1.\" Copyright (c) 1999 Daniel C. Sobral 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd September 30, 2021 26.Dt LOADER_SIMP 8 27.Os 28.Sh NAME 29.Nm loader_simp 30.Nd kernel bootstrapping final stage 31.Sh DESCRIPTION 32The program called 33.Nm 34is the final stage of 35.Fx Ns 's 36kernel bootstrapping process. 37On IA32 (i386) architectures, it is a 38.Pa BTX 39client. 40It is linked statically to 41.Xr libsa 3 42and usually located in the directory 43.Pa /boot . 44.Pp 45It provides a scripting language that can be used to 46automate tasks, do pre-configuration or assist in recovery 47procedures. 48This scripting language is roughly divided in 49two main components. 50The smaller one is a set of commands 51designed for direct use by the casual user, called "builtin 52commands" for historical reasons. 53The main drive behind these commands is user-friendliness. 54.Pp 55During initialization, 56.Nm 57will probe for a console and set the 58.Va console 59variable, or set it to serial console 60.Pq Dq Li comconsole 61if the previous boot stage used that. 62If multiple consoles are selected, they will be listed separated by spaces. 63Then, devices are probed, 64.Va currdev 65and 66.Va loaddev 67are set, and 68.Va LINES 69is set to 24. 70After that, 71.Pa /boot/loader.rc 72is processed if available. 73These files are processed through the 74.Ic include 75command, which reads all of them into memory before processing them, 76making disk changes possible. 77.Pp 78At this point, if an 79.Ic autoboot 80has not been tried, and if 81.Va autoboot_delay 82is not set to 83.Dq Li NO 84(not case sensitive), then an 85.Ic autoboot 86will be tried. 87If the system gets past this point, 88.Va prompt 89will be set and 90.Nm 91will engage interactive mode. 92Please note that historically even when 93.Va autoboot_delay 94is set to 95.Dq Li 0 96user will be able to interrupt autoboot process by pressing some key 97on the console while kernel and modules are being loaded. 98In some 99cases such behaviour may be undesirable, to prevent it set 100.Va autoboot_delay 101to 102.Dq Li -1 , 103in this case 104.Nm 105will engage interactive mode only if 106.Ic autoboot 107has failed. 108.Sh BUILTIN COMMANDS 109In 110.Nm , 111builtin commands take parameters from the command line. 112Presently, 113the only way to call them from a script is by using 114.Pa evaluate 115on a string. 116In the case of an error, an error message will be displayed and 117the interpreter's state will be reset, emptying the stack and restoring 118interpreting mode. 119.Pp 120The builtin commands available are: 121.Pp 122.Bl -tag -width Ds -compact 123.It Ic autoboot Op Ar seconds Op Ar prompt 124Proceeds to bootstrap the system after a number of seconds, if not 125interrupted by the user. 126Displays a countdown prompt 127warning the user the system is about to be booted, 128unless interrupted by a key press. 129The kernel will be loaded first if necessary. 130Defaults to 10 seconds. 131.Pp 132.It Ic bcachestat 133Displays statistics about disk cache usage. 134For debugging only. 135.Pp 136.It Ic boot 137.It Ic boot Ar kernelname Op Cm ... 138.It Ic boot Fl flag Cm ... 139Immediately proceeds to bootstrap the system, loading the kernel 140if necessary. 141Any flags or arguments are passed to the kernel, but they 142must precede the kernel name, if a kernel name is provided. 143.Pp 144.It Ic echo Xo 145.Op Fl n 146.Op Aq message 147.Xc 148Displays text on the screen. 149A new line will be printed unless 150.Fl n 151is specified. 152.Pp 153.It Ic heap 154Displays memory usage statistics. 155For debugging purposes only. 156.Pp 157.It Ic help Op topic Op subtopic 158Shows help messages read from 159.Pa /boot/loader.help . 160The special topic 161.Em index 162will list the topics available. 163.Pp 164.It Ic include Ar file Op Ar 165Process script files. 166Each file, in turn, is completely read into memory, 167and then each of its lines is passed to the command line interpreter. 168If any error is returned by the interpreter, the include 169command aborts immediately, without reading any other files, and 170returns an error itself (see 171.Sx ERRORS ) . 172.Pp 173.It Ic load Xo 174.Op Fl t Ar type 175.Ar file Cm ... 176.Xc 177Loads a kernel, kernel loadable module (kld), disk image, 178or file of opaque contents tagged as being of the type 179.Ar type . 