1.\" Copyright (c) 1999 Daniel C. Sobral 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 14, 2021 28.Dt LOADER 8 29.Os 30.Sh NAME 31.Nm loader 32.Nd kernel bootstrapping final stage 33.Sh DESCRIPTION 34The program called 35.Nm 36is the final stage of 37.Fx Ns 's 38kernel bootstrapping process. 39On IA32 (i386) architectures, it is a 40.Pa BTX 41client. 42It is linked statically to 43.Xr libstand 3 44and usually located in the directory 45.Pa /boot . 46.Pp 47It provides a scripting language that can be used to 48automate tasks, do pre-configuration or assist in recovery 49procedures. 50This scripting language is roughly divided in 51two main components. 52The smaller one is a set of commands 53designed for direct use by the casual user, called "builtin 54commands" for historical reasons. 55The main drive behind these commands is user-friendliness. 56The bigger component is an 57.Tn ANS 58Forth compatible Forth interpreter based on FICL, by 59.An John Sadler . 60.Pp 61During initialization, 62.Nm 63will probe for a console and set the 64.Va console 65variable, or set it to serial console 66.Pq Dq Li comconsole 67if the previous boot stage used that. 68If multiple consoles are selected, they will be listed separated by spaces. 69Then, devices are probed, 70.Va currdev 71and 72.Va loaddev 73are set, and 74.Va LINES 75is set to 24. 76After that, 77.Pa /boot/loader.rc 78is processed if available. 79These files are processed through the 80.Ic include 81command, which reads all of them into memory before processing them, 82making disk changes possible. 83.Pp 84At this point, if an 85.Ic autoboot 86has not been tried, and if 87.Va autoboot_delay 88is not set to 89.Dq Li NO 90(not case sensitive), then an 91.Ic autoboot 92will be tried. 93If the system gets past this point, 94.Va prompt 95will be set and 96.Nm 97will engage interactive mode. 98Please note that historically even when 99.Va autoboot_delay 100is set to 101.Dq Li 0 102user will be able to interrupt autoboot process by pressing some key 103on the console while kernel and modules are being loaded. 104In some 105cases such behaviour may be undesirable, to prevent it set 106.Va autoboot_delay 107to 108.Dq Li -1 , 109in this case 110.Nm 111will engage interactive mode only if 112.Ic autoboot 113has failed. 114.Sh BUILTIN COMMANDS 115In 116.Nm , 117builtin commands take parameters from the command line. 118Presently, 119the only way to call them from a script is by using 120.Pa evaluate 121on a string. 122If an error condition occurs, an exception will be generated, 123which can be intercepted using 124.Tn ANS 125Forth exception handling 126words. 127If not intercepted, an error message will be displayed and 128the interpreter's state will be reset, emptying the stack and restoring 129interpreting mode. 130.Pp 131The builtin commands available are: 132.Pp 133.Bl -tag -width Ds -compact 134.It Ic autoboot Op Ar seconds Op Ar prompt 135Proceeds to bootstrap the system after a number of seconds, if not 136interrupted by the user. 137Displays a countdown prompt 138warning the user the system is about to be booted, 139unless interrupted by a key press. 140The kernel will be loaded first if necessary. 141Defaults to 10 seconds. 142.Pp 143.It Ic bcachestat 144Displays statistics about disk cache usage. 145For debugging only. 146.Pp 147.It Ic boot 148.It Ic boot Ar kernelname Op Cm ... 149.It Ic boot Fl flag Cm ... 150Immediately proceeds to bootstrap the system, loading the kernel 151if necessary. 152Any flags or arguments are passed to the kernel, but they 153must precede the kernel name, if a kernel name is provided. 154.Pp 155.It Ic echo Xo 156.Op Fl n 157.Op Aq message 158.Xc 159Displays text on the screen. 160A new line will be printed unless 161.Fl n 162is specified. 163.Pp 164.It Ic heap 165Displays memory usage statistics. 166For debugging purposes only. 167.Pp 168.It Ic help Op topic Op subtopic 169Shows help messages read from 170.Pa /boot/loader.help . 171The special topic 172.Em index 173will list the topics available. 174.Pp 175.It Ic include Ar file Op Ar 176Process script files. 177Each file, in turn, is completely read into memory, 178and then each of its lines is passed to the command line interpreter. 179If any error is returned by the interpreter, the include 180command aborts immediately, without reading any other files, and 181returns an error itself (see 182.Sx ERRORS ) . 