1.\" 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 1999 Daniel C. Sobral 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd September 30, 2021 29.Dt LOADER_SIMP 8 30.Os 31.Sh NAME 32.Nm loader_simp 33.Nd kernel bootstrapping final stage 34.Sh DESCRIPTION 35The program called 36.Nm 37is the final stage of 38.Fx Ns 's 39kernel bootstrapping process. 40On IA32 (i386) architectures, it is a 41.Pa BTX 42client. 43It is linked statically to 44.Xr libsa 3 45and usually located in the directory 46.Pa /boot . 47.Pp 48It provides a scripting language that can be used to 49automate tasks, do pre-configuration or assist in recovery 50procedures. 51This scripting language is roughly divided in 52two main components. 53The smaller one is a set of commands 54designed for direct use by the casual user, called "builtin 55commands" for historical reasons. 56The main drive behind these commands is user-friendliness. 57.Pp 58During initialization, 59.Nm 60will probe for a console and set the 61.Va console 62variable, or set it to serial console 63.Pq Dq Li comconsole 64if the previous boot stage used that. 65If multiple consoles are selected, they will be listed separated by spaces. 66Then, devices are probed, 67.Va currdev 68and 69.Va loaddev 70are set, and 71.Va LINES 72is set to 24. 73After that, 74.Pa /boot/loader.rc 75is processed if available. 76These files are processed through the 77.Ic include 78command, which reads all of them into memory before processing them, 79making disk changes possible. 80.Pp 81At this point, if an 82.Ic autoboot 83has not been tried, and if 84.Va autoboot_delay 85is not set to 86.Dq Li NO 87(not case sensitive), then an 88.Ic autoboot 89will be tried. 90If the system gets past this point, 91.Va prompt 92will be set and 93.Nm 94will engage interactive mode. 95Please note that historically even when 96.Va autoboot_delay 97is set to 98.Dq Li 0 99user will be able to interrupt autoboot process by pressing some key 100on the console while kernel and modules are being loaded. 101In some 102cases such behaviour may be undesirable, to prevent it set 103.Va autoboot_delay 104to 105.Dq Li -1 , 106in this case 107.Nm 108will engage interactive mode only if 109.Ic autoboot 110has failed. 111.Sh BUILTIN COMMANDS 112In 113.Nm , 114builtin commands take parameters from the command line. 115Presently, 116the only way to call them from a script is by using 117.Pa evaluate 118on a string. 119In the case of an error, an error message will be displayed and 120the interpreter's state will be reset, emptying the stack and restoring 121interpreting mode. 122.Pp 123The builtin commands available are: 124.Pp 125.Bl -tag -width Ds -compact 126.It Ic autoboot Op Ar seconds Op Ar prompt 127Proceeds to bootstrap the system after a number of seconds, if not 128interrupted by the user. 129Displays a countdown prompt 130warning the user the system is about to be booted, 131unless interrupted by a key press. 132The kernel will be loaded first if necessary. 133Defaults to 10 seconds. 134.Pp 135.It Ic bcachestat 136Displays statistics about disk cache usage. 137For debugging only. 138.Pp 139.It Ic boot 140.It Ic boot Ar kernelname Op Cm ... 141.It Ic boot Fl flag Cm ... 142Immediately proceeds to bootstrap the system, loading the kernel 143if necessary. 144Any flags or arguments are passed to the kernel, but they 145must precede the kernel name, if a kernel name is provided. 146.Pp 147.It Ic echo Xo 148.Op Fl n 149.Op Aq message 150.Xc 151Displays text on the screen. 152A new line will be printed unless 153.Fl n 154is specified. 155.Pp 156.It Ic heap 157Displays memory usage statistics. 158For debugging purposes only. 159.Pp 160.It Ic help Op topic Op subtopic 161Shows help messages read from 162.Pa /boot/loader.help . 163The special topic 164.Em index 165will list the topics available. 166.Pp 167.It Ic include Ar file Op Ar 168Process script files. 169Each file, in turn, is completely read into memory, 170and then each of its lines is passed to the command line interpreter. 171If any error is returned by the interpreter, the include 172command aborts immediately, without reading any other files, and 173returns an error itself (see 174.Sx ERRORS ) . 175.Pp 176.It Ic load Xo 177.Op Fl t Ar type 178.Ar file Cm ... 179.Xc 180Loads a kernel, kernel loadable module (kld), disk image, 181or file of opaque contents tagged as being of the type 182.Ar type . 