180Kernel and modules can be either in a.out or ELF format. 181Any arguments passed after the name of the file to be loaded 182will be passed as arguments to that file. 183Use the 184.Li md_image 185type to make the kernel create a file-backed 186.Xr md 4 187disk. 188This is useful for booting from a temporary rootfs. 189Currently, argument passing does not work for the kernel. 190.Pp 191.It Ic load_geli Xo 192.Op Fl n Ar keyno 193.Ar prov Ar file 194.Xc 195Loads a 196.Xr geli 8 197encryption keyfile for the given provider name. 198The key index can be specified via 199.Ar keyno 200or will default to zero. 201.Pp 202.It Ic ls Xo 203.Op Fl l 204.Op Ar path 205.Xc 206Displays a listing of files in the directory 207.Ar path , 208or the root directory if 209.Ar path 210is not specified. 211If 212.Fl l 213is specified, file sizes will be shown too. 214.Pp 215.It Ic lsdev Op Fl v 216Lists all of the devices from which it may be possible to load modules, 217as well as ZFS pools. 218If 219.Fl v 220is specified, more details are printed, including ZFS pool information 221in a format that resembles 222.Nm zpool Cm status 223output. 224.Pp 225.It Ic lsmod Op Fl v 226Displays loaded modules. 227If 228.Fl v 229is specified, more details are shown. 230.Pp 231.It Ic lszfs Ar filesystem 232A ZFS extended command that can be used to explore the ZFS filesystem 233hierarchy in a pool. 234Lists the immediate children of the 235.Ar filesystem . 236The filesystem hierarchy is rooted at a filesystem with the same name 237as the pool. 238.Pp 239.It Ic more Ar file Op Ar 240Display the files specified, with a pause at each 241.Va LINES 242displayed. 243.Pp 244.It Ic pnpscan Op Fl v 245Scans for Plug-and-Play devices. 246This is not functional at present. 247.Pp 248.It Ic read Xo 249.Op Fl t Ar seconds 250.Op Fl p Ar prompt 251.Op Va variable 252.Xc 253Reads a line of input from the terminal, storing it in 254.Va variable 255if specified. 256A timeout can be specified with 257.Fl t , 258though it will be canceled at the first key pressed. 259A prompt may also be displayed through the 260.Fl p 261flag. 262.Pp 263.It Ic reboot 264Immediately reboots the system. 265.Pp 266.It Ic set Ar variable 267.It Ic set Ar variable Ns = Ns Ar value 268Set loader's environment variables. 269.Pp 270.It Ic show Op Va variable 271Displays the specified variable's value, or all variables and their 272values if 273.Va variable 274is not specified. 275.Pp 276.It Ic unload 277Remove all modules from memory. 278.Pp 279.It Ic unset Va variable 280Removes 281.Va variable 282from the environment. 283.Pp 284.It Ic \&? 285Lists available commands. 286.El 287.Ss BUILTIN ENVIRONMENT VARIABLES 288Environment variables can be set and unset through the 289.Ic set 290and 291.Ic unset 292builtins, and can have their values interactively examined through the 293use of the 294.Ic show 295builtin. 296Their values can also be accessed as described in 297.Sx BUILTIN PARSER . 298.Pp 299Notice that these environment variables are not inherited by any shell 300after the system has been booted. 301.Pp 302A few variables are set automatically by 303.Nm . 304Others can affect the behavior of either 305.Nm 306or the kernel at boot. 307Some options may require a value, 308while others define behavior just by being set. 309Both types of builtin variables are described below. 310.Bl -tag -width bootfile 311.It Va autoboot_delay 312Number of seconds 313.Ic autoboot 314will wait before booting. 315Configuration options are described in 316.Xr loader.conf 5 . 317.It Va boot_askname 318Instructs the kernel to prompt the user for the name of the root device 319when the kernel is booted. 320.It Va boot_cdrom 321Instructs the kernel to try to mount the root file system from CD-ROM. 322.It Va boot_ddb 323Instructs the kernel to start in the DDB debugger, rather than 324proceeding to initialize when booted. 325.It Va boot_dfltroot 326Instructs the kernel to mount the statically compiled-in root file system. 327.It Va boot_gdb 328Selects gdb-remote mode for the kernel debugger by default. 329.It Va boot_multicons 330Enables multiple console support in the kernel early on boot. 331In a running system, console configuration can be manipulated 332by the 333.Xr conscontrol 8 334utility. 335.It Va boot_mute 336All kernel console output is suppressed when console is muted. 337In a running system, the state of console muting can be manipulated by the 338.Xr conscontrol 8 339utility. 