183.Pp 184.It Ic load Xo 185.Op Fl t Ar type 186.Ar file Cm ... 187.Xc 188Loads a kernel, kernel loadable module (kld), disk image, 189or file of opaque contents tagged as being of the type 190.Ar type . 191Kernel and modules can be either in a.out or ELF format. 192Any arguments passed after the name of the file to be loaded 193will be passed as arguments to that file. 194Use the 195.Li md_image 196type to make the kernel create a file-backed 197.Xr md 4 198disk. 199This is useful for booting from a temporary rootfs. 200Currently, argument passing does not work for the kernel. 201.Pp 202.It Ic load_geli Xo 203.Op Fl n Ar keyno 204.Ar prov Ar file 205.Xc 206Loads a 207.Xr geli 8 208encryption keyfile for the given provider name. 209The key index can be specified via 210.Ar keyno 211or will default to zero. 212.Pp 213.It Ic ls Xo 214.Op Fl l 215.Op Ar path 216.Xc 217Displays a listing of files in the directory 218.Ar path , 219or the root directory if 220.Ar path 221is not specified. 222If 223.Fl l 224is specified, file sizes will be shown too. 225.Pp 226.It Ic lsdev Op Fl v 227Lists all of the devices from which it may be possible to load modules, 228as well as ZFS pools. 229If 230.Fl v 231is specified, more details are printed, including ZFS pool information 232in a format that resembles 233.Nm zpool Cm status 234output. 235.Pp 236.It Ic lsmod Op Fl v 237Displays loaded modules. 238If 239.Fl v 240is specified, more details are shown. 241.Pp 242.It Ic lszfs Ar filesystem 243A ZFS extended command that can be used to explore the ZFS filesystem 244hierarchy in a pool. 245Lists the immediate children of the 246.Ar filesystem . 247The filesystem hierarchy is rooted at a filesystem with the same name 248as the pool. 249.Pp 250.It Ic more Ar file Op Ar 251Display the files specified, with a pause at each 252.Va LINES 253displayed. 254.Pp 255.It Ic pnpscan Op Fl v 256Scans for Plug-and-Play devices. 257This is not functional at present. 258.Pp 259.It Ic read Xo 260.Op Fl t Ar seconds 261.Op Fl p Ar prompt 262.Op Va variable 263.Xc 264Reads a line of input from the terminal, storing it in 265.Va variable 266if specified. 267A timeout can be specified with 268.Fl t , 269though it will be canceled at the first key pressed. 270A prompt may also be displayed through the 271.Fl p 272flag. 273.Pp 274.It Ic reboot 275Immediately reboots the system. 276.Pp 277.It Ic set Ar variable 278.It Ic set Ar variable Ns = Ns Ar value 279Set loader's environment variables. 280.Pp 281.It Ic show Op Va variable 282Displays the specified variable's value, or all variables and their 283values if 284.Va variable 285is not specified. 286.Pp 287.It Ic unload 288Remove all modules from memory. 289.Pp 290.It Ic unset Va variable 291Removes 292.Va variable 293from the environment. 294.Pp 295.It Ic \&? 296Lists available commands. 297.El 298.Ss BUILTIN ENVIRONMENT VARIABLES 299The 300.Nm 301has actually two different kinds of 302.Sq environment 303variables. 304There are ANS Forth's 305.Em environmental queries , 306and a separate space of environment variables used by builtins, which 307are not directly available to Forth words. 308It is the latter type that this section covers. 309.Pp 310Environment variables can be set and unset through the 311.Ic set 312and 313.Ic unset 314builtins, and can have their values interactively examined through the 315use of the 316.Ic show 317builtin. 318Their values can also be accessed as described in 319.Sx BUILTIN PARSER . 320.Pp 321Notice that these environment variables are not inherited by any shell 322after the system has been booted. 323.Pp 324A few variables are set automatically by 325.Nm . 326Others can affect the behavior of either 327.Nm 328or the kernel at boot. 329Some options may require a value, 330while others define behavior just by being set. 331Both types of builtin variables are described below. 332.Bl -tag -width bootfile 333.It Va autoboot_delay 334Number of seconds 335.Ic autoboot 336will wait before booting. 337Configuration options are described in 338.Xr loader.conf 5 . 339.It Va boot_askname 340Instructs the kernel to prompt the user for the name of the root device 341when the kernel is booted. 342.It Va boot_cdrom 343Instructs the kernel to try to mount the root file system from CD-ROM. 344.It Va boot_ddb 345Instructs the kernel to start in the DDB debugger, rather than 346proceeding to initialize when booted. 