183Kernel and modules can be either in a.out or ELF format. 184Any arguments passed after the name of the file to be loaded 185will be passed as arguments to that file. 186Use the 187.Li md_image 188type to make the kernel create a file-backed 189.Xr md 4 190disk. 191This is useful for booting from a temporary rootfs. 192Currently, argument passing does not work for the kernel. 193.Pp 194.It Ic load_geli Xo 195.Op Fl n Ar keyno 196.Ar prov Ar file 197.Xc 198Loads a 199.Xr geli 8 200encryption keyfile for the given provider name. 201The key index can be specified via 202.Ar keyno 203or will default to zero. 204.Pp 205.It Ic ls Xo 206.Op Fl l 207.Op Ar path 208.Xc 209Displays a listing of files in the directory 210.Ar path , 211or the root directory if 212.Ar path 213is not specified. 214If 215.Fl l 216is specified, file sizes will be shown too. 217.Pp 218.It Ic lsdev Op Fl v 219Lists all of the devices from which it may be possible to load modules, 220as well as ZFS pools. 221If 222.Fl v 223is specified, more details are printed, including ZFS pool information 224in a format that resembles 225.Nm zpool Cm status 226output. 227.Pp 228.It Ic lsmod Op Fl v 229Displays loaded modules. 230If 231.Fl v 232is specified, more details are shown. 233.Pp 234.It Ic lszfs Ar filesystem 235A ZFS extended command that can be used to explore the ZFS filesystem 236hierarchy in a pool. 237Lists the immediate children of the 238.Ar filesystem . 239The filesystem hierarchy is rooted at a filesystem with the same name 240as the pool. 241.Pp 242.It Ic more Ar file Op Ar 243Display the files specified, with a pause at each 244.Va LINES 245displayed. 246.Pp 247.It Ic pnpscan Op Fl v 248Scans for Plug-and-Play devices. 249This is not functional at present. 250.Pp 251.It Ic read Xo 252.Op Fl t Ar seconds 253.Op Fl p Ar prompt 254.Op Va variable 255.Xc 256Reads a line of input from the terminal, storing it in 257.Va variable 258if specified. 259A timeout can be specified with 260.Fl t , 261though it will be canceled at the first key pressed. 262A prompt may also be displayed through the 263.Fl p 264flag. 265.Pp 266.It Ic reboot 267Immediately reboots the system. 268.Pp 269.It Ic set Ar variable 270.It Ic set Ar variable Ns = Ns Ar value 271Set loader's environment variables. 272.Pp 273.It Ic show Op Va variable 274Displays the specified variable's value, or all variables and their 275values if 276.Va variable 277is not specified. 278.Pp 279.It Ic unload 280Remove all modules from memory. 281.Pp 282.It Ic unset Va variable 283Removes 284.Va variable 285from the environment. 286.Pp 287.It Ic \&? 288Lists available commands. 289.El 290.Ss BUILTIN ENVIRONMENT VARIABLES 291Environment variables can be set and unset through the 292.Ic set 293and 294.Ic unset 295builtins, and can have their values interactively examined through the 296use of the 297.Ic show 298builtin. 299Their values can also be accessed as described in 300.Sx BUILTIN PARSER . 301.Pp 302Notice that these environment variables are not inherited by any shell 303after the system has been booted. 304.Pp 305A few variables are set automatically by 306.Nm . 307Others can affect the behavior of either 308.Nm 309or the kernel at boot. 310Some options may require a value, 311while others define behavior just by being set. 312Both types of builtin variables are described below. 313.Bl -tag -width bootfile 314.It Va autoboot_delay 315Number of seconds 316.Ic autoboot 317will wait before booting. 318Configuration options are described in 319.Xr loader.conf 5 . 320.It Va boot_askname 321Instructs the kernel to prompt the user for the name of the root device 322when the kernel is booted. 323.It Va boot_cdrom 324Instructs the kernel to try to mount the root file system from CD-ROM. 325.It Va boot_ddb 326Instructs the kernel to start in the DDB debugger, rather than 327proceeding to initialize when booted. 328.It Va boot_dfltroot 329Instructs the kernel to mount the statically compiled-in root file system. 330.It Va boot_gdb 331Selects gdb-remote mode for the kernel debugger by default. 332.It Va boot_multicons 333Enables multiple console support in the kernel early on boot. 334In a running system, console configuration can be manipulated 335by the 336.Xr conscontrol 8 337utility. 338.It Va boot_mute 339All kernel console output is suppressed when console is muted. 