340.It Va boot_pause 341During the device probe, pause after each line is printed. 342.It Va boot_safe 343Force userland to boot in 344.Dq safe mode , 345which may disable or limit the functionality of some services that may not be 346desired in safe mode. 347This is typically set by selecting 348.Dq safe mode 349in the loader menu, which also sets some other hints for the kernel. 350Applications wishing to respect safe mode should 351.Sy only 352test for the presence of 353.Va boot_safe 354in 355.Xr kenv 1 , 356not for any particular value. 357.It Va boot_serial 358Force the use of a serial console even when an internal console 359is present. 360.It Va boot_single 361Prevents the kernel from initiating a multi-user startup; instead, 362a single-user mode will be entered when the kernel has finished 363device probing. 364.It Va boot_verbose 365Setting this variable causes extra debugging information to be printed 366by the kernel during the boot phase. 367.It Va bootfile 368List of semicolon-separated search path for bootable kernels. 369The default is 370.Dq Li kernel . 371.It Va comconsole_speed 372Defines the speed of the serial console (i386 and amd64 only). 373If the previous boot stage indicated that a serial console is in use 374then this variable is initialized to the current speed of the console 375serial port. 376Otherwise it is set to 115200 unless this was overridden using the 377.Va BOOT_COMCONSOLE_SPEED 378variable when 379.Nm 380was compiled. 381Changes to the 382.Va comconsole_speed 383variable take effect immediately. 384.It Va comconsole_port 385Defines the base i/o port used to access console UART 386(i386 and amd64 only). 387If the variable is not set, its assumed value is 0x3F8, which 388corresponds to PC port COM1, unless overridden by 389.Va BOOT_COMCONSOLE_PORT 390variable during the compilation of 391.Nm . 392Setting the 393.Va comconsole_port 394variable automatically set 395.Va hw.uart.console 396environment variable to provide a hint to kernel for location of the console. 397Loader console is changed immediately after variable 398.Va comconsole_port 399is set. 400.It Va comconsole_pcidev 401Defines the location of a PCI device of the 'simple communication' 402class to be used as the serial console UART (i386 and amd64 only). 403The syntax of the variable is 404.Li 'bus:device:function[:bar]' , 405where all members must be numeric, with possible 406.Li 0x 407prefix to indicate a hexadecimal value. 408The 409.Va bar 410member is optional and assumed to be 0x10 if omitted. 411The bar must decode i/o space. 412Setting the variable 413.Va comconsole_pcidev 414automatically sets the variable 415.Va comconsole_port 416to the base of the selected bar, and hint 417.Va hw.uart.console . 418Loader console is changed immediately after variable 419.Va comconsole_pcidev 420is set. 421.It Va console 422Defines the current console or consoles. 423Multiple consoles may be specified. 424In that case, the first listed console will become the default console for 425userland output (e.g.\& from 426.Xr init 8 ) . 427.It Va currdev 428Selects the default device to loader the kernel from. 429The syntax is: 430.Dl Ic loader_device: 431or 432.Dl Ic zfs:dataset: 433Examples: 434.Dl Ic disk0p2: 435.Dl Ic zfs:zroot/ROOT/default: 436.It Va dumpdev 437Sets the device for kernel dumps. 438This can be used to ensure that a device is configured before the corresponding 439.Va dumpdev 440directive from 441.Xr rc.conf 5 442has been processed, allowing kernel panics that happen during the early stages 443of boot to be captured. 444.It Va init_chroot 445See 446.Xr init 8 . 447.It Va init_exec 448See 449.Xr init 8 . 450.It Va init_path 451Sets the list of binaries which the kernel will try to run as the initial 452process. 453The first matching binary is used. 454The default list is 455.Dq Li /sbin/init:/sbin/oinit:/sbin/init.bak:\:/rescue/init . 456.It Va init_script 457See 458.Xr init 8 . 459.It Va init_shell 460See 461.Xr init 8 . 462.It Va interpret 463Has the value 464.Dq Li OK 465if the Forth's current state is interpreting. 466.It Va LINES 467Define the number of lines on the screen, to be used by the pager. 468.It Va module_path 469Sets the list of directories which will be searched for modules 470named in a load command or implicitly required by a dependency. 