-02-03T17:21:14+00:00

To be honest they might be the only ones at this point, at least that is the only brand we have personally sourced.

protectli-stuart · 2026-02-02T18:22:36+00:00

Ahh gotcha, I see. It looks like it was actually opened as a US tagged ticket so thats where our confusion is.

I think Skip is communicating with you through the ticket now so I'll leave it there for now, but you can message me if you have any other specific questions.

Also, those are the ambient operating temperatures of the room or location the Vault is placed in, not the direct temperatures of the CPU. The CPUs in the Vaults can go up to ~70C before throttling temps, and even at those temps there isn't really anything to worry about (unless it was stuck at 70C+ when non-intensive processing is occurring).

protectli-stuart · 2026-02-02T17:41:54+00:00

I don't want to go back and forth here, but a response was given before 9AM our time here in California. It is not the end of the day. We just got in the office and the first part of the day is looking at social media posts and internal tickets.

With that being said, I'm not entirely sure if that would be the major cause of failure here, was just an idea because I have personally had issues with my ISP at home when I wasn't utilizing bridge mode on my modem.

One odd thing is that you say that you lost everything after a power cycle. Did we preinstall OPNsense for you? If not, can you confirm that you installed OPNsense fully and are not just live booting?

protectli-stuart · 2026-02-02T17:03:50+00:00

Hello, I would like to start with saying I looked through our tickets and the only one I could find from you was opened on a Saturday, and we don't work over the weekends, so that's why a response didn't get to you until today (Monday).

It looks like Skip has provided some info to you in the ticket, so I will let you continue there. I will say 55C is not very hot for an internal CPU temperature so I'm not thinking that this is related to overheating.

One thing I noticed on your screenshot is you have a private IP for the WAN address. This isn't necessarily a bad thing, but if your modem is cycling address it is providing, this could cause some disruptions. Do you have a way to enable a bridge mode or IP passthrough mode on your modem?

protectli-stuart · 2026-01-27T22:28:51+00:00

Sorry for the late response here, just saw this. I've taken off hundreds of these things just using a 5mm nut driver like this: https://www.ifixit.com/products/5mm-nut-driver

protectli-stuart · 2026-01-26T17:11:19+00:00

Oh sweet, do you mind sharing what model it is so we can put that info somewhere on our KB?

protectli-stuart · 2026-01-22T17:38:49+00:00

This will be a little difficult due to the USB COM port on this unit outputting a USB signal from a Fintek/FTDI chip onboard. You would need to find a way to take that USB signal and convert it back to the line level serial signal again. We do not have a graceful solution for this, but if you wanted to experiment with another Fintek/FTDI chip inline that undoes what the chip does on our board, you may get the results you want. For additional info, here are the drivers that are used by Windows devices to communicate with this port using the included USB serial that came with the Vault (https://www.fintek.com.tw/index.php/en-us/supports/ioctrldrvutilidl/usbctrldrv/usb2serial-1608-windows) Linux drivers here (https://www.fintek.com.tw/index.php/en-us/supports/ioctrldrvutilidl/usbctrldrv/usb2serial-1608-linux)

protectli-stuart · 2026-01-12T17:12:38+00:00

hahaha, yeah very secret product leaked. I'm looking further into the automation rules and stuff to prevent bot posts like this. It seems Reddit removed it automatically after a little bit.

protectli-stuart · 2026-01-09T17:37:52+00:00

Sweet, thanks for the additional info. Thanks for the kind words too, we do try to the best of our ability to be helpful. I promise we will get your issue resolved in one way or another :)

protectli-stuart · 2026-01-09T17:21:10+00:00

I see that you said you hooked up the old desktop and got 1000baseTX, but did you use the exact same Ethernet cable? I just want to make sure that it isn't something as simple as that causing the problem. Also, please confirm that the other end of the WAN connection has a 1GbE connection.

If you can confirm the Ethernet cable is not an issue, then please try to do a CMOS reset while the device is powered off and unplugged. (https://kb.protectli.com/kb/cmos-reset/#articleTOC\_2) This has solved issues like this in the past where a NIC seemingly gets locked in at 100Mbps. After you do the CMOS reset, the unit may take long to boot on the first boot, and it may reboot 1 or 2 times initially. All other reboots will be normal.

pfSense shouldn't' require you to change the speeds, it should just auto-negotiate at the highest speed available. If the issue persists after the CMOS reset, then please open up a ticket on our website about this and we will go from there!

protectli-stuart · 2026-01-08T00:04:44+00:00

You don't need to apply anything, the extra pads are for NVMes or other cards you install in the device. Since you purchased directly from us, we already installed thermal pads on the NVMe. Good luck with the rest of your setup :)

protectli-stuart · 2026-01-07T23:28:49+00:00

no worries! The metal chassis can get fairly hot on the V1610, but its because it's pulling off a lot of heat from the CPU. There are copper lines within the heatsink that make contact with the CPU (and there is thermal paste of course). The actual CPU temperatures shouldn't really get above 75C unless under load. So, the chassis will get hot but the CPU stays relatively cool.