340In a running system, the state of console muting can be manipulated by the 341.Xr conscontrol 8 342utility. 343.It Va boot_pause 344During the device probe, pause after each line is printed. 345.It Va boot_safe 346Force userland to boot in 347.Dq safe mode , 348which may disable or limit the functionality of some services that may not be 349desired in safe mode. 350This is typically set by selecting 351.Dq safe mode 352in the loader menu, which also sets some other hints for the kernel. 353Applications wishing to respect safe mode should 354.Sy only 355test for the presence of 356.Va boot_safe 357in 358.Xr kenv 1 , 359not for any particular value. 360.It Va boot_serial 361Force the use of a serial console even when an internal console 362is present. 363.It Va boot_single 364Prevents the kernel from initiating a multi-user startup; instead, 365a single-user mode will be entered when the kernel has finished 366device probing. 367.It Va boot_verbose 368Setting this variable causes extra debugging information to be printed 369by the kernel during the boot phase. 370.It Va bootfile 371List of semicolon-separated search path for bootable kernels. 372The default is 373.Dq Li kernel . 374.It Va comconsole_speed 375Defines the speed of the serial console (i386 and amd64 only). 376If the previous boot stage indicated that a serial console is in use 377then this variable is initialized to the current speed of the console 378serial port. 379Otherwise it is set to 115200 unless this was overridden using the 380.Va BOOT_COMCONSOLE_SPEED 381variable when 382.Nm 383was compiled. 384Changes to the 385.Va comconsole_speed 386variable take effect immediately. 387.It Va comconsole_port 388Defines the base i/o port used to access console UART 389(i386 and amd64 only). 390If the variable is not set, its assumed value is 0x3F8, which 391corresponds to PC port COM1, unless overridden by 392.Va BOOT_COMCONSOLE_PORT 393variable during the compilation of 394.Nm . 395Setting the 396.Va comconsole_port 397variable automatically set 398.Va hw.uart.console 399environment variable to provide a hint to kernel for location of the console. 400Loader console is changed immediately after variable 401.Va comconsole_port 402is set. 403.It Va comconsole_pcidev 404Defines the location of a PCI device of the 'simple communication' 405class to be used as the serial console UART (i386 and amd64 only). 406The syntax of the variable is 407.Li 'bus:device:function[:bar]' , 408where all members must be numeric, with possible 409.Li 0x 410prefix to indicate a hexadecimal value. 411The 412.Va bar 413member is optional and assumed to be 0x10 if omitted. 414The bar must decode i/o space. 415Setting the variable 416.Va comconsole_pcidev 417automatically sets the variable 418.Va comconsole_port 419to the base of the selected bar, and hint 420.Va hw.uart.console . 421Loader console is changed immediately after variable 422.Va comconsole_pcidev 423is set. 424.It Va console 425Defines the current console or consoles. 426Multiple consoles may be specified. 427In that case, the first listed console will become the default console for 428userland output (e.g.\& from 429.Xr init 8 ) . 430.It Va currdev 431Selects the default device to loader the kernel from. 432The syntax is: 433.Dl Ic loader_device: 434or 435.Dl Ic zfs:dataset: 436Examples: 437.Dl Ic disk0p2: 438.Dl Ic zfs:zroot/ROOT/default: 439.It Va dumpdev 440Sets the device for kernel dumps. 441This can be used to ensure that a device is configured before the corresponding 442.Va dumpdev 443directive from 444.Xr rc.conf 5 445has been processed, allowing kernel panics that happen during the early stages 446of boot to be captured. 447.It Va init_chroot 448See 449.Xr init 8 . 450.It Va init_exec 451See 452.Xr init 8 . 453.It Va init_path 454Sets the list of binaries which the kernel will try to run as the initial 455process. 456The first matching binary is used. 457The default list is 458.Dq Li /sbin/init:/sbin/oinit:/sbin/init.bak:\:/rescue/init . 459.It Va init_script 460See 461.Xr init 8 . 462.It Va init_shell 463See 464.Xr init 8 . 465.It Va interpret 466Has the value 467.Dq Li OK 468if the Forth's current state is interpreting. 469.It Va LINES 470Define the number of lines on the screen, to be used by the pager. 471.It Va module_path 472Sets the list of directories which will be searched for modules 473named in a load command or implicitly required by a dependency. 