471The default value for this variable is 472.Dq Li /boot/kernel;/boot/modules . 473.It Va num_ide_disks 474Sets the number of IDE disks as a workaround for some problems in 475finding the root disk at boot. 476This has been deprecated in favor of 477.Va root_disk_unit . 478.It Va prompt 479Value of 480.Nm Ns 's 481prompt. 482Defaults to 483.Dq Li "${interpret}" . 484If variable 485.Va prompt 486is unset, the default prompt is 487.Ql > . 488.It Va root_disk_unit 489If the code which detects the disk unit number for the root disk is 490confused, e.g.\& by a mix of SCSI and IDE disks, or IDE disks with 491gaps in the sequence (e.g.\& no primary slave), the unit number can 492be forced by setting this variable. 493.It Va rootdev 494By default the value of 495.Va currdev 496is used to set the root file system 497when the kernel is booted. 498This can be overridden by setting 499.Va rootdev 500explicitly. 501.El 502.Pp 503Other variables are used to override kernel tunable parameters. 504The following tunables are available: 505.Bl -tag -width Va 506.It Va efi.rt.disabled 507Disable UEFI runtime services in the kernel, if applicable. 508Runtime services are only available and used if the kernel is booted in a UEFI 509environment. 510.It Va hw.physmem 511Limit the amount of physical memory the system will use. 512By default the size is in bytes, but the 513.Cm k , K , m , M , g 514and 515.Cm G 516suffixes 517are also accepted and indicate kilobytes, megabytes and gigabytes 518respectively. 519An invalid suffix will result in the variable being ignored by the 520kernel. 521.It Va hw.pci.host_start_mem , hw.acpi.host_start_mem 522When not otherwise constrained, this limits the memory start 523address. 524The default is 0x80000000 and should be set to at least size of the 525memory and not conflict with other resources. 526Typically, only systems without PCI bridges need to set this variable 527since PCI bridges typically constrain the memory starting address 528(and the variable is only used when bridges do not constrain this 529address). 530.It Va hw.pci.enable_io_modes 531Enable PCI resources which are left off by some BIOSes or are not 532enabled correctly by the device driver. 533Tunable value set to ON (1) by default, but this may cause problems 534with some peripherals. 535.It Va kern.maxusers 536Set the size of a number of statically allocated system tables; see 537.Xr tuning 7 538for a description of how to select an appropriate value for this 539tunable. 540When set, this tunable replaces the value declared in the kernel 541compile-time configuration file. 542.It Va kern.ipc.nmbclusters 543Set the number of mbuf clusters to be allocated. 544The value cannot be set below the default 545determined when the kernel was compiled. 546.It Va kern.ipc.nsfbufs 547Set the number of 548.Xr sendfile 2 549buffers to be allocated. 550Overrides 551.Dv NSFBUFS . 552Not all architectures use such buffers; see 553.Xr sendfile 2 554for details. 555.It Va kern.maxswzone 556Limits the amount of KVM to be used to hold swap 557metadata, which directly governs the 558maximum amount of swap the system can support, 559at the rate of approximately 200 MB of swap space 560per 1 MB of metadata. 561This value is specified in bytes of KVA space. 562If no value is provided, the system allocates 563enough memory to handle an amount of swap 564that corresponds to eight times the amount of 565physical memory present in the system. 566.Pp 567Note that swap metadata can be fragmented, 568which means that the system can run out of 569space before it reaches the theoretical limit. 570Therefore, care should be taken to not configure 571more swap than approximately half of the 572theoretical maximum. 573.Pp 574Running out of space for swap metadata can leave 575the system in an unrecoverable state. 576Therefore, you should only change 577this parameter if you need to greatly extend the 578KVM reservation for other resources such as the 579buffer cache or 580.Va kern.ipc.nmbclusters . 581Modifies kernel option 582.Dv VM_SWZONE_SIZE_MAX . 583.It Va kern.maxbcache 584Limits the amount of KVM reserved for use by the 585buffer cache, specified in bytes. 586The default maximum is 200MB on i386, 587and 400MB on amd64. 588This parameter is used to 589prevent the buffer cache from eating too much 590KVM in large-memory machine configurations. 