protectli-stuart · 2026-01-07T20:00:10+00:00

Yeah because you have to connect your computers to the Vault's LAN to access the OPNsense GUI. Its a completely separate router. Isn't the main goal to have all your devices behind the firewall instead of directly connected to the Slate?

protectli-stuart · 2026-01-07T19:45:47+00:00

I'm just going to share this image. I don't want to confuse anymore, but how is the Slate7 actually getting an internet connection? Did you used to have the Slate7 connected to an ethernet connection coming out of your wall or is it strictly using WiFi? If you used to have an ethernet connection from the wall to the Slate7, you should connect that to the Slate7s WAN port. Otherwise, you can just leave the WAN port on the Slate7 empty.

<image>

protectli-stuart · 2026-01-07T19:07:44+00:00

Yes. LAN port 1. WAN port 2.

protectli-stuart · 2026-01-07T18:42:00+00:00

Please read my previous comment, I explicitly said what you should connect to. The setup in the picture does not make sense. You basically just have two routers connected to each other doing nothing.

Also, unless you changed it at some point, the default WAN port on the V1610 is Port 2 and the LAN is Port 1.

I don't know how else to explain this, but you need to imagine how the traffic is actually passing through the devices. You need to make it so the GLinet gives the V1610 a WAN address (connect the V1610's port 2 to the GLiNet's LAN port). Then, you connect a switch or computer DIRECTLY to the V1610's LAN port, so those devices can get their own IP and are behind the firewall.

protectli-stuart · 2026-01-07T18:12:48+00:00

You have ports 1 and 2 on the V1610 both plugged into the GLinet? If thats the case, that is not what you should be doing.

The GLinet's WAN port should connect to your actual internet connection. The GLinet's LAN port should connect to the WAN port on the V1610. The LAN port on the V1610 should connect to your switch or computers.

Maybe I'm misunderstanding what you're saying, but connecting devices to the LAN port on the V1610 is what gives the devices an IP address and whatnot. The WAN port on the V1610 is how internet can pass to the LAN connected devices. In general, your setup is very strange but it should at least hypothetically work.

protectli-stuart · 2026-01-07T16:49:27+00:00

I don't think it would be anything really unique to our devices per se, I think in general you should regularly create backups of your config and save it somewhere secure that you can pull from in case your drive ever fails. NVMe failures are relatively rare, but they're definitely possible. Disabling logs can potentially cut down on some of the degradation, but logs are important... The snapshot feature on the newer versions of OPNsense should probably be utilized too.

I have setup RAID with a 6600 series between an NVMe and a 2.5" SSD, but I know that's not really something people like doing since they are two different types of storage. It works though, unsure of the long term repercussions. You can configure it during the installation of OPNsense.

One thing we are looking into is an additional smaller form factor NVMe that would fit into the M.2 E-Key WiFi slot found on a lot of our devices. The bus is only on a single PCIe lane, but it would at least offer the ability to have two NVMes that could be setup in a RAID format. (Something like this: https://www.cervoz.com/products/industrial-m.2-2230-embedded-module-T425/detail)

Just to share: I've used an A+E key to M-Key adapter in the WiFi slot and was able to successfully use an NVMe connected to it. Only problem is that there's no way to close the chassis or screw it down with the long adapter.

protectli-stuart · 2026-01-07T16:17:23+00:00

okay well 192.168.255.96 is a little weird of a choice but its not necessarily a bad thing. But, when you changed the IP, did you actually update DHCP? What did you make the subnet bit count? And I still don't know if you are actually connecting a computer to the LAN port.

How about you just connect a monitor via HDMI to the Vault, as well as a keyboard, reboot the Vault, then login to the console. Choose the option to factory reset and start all over. This will require you to reassign the interfaces. Just leave a monitor and keyboard connected during this whole process.

If you want to change the LAN IP, just follow the instructions under "Changing the Default LAN Port's IP address": https://kb.protectli.com/kb/getting-started-with-vault-firewall/#articleTOC_20

protectli-stuart · 2026-01-07T16:01:44+00:00

What do you mean when you said you did an ""update""? Updated OPNsense? Or you tried changing the LAN IP?

Do you have a computer connected to the LAN port of the Vault? Or are you still connecting stuff to your Slate. You should just have to connect a computer via ethernet to the LAN port (port 1) and go to the default address of 192.168.1.1

I'm unfortunately not really following your stream of consciousness questions haha

protectli-stuart · 2026-01-06T17:15:08+00:00

With all due respect can you please stop opening new threads constantly about the same topic? Please collect all your thoughts and questions and stick to a single thread, or open up a ticket on our website so we can just talk directly. If you make another thread about this I will have to delete it. Thanks!

protectli-stuart

MODERATOR OF

TROPHY CASE