474The default value for this variable is 475.Dq Li /boot/kernel;/boot/modules . 476.It Va num_ide_disks 477Sets the number of IDE disks as a workaround for some problems in 478finding the root disk at boot. 479This has been deprecated in favor of 480.Va root_disk_unit . 481.It Va prompt 482Value of 483.Nm Ns 's 484prompt. 485Defaults to 486.Dq Li "${interpret}" . 487If variable 488.Va prompt 489is unset, the default prompt is 490.Ql > . 491.It Va root_disk_unit 492If the code which detects the disk unit number for the root disk is 493confused, e.g.\& by a mix of SCSI and IDE disks, or IDE disks with 494gaps in the sequence (e.g.\& no primary slave), the unit number can 495be forced by setting this variable. 496.It Va rootdev 497By default the value of 498.Va currdev 499is used to set the root file system 500when the kernel is booted. 501This can be overridden by setting 502.Va rootdev 503explicitly. 504.El 505.Pp 506Other variables are used to override kernel tunable parameters. 507The following tunables are available: 508.Bl -tag -width Va 509.It Va efi.rt.disabled 510Disable UEFI runtime services in the kernel, if applicable. 511Runtime services are only available and used if the kernel is booted in a UEFI 512environment. 513.It Va hw.physmem 514Limit the amount of physical memory the system will use. 515By default the size is in bytes, but the 516.Cm k , K , m , M , g 517and 518.Cm G 519suffixes 520are also accepted and indicate kilobytes, megabytes and gigabytes 521respectively. 522An invalid suffix will result in the variable being ignored by the 523kernel. 524.It Va hw.pci.host_start_mem , hw.acpi.host_start_mem 525When not otherwise constrained, this limits the memory start 526address. 527The default is 0x80000000 and should be set to at least size of the 528memory and not conflict with other resources. 529Typically, only systems without PCI bridges need to set this variable 530since PCI bridges typically constrain the memory starting address 531(and the variable is only used when bridges do not constrain this 532address). 533.It Va hw.pci.enable_io_modes 534Enable PCI resources which are left off by some BIOSes or are not 535enabled correctly by the device driver. 536Tunable value set to ON (1) by default, but this may cause problems 537with some peripherals. 538.It Va kern.maxusers 539Set the size of a number of statically allocated system tables; see 540.Xr tuning 7 541for a description of how to select an appropriate value for this 542tunable. 543When set, this tunable replaces the value declared in the kernel 544compile-time configuration file. 545.It Va kern.ipc.nmbclusters 546Set the number of mbuf clusters to be allocated. 547The value cannot be set below the default 548determined when the kernel was compiled. 549.It Va kern.ipc.nsfbufs 550Set the number of 551.Xr sendfile 2 552buffers to be allocated. 553Overrides 554.Dv NSFBUFS . 555Not all architectures use such buffers; see 556.Xr sendfile 2 557for details. 558.It Va kern.maxswzone 559Limits the amount of KVM to be used to hold swap 560metadata, which directly governs the 561maximum amount of swap the system can support, 562at the rate of approximately 200 MB of swap space 563per 1 MB of metadata. 564This value is specified in bytes of KVA space. 565If no value is provided, the system allocates 566enough memory to handle an amount of swap 567that corresponds to eight times the amount of 568physical memory present in the system. 569.Pp 570Note that swap metadata can be fragmented, 571which means that the system can run out of 572space before it reaches the theoretical limit. 573Therefore, care should be taken to not configure 574more swap than approximately half of the 575theoretical maximum. 576.Pp 577Running out of space for swap metadata can leave 578the system in an unrecoverable state. 579Therefore, you should only change 580this parameter if you need to greatly extend the 581KVM reservation for other resources such as the 582buffer cache or 583.Va kern.ipc.nmbclusters . 584Modifies kernel option 585.Dv VM_SWZONE_SIZE_MAX . 586.It Va kern.maxbcache 587Limits the amount of KVM reserved for use by the 588buffer cache, specified in bytes. 589The default maximum is 200MB on i386, 590and 400MB on amd64. 591This parameter is used to 592prevent the buffer cache from eating too much 593KVM in large-memory machine configurations. 