591Only mess around with this parameter if you need to 592greatly extend the KVM reservation for other resources 593such as the swap zone or 594.Va kern.ipc.nmbclusters . 595Note that 596the NBUF parameter will override this limit. 597Modifies 598.Dv VM_BCACHE_SIZE_MAX . 599.It Va kern.msgbufsize 600Sets the size of the kernel message buffer. 601The default limit of 96KB is usually sufficient unless 602large amounts of trace data need to be collected 603between opportunities to examine the buffer or 604dump it to a file. 605Overrides kernel option 606.Dv MSGBUF_SIZE . 607.It Va machdep.disable_mtrrs 608Disable the use of i686 MTRRs (x86 only). 609.It Va net.inet.tcp.tcbhashsize 610Overrides the compile-time set value of 611.Dv TCBHASHSIZE 612or the preset default of 512. 613Must be a power of 2. 614.It Va twiddle_divisor 615Throttles the output of the 616.Sq twiddle 617I/O progress indicator displayed while loading the kernel and modules. 618This is useful on slow serial consoles where the time spent waiting for 619these characters to be written can add up to many seconds. 620The default is 16; a value of 32 spins half as fast, 621while a value of 8 spins twice as fast. 622.It Va vm.kmem_size 623Sets the size of kernel memory (bytes). 624This overrides the value determined when the kernel was compiled. 625Modifies 626.Dv VM_KMEM_SIZE . 627.It Va vm.kmem_size_min 628.It Va vm.kmem_size_max 629Sets the minimum and maximum (respectively) amount of kernel memory 630that will be automatically allocated by the kernel. 631These override the values determined when the kernel was compiled. 632Modifies 633.Dv VM_KMEM_SIZE_MIN 634and 635.Dv VM_KMEM_SIZE_MAX . 636.El 637.Ss ZFS FEATURES 638.Nm 639supports the following format for specifying ZFS filesystems which 640can be used wherever 641.Xr loader 8 642refers to a device specification: 643.Pp 644.Ar zfs:pool/filesystem: 645.Pp 646where 647.Pa pool/filesystem 648is a ZFS filesystem name as described in 649.Xr zfs 8 . 650.Pp 651If 652.Pa /etc/fstab 653does not have an entry for the root filesystem and 654.Va vfs.root.mountfrom 655is not set, but 656.Va currdev 657refers to a ZFS filesystem, then 658.Nm 659will instruct kernel to use that filesystem as the root filesystem. 660.Sh SECURITY 661Access to the 662.Nm 663command line provides several ways of compromising system security, 664including, but not limited to: 665.Pp 666.Bl -bullet 667.It 668Booting from removable storage. 669.Pp 670One can prevent unauthorized access 671to the 672.Nm 673command line by booting unconditionally in 674.Pa loader.rc . 675In order for this to be effective, one should also configure the firmware 676(BIOS or UEFI) to prevent booting from unauthorized devices. 677.El 678.Sh FILES 679.Bl -tag -width /boot/loader_simp -compact 680.It Pa /boot/loader_simp 681.Nm 682itself. 683.It Pa /boot/loader.rc 684The script run by 685.Nm 686on startup. 687.El 688.Sh EXAMPLES 689Boot in single user mode: 690.Pp 691.Dl boot -s 692.Pp 693Load the kernel, a splash screen, and then autoboot in five seconds. 694Notice that a kernel must be loaded before any other 695.Ic load 696command is attempted. 697.Bd -literal -offset indent 698load kernel 699load splash_bmp 700load -t splash_image_data /boot/chuckrulez.bmp 701autoboot 5 702.Ed 703.Pp 704Set the disk unit of the root device to 2, and then boot. 705This would be needed in a system with two IDE disks, 706with the second IDE disk hardwired to ada2 instead of ada1. 707.Bd -literal -offset indent 708set root_disk_unit=2 709boot /boot/kernel/kernel 710.Ed 711.Pp 712Set the default device used for loading a kernel from a ZFS filesystem: 713.Bd -literal -offset indent 714set currdev=zfs:tank/ROOT/knowngood: 715.Ed 716.Pp 717.Sh ERRORS 718The following values are thrown by 719.Nm : 720.Bl -tag -width XXXXX -offset indent 721.It 100 722Any type of error in the processing of a builtin. 723.It -1 724.Ic Abort 725executed. 726.It -2 727.Ic Abort" 728executed. 729.It -56 730.Ic Quit 731executed. 732.It -256 733Out of interpreting text. 734.It -257 735Need more text to succeed -- will finish on next run. 736.It -258 737.Ic Bye 738executed. 739.It -259 740Unspecified error. 741.El 742.Sh SEE ALSO 743.Xr libsa 3 , 744.Xr loader.conf 5 , 745.Xr tuning 7 , 746.Xr boot 8 , 747.Xr btxld 8 748.Sh HISTORY 749The 750.Nm 751first appeared in 752.Fx 3.1 . 753.Sh AUTHORS 754.An -nosplit 755The 756.Nm 757was written by 758.An Michael Smith Aq msmith@FreeBSD.org . 759