347.It Va boot_dfltroot 348Instructs the kernel to mount the statically compiled-in root file system. 349.It Va boot_gdb 350Selects gdb-remote mode for the kernel debugger by default. 351.It Va boot_multicons 352Enables multiple console support in the kernel early on boot. 353In a running system, console configuration can be manipulated 354by the 355.Xr conscontrol 8 356utility. 357.It Va boot_mute 358All kernel console output is suppressed when console is muted. 359In a running system, the state of console muting can be manipulated by the 360.Xr conscontrol 8 361utility. 362.It Va boot_pause 363During the device probe, pause after each line is printed. 364.It Va boot_serial 365Force the use of a serial console even when an internal console 366is present. 367.It Va boot_single 368Prevents the kernel from initiating a multi-user startup; instead, 369a single-user mode will be entered when the kernel has finished 370device probing. 371.It Va boot_verbose 372Setting this variable causes extra debugging information to be printed 373by the kernel during the boot phase. 374.It Va bootfile 375List of semicolon-separated search path for bootable kernels. 376The default is 377.Dq Li kernel . 378.It Va comconsole_speed 379Defines the speed of the serial console (i386 and amd64 only). 380If the previous boot stage indicated that a serial console is in use 381then this variable is initialized to the current speed of the console 382serial port. 383Otherwise it is set to 9600 unless this was overridden using the 384.Va BOOT_COMCONSOLE_SPEED 385variable when 386.Nm 387was compiled. 388Changes to the 389.Va comconsole_speed 390variable take effect immediately. 391.It Va comconsole_port 392Defines the base i/o port used to access console UART 393(i386 and amd64 only). 394If the variable is not set, its assumed value is 0x3F8, which 395corresponds to PC port COM1, unless overridden by 396.Va BOOT_COMCONSOLE_PORT 397variable during the compilation of 398.Nm . 399Setting the 400.Va comconsole_port 401variable automatically set 402.Va hw.uart.console 403environment variable to provide a hint to kernel for location of the console. 404Loader console is changed immediately after variable 405.Va comconsole_port 406is set. 407.It Va comconsole_pcidev 408Defines the location of a PCI device of the 'simple communication' 409class to be used as the serial console UART (i386 and amd64 only). 410The syntax of the variable is 411.Li 'bus:device:function[:bar]' , 412where all members must be numeric, with possible 413.Li 0x 414prefix to indicate a hexadecimal value. 415The 416.Va bar 417member is optional and assumed to be 0x10 if omitted. 418The bar must decode i/o space. 419Setting the variable 420.Va comconsole_pcidev 421automatically sets the variable 422.Va comconsole_port 423to the base of the selected bar, and hint 424.Va hw.uart.console . 425Loader console is changed immediately after variable 426.Va comconsole_pcidev 427is set. 428.It Va console 429Defines the current console or consoles. 430Multiple consoles may be specified. 431In that case, the first listed console will become the default console for 432userland output (e.g.\& from 433.Xr init 8 ) . 434.It Va currdev 435Selects the default device to loader the kernel from. 436The syntax is: 437.Dl Ic loader_device: 438or 439.Dl Ic zfs:dataset: 440Examples: 441.Dl Ic disk0p2: 442.Dl Ic zfs:zroot/ROOT/default: 443.It Va dumpdev 444Sets the device for kernel dumps. 445This can be used to ensure that a device is configured before the corresponding 446.Va dumpdev 447directive from 448.Xr rc.conf 5 449has been processed, allowing kernel panics that happen during the early stages 450of boot to be captured. 451.It Va init_chroot 452See 453.Xr init 8 . 454.It Va init_exec 455See 456.Xr init 8 . 457.It Va init_path 458Sets the list of binaries which the kernel will try to run as the initial 459process. 460The first matching binary is used. 461The default list is 462.Dq Li /sbin/init:/sbin/oinit:/sbin/init.bak:\:/rescue/init . 463.It Va init_script 464See 465.Xr init 8 . 466.It Va init_shell 467See 468.Xr init 8 . 469.It Va interpret 470Has the value 471.Dq Li OK 472if the Forth's current state is interpreting. 473.It Va LINES 474Define the number of lines on the screen, to be used by the pager. 475.It Va module_path 476Sets the list of directories which will be searched for modules 477named in a load command or implicitly required by a dependency. 