Sounds a lot like the A/B update method used widely in Android and to a lesser extend for embedded GNU/Linux OTA updates. But it uses two distinct boot partitions. Since ZFS is involved here, I assume that boot environments take advantage of its copy-on-write mechanism to avoid duplicating the entire boot dataset.

NixOS and Guix use a concept called 'system generations' to do the same without the support of the filesystem. LibOSTree can do the same and is called 'atomic rollback'.

Talking about NixOS, does anybody know of a similar concept in the BSD world (preferably FreeBSD)?

Yes, using ZFS's snapshot and clone mechanisms.

A snapshot is a low-cost read-only view of a filesystem at a point in time; a clone is a writeable filesystem with initial contents shared from a snapshot.

It's an amazing safety net, though it requires understanding and sysadmin discipline to use well -- starting with keeping user/application data separated from the filesystems managed as part of the BE. ZFS makes this easy (a pool can contain many separate filesystems) but you have to do it.

One gotcha is that if you run an update that creates and activates a new BE but don't reboot right away, changes made to the BE-managed part of the running system after the snapshot creation will be "lost" (stranded in the old BE) when you reboot to the new BE.

> Talking about NixOS, does anybody know of a similar concept in the BSD world (preferably FreeBSD)?

Well, there's https://github.com/nixos-bsd/nixbsd :)

Best feature of freebsd. I have really messed up the system and successfully restored a boot environment snapshot and everything is fine after.

It happens by default with freebsd-update (I hope the new pkg replacement still does it too)

Boot environments are awesome but it’s worth reading up on what is _not_ included in the snapshot. It’s really only the ”base system” and a rollback will keep whatever is in /var, /home and many other directories, so it’s good to know what to expect.

I use ZFSBootMenu with Linux and in that setup, the entire root dataset is in the snapshot, so it’s a ”complete” restore.

I would add these to the list:

- https://is.gd/BECTL

- https://vermaden.wordpress.com/2025/11/25/zfs-boot-environme...

Boot environments saved my ass many a time in the last few years. One of my favorite features!

oh, i didnt knew the concept is taken from Solaris, which version of Solaris? and is there any official source that indicates it is from Solaris?

> bectl and this manual page were derived from beadm(8).

* https://man.freebsd.org/cgi/man.cgi?query=bectl#end

> beadm(1M) originally appeared in Solaris.

* https://man.freebsd.org/cgi/man.cgi?query=beadm#end

Solaris Live Upgrade BEs worked with (mirrored) UFS root:

* https://docs.oracle.com/cd/E18752_01/html/821-1910/chapter-5...

* https://www.filibeto.org/sun/lib/solaris8-docs/_solaris8_2_0...

It allowed/s for migration from UFS to ZFS root:

* https://docs.oracle.com/cd/E23823_01/html/E23801/ggavn.html

The original idea of boot environments in Solaris came from Live Upgrade, which worked at least as far back as Solaris 8. Live upgrade was not part of Solaris, rather it was an addon that came from the services or enterprise support parts of Sun.

Solaris 11 made boot environments a mandatory part of the OS, which was an obvious choice with the transition from UFS to ZFS for the root fs. This came into Solaris development a bit before Solaris 11, so it was present in OpenSolaris and lives on in many forms of illumos.