594Only mess around with this parameter if you need to 595greatly extend the KVM reservation for other resources 596such as the swap zone or 597.Va kern.ipc.nmbclusters . 598Note that 599the NBUF parameter will override this limit. 600Modifies 601.Dv VM_BCACHE_SIZE_MAX . 602.It Va kern.msgbufsize 603Sets the size of the kernel message buffer. 604The default limit of 96KB is usually sufficient unless 605large amounts of trace data need to be collected 606between opportunities to examine the buffer or 607dump it to a file. 608Overrides kernel option 609.Dv MSGBUF_SIZE . 610.It Va machdep.disable_mtrrs 611Disable the use of i686 MTRRs (x86 only). 612.It Va net.inet.tcp.tcbhashsize 613Overrides the compile-time set value of 614.Dv TCBHASHSIZE 615or the preset default of 512. 616Must be a power of 2. 617.It Va twiddle_divisor 618Throttles the output of the 619.Sq twiddle 620I/O progress indicator displayed while loading the kernel and modules. 621This is useful on slow serial consoles where the time spent waiting for 622these characters to be written can add up to many seconds. 623The default is 16; a value of 32 spins half as fast, 624while a value of 8 spins twice as fast. 625.It Va vm.kmem_size 626Sets the size of kernel memory (bytes). 627This overrides the value determined when the kernel was compiled. 628Modifies 629.Dv VM_KMEM_SIZE . 630.It Va vm.kmem_size_min 631.It Va vm.kmem_size_max 632Sets the minimum and maximum (respectively) amount of kernel memory 633that will be automatically allocated by the kernel. 634These override the values determined when the kernel was compiled. 635Modifies 636.Dv VM_KMEM_SIZE_MIN 637and 638.Dv VM_KMEM_SIZE_MAX . 639.El 640.Ss ZFS FEATURES 641.Nm 642supports the following format for specifying ZFS filesystems which 643can be used wherever 644.Xr loader 8 645refers to a device specification: 646.Pp 647.Ar zfs:pool/filesystem: 648.Pp 649where 650.Pa pool/filesystem 651is a ZFS filesystem name as described in 652.Xr zfs 8 . 653.Pp 654If 655.Pa /etc/fstab 656does not have an entry for the root filesystem and 657.Va vfs.root.mountfrom 658is not set, but 659.Va currdev 660refers to a ZFS filesystem, then 661.Nm 662will instruct kernel to use that filesystem as the root filesystem. 663.Sh SECURITY 664Access to the 665.Nm 666command line provides several ways of compromising system security, 667including, but not limited to: 668.Pp 669.Bl -bullet 670.It 671Booting from removable storage. 672.Pp 673One can prevent unauthorized access 674to the 675.Nm 676command line by booting unconditionally in 677.Pa loader.rc . 678In order for this to be effective, one should also configure the firmware 679(BIOS or UEFI) to prevent booting from unauthorized devices. 680.El 681.Sh FILES 682.Bl -tag -width /boot/loader_simp -compact 683.It Pa /boot/loader_simp 684.Nm 685itself. 686.It Pa /boot/loader.rc 687The script run by 688.Nm 689on startup. 690.El 691.Sh EXAMPLES 692Boot in single user mode: 693.Pp 694.Dl boot -s 695.Pp 696Load the kernel, a splash screen, and then autoboot in five seconds. 697Notice that a kernel must be loaded before any other 698.Ic load 699command is attempted. 700.Bd -literal -offset indent 701load kernel 702load splash_bmp 703load -t splash_image_data /boot/chuckrulez.bmp 704autoboot 5 705.Ed 706.Pp 707Set the disk unit of the root device to 2, and then boot. 708This would be needed in a system with two IDE disks, 709with the second IDE disk hardwired to ada2 instead of ada1. 710.Bd -literal -offset indent 711set root_disk_unit=2 712boot /boot/kernel/kernel 713.Ed 714.Pp 715Set the default device used for loading a kernel from a ZFS filesystem: 716.Bd -literal -offset indent 717set currdev=zfs:tank/ROOT/knowngood: 718.Ed 719.Pp 720.Sh ERRORS 721The following values are thrown by 722.Nm : 723.Bl -tag -width XXXXX -offset indent 724.It 100 725Any type of error in the processing of a builtin. 726.It -1 727.Ic Abort 728executed. 729.It -2 730.Ic Abort" 731executed. 732.It -56 733.Ic Quit 734executed. 735.It -256 736Out of interpreting text. 737.It -257 738Need more text to succeed -- will finish on next run. 739.It -258 740.Ic Bye 741executed. 742.It -259 743Unspecified error. 744.El 745.Sh SEE ALSO 746.Xr libsa 3 , 747.Xr loader.conf 5 , 748.Xr tuning 7 , 749.Xr boot 8 , 750.Xr btxld 8 751.Sh HISTORY 752The 753.Nm 754first appeared in 755.Fx 3.1 . 756.Sh AUTHORS 757.An -nosplit 758The 759.Nm 760was written by 761.An Michael Smith Aq Mt msmith@FreeBSD.org . 762