478The default value for this variable is 479.Dq Li /boot/kernel;/boot/modules . 480.It Va num_ide_disks 481Sets the number of IDE disks as a workaround for some problems in 482finding the root disk at boot. 483This has been deprecated in favor of 484.Va root_disk_unit . 485.It Va prompt 486Value of 487.Nm Ns 's 488prompt. 489Defaults to 490.Dq Li "${interpret}" . 491If variable 492.Va prompt 493is unset, the default prompt is 494.Ql > . 495.It Va root_disk_unit 496If the code which detects the disk unit number for the root disk is 497confused, e.g.\& by a mix of SCSI and IDE disks, or IDE disks with 498gaps in the sequence (e.g.\& no primary slave), the unit number can 499be forced by setting this variable. 500.It Va rootdev 501By default the value of 502.Va currdev 503is used to set the root file system 504when the kernel is booted. 505This can be overridden by setting 506.Va rootdev 507explicitly. 508.El 509.Pp 510Other variables are used to override kernel tunable parameters. 511The following tunables are available: 512.Bl -tag -width Va 513.It Va efi.rt.disabled 514Disable UEFI runtime services in the kernel, if applicable. 515Runtime services are only available and used if the kernel is booted in a UEFI 516environment. 517.It Va hw.physmem 518Limit the amount of physical memory the system will use. 519By default the size is in bytes, but the 520.Cm k , K , m , M , g 521and 522.Cm G 523suffixes 524are also accepted and indicate kilobytes, megabytes and gigabytes 525respectively. 526An invalid suffix will result in the variable being ignored by the 527kernel. 528.It Va hw.pci.host_start_mem , hw.acpi.host_start_mem 529When not otherwise constrained, this limits the memory start 530address. 531The default is 0x80000000 and should be set to at least size of the 532memory and not conflict with other resources. 533Typically, only systems without PCI bridges need to set this variable 534since PCI bridges typically constrain the memory starting address 535(and the variable is only used when bridges do not constrain this 536address). 537.It Va hw.pci.enable_io_modes 538Enable PCI resources which are left off by some BIOSes or are not 539enabled correctly by the device driver. 540Tunable value set to ON (1) by default, but this may cause problems 541with some peripherals. 542.It Va kern.maxusers 543Set the size of a number of statically allocated system tables; see 544.Xr tuning 7 545for a description of how to select an appropriate value for this 546tunable. 547When set, this tunable replaces the value declared in the kernel 548compile-time configuration file. 549.It Va kern.ipc.nmbclusters 550Set the number of mbuf clusters to be allocated. 551The value cannot be set below the default 552determined when the kernel was compiled. 553.It Va kern.ipc.nsfbufs 554Set the number of 555.Xr sendfile 2 556buffers to be allocated. 557Overrides 558.Dv NSFBUFS . 559Not all architectures use such buffers; see 560.Xr sendfile 2 561for details. 562.It Va kern.maxswzone 563Limits the amount of KVM to be used to hold swap 564metadata, which directly governs the 565maximum amount of swap the system can support, 566at the rate of approximately 200 MB of swap space 567per 1 MB of metadata. 568This value is specified in bytes of KVA space. 569If no value is provided, the system allocates 570enough memory to handle an amount of swap 571that corresponds to eight times the amount of 572physical memory present in the system. 573.Pp 574Note that swap metadata can be fragmented, 575which means that the system can run out of 576space before it reaches the theoretical limit. 577Therefore, care should be taken to not configure 578more swap than approximately half of the 579theoretical maximum. 580.Pp 581Running out of space for swap metadata can leave 582the system in an unrecoverable state. 583Therefore, you should only change 584this parameter if you need to greatly extend the 585KVM reservation for other resources such as the 586buffer cache or 587.Va kern.ipc.nmbclusters . 588Modifies kernel option 589.Dv VM_SWZONE_SIZE_MAX . 590.It Va kern.maxbcache 591Limits the amount of KVM reserved for use by the 592buffer cache, specified in bytes. 593The default maximum is 200MB on i386, 594and 400MB on amd64. 595This parameter is used to 596prevent the buffer cache from eating too much 597KVM in large-memory machine configurations. 598Only mess around with this parameter if you need to 599greatly extend the KVM reservation for other resources 600such as the swap zone or 601.Va kern.ipc.nmbclusters . 602Note that 603the NBUF parameter will override this limit. 604Modifies 605.Dv VM_BCACHE_SIZE_MAX . 606.It Va kern.msgbufsize 607Sets the size of the kernel message buffer. 608The default limit of 96KB is usually sufficient unless 609large amounts of trace data need to be collected 610between opportunities to examine the buffer or 611dump it to a file. 612Overrides kernel option 613.Dv MSGBUF_SIZE . 614.It Va machdep.disable_mtrrs 615Disable the use of i686 MTRRs (x86 only). 616.It Va net.inet.tcp.tcbhashsize 617Overrides the compile-time set value of 618.Dv TCBHASHSIZE 619or the preset default of 512. 620Must be a power of 2. 621.It Va twiddle_divisor 622Throttles the output of the 623.Sq twiddle 624I/O progress indicator displayed while loading the kernel and modules. 625This is useful on slow serial consoles where the time spent waiting for 626these characters to be written can add up to many seconds. 627The default is 1 (full speed); a value of 2 spins half as fast, and so on. 628.It Va vm.kmem_size 629Sets the size of kernel memory (bytes). 630This overrides the value determined when the kernel was compiled. 631Modifies 632.Dv VM_KMEM_SIZE . 633.It Va vm.kmem_size_min 634.It Va vm.kmem_size_max 635Sets the minimum and maximum (respectively) amount of kernel memory 636that will be automatically allocated by the kernel. 637These override the values determined when the kernel was compiled. 638Modifies 639.Dv VM_KMEM_SIZE_MIN 640and 641.Dv VM_KMEM_SIZE_MAX . 642.El 643.Ss ZFS FEATURES 644.Nm 645supports the following format for specifying ZFS filesystems which 646can be used wherever 647.Xr loader 8 648refers to a device specification: 649.Pp 650.Ar zfs:pool/filesystem: 651.Pp 652where 653.Pa pool/filesystem 654is a ZFS filesystem name as described in 655.Xr zfs 8 . 656.Pp 657If 658.Pa /etc/fstab 659does not have an entry for the root filesystem and 660.Va vfs.root.mountfrom 661is not set, but 662.Va currdev 663refers to a ZFS filesystem, then 664.Nm 665will instruct kernel to use that filesystem as the root filesystem. 666.Sh SECURITY 667Access to the 668.Nm 669command line provides several ways of compromising system security, 670including, but not limited to: 671.Pp 672.Bl -bullet 673.It 674Booting from removable storage. 675.Pp 676One can prevent unauthorized access 677to the 678.Nm 679command line by booting unconditionally in 680.Pa loader.rc . 681In order for this to be effective, one should also configure the firmware 682(BIOS or UEFI) to prevent booting from unauthorized devices. 683.Sh FILES 684.Bl -tag -width /boot/loader_simp -compact 685.It Pa /boot/loader_simp 686.Nm 687itself. 688.It Pa /boot/loader.rc 689The script run by 690.Nm 691on startup. 692.Sh EXAMPLES 693Boot in single user mode: 694.Pp 695.Dl boot -s 696.Pp 697Load the kernel, a splash screen, and then autoboot in five seconds. 698Notice that a kernel must be loaded before any other 699.Ic load 700command is attempted. 701.Bd -literal -offset indent 702load kernel 703load splash_bmp 704load -t splash_image_data /boot/chuckrulez.bmp 705autoboot 5 706.Ed 707.Pp 708Set the disk unit of the root device to 2, and then boot. 709This would be needed in a system with two IDE disks, 710with the second IDE disk hardwired to ada2 instead of ada1. 711.Bd -literal -offset indent 712set root_disk_unit=2 713boot /boot/kernel/kernel 714.Ed 715.Pp 716Set the default device used for loading a kernel from a ZFS filesystem: 717.Bd -literal -offset indent 718set currdev=zfs:tank/ROOT/knowngood: 719.Ed 720.Pp 721.Sh ERRORS 722The following values are thrown by 723.Nm : 724.Bl -tag -width XXXXX -offset indent 725.It 100 726Any type of error in the processing of a builtin. 727.It -1 728.Ic Abort 729executed. 730.It -2 731.Ic Abort" 732executed. 733.It -56 734.Ic Quit 735executed. 736.It -256 737Out of interpreting text. 738.It -257 739Need more text to succeed -- will finish on next run. 740.It -258 741.Ic Bye 742executed. 743.It -259 744Unspecified error. 745.El 746.Sh SEE ALSO 747.Xr libstand 3 , 748.Xr loader.conf 5 , 749.Xr tuning 7 , 750.Xr boot 8 , 751.Xr btxld 8 752.Sh HISTORY 753The 754.Nm 755first appeared in 756.Fx 3.1 . 757.Sh AUTHORS 758.An -nosplit 759The 760.Nm 761was written by 762.An Michael Smith Aq msmith@FreeBSD.org . 763
