diff --git a/release/tools/basic-cloudinit.conf b/release/tools/basic-cloudinit.conf
index f8554c42f49c..98e11f0bb08b 100644
--- a/release/tools/basic-cloudinit.conf
+++ b/release/tools/basic-cloudinit.conf
@@ -1,38 +1,39 @@
 #!/bin/sh
 
 # Should be enough for base image, image can be resized in needed
 export VMSIZE=5g
 
 # 1M config drive should be enough in most cases
 export CONFIG_DRIVE=YES
 export CONFIG_DRIVE_SIZE=1M
 
 # Packages to install into the image we're creating.
 # * firstboot-freebsd-update, to install security updates at first boot.
 export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update"
 
 # Set to a list of third-party software to enable in rc.conf(5).
 export VM_RC_LIST="${VM_RC_LIST} firstboot_freebsd_update growfs sshd nuageinit"
 
 vm_extra_pre_umount() {
 	cat << EOF >> ${DESTDIR}/etc/rc.conf
 dumpdev="AUTO"
 ifconfig_DEFAULT="SYNCDHCP accept_rtadv"
 # RSA host keys are obsolete and also very slow to generate
 sshd_rsa_enable="NO"
 EOF
 
 	cat << EOF >> ${DESTDIR}/boot/loader.conf
 autoboot_delay="-1"
 beastie_disable="YES"
 loader_logo="none"
 console="comconsole,vidconsole"
 EOF
+	metalog_add_data ./boot/loader.conf
 
 	cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
 PasswordAuthentication yes
 UsePAM no
 EOF
 
 	return 0
 }
diff --git a/release/tools/gce.conf b/release/tools/gce.conf
index 2fa23f6e54f4..78511dbc66c9 100644
--- a/release/tools/gce.conf
+++ b/release/tools/gce.conf
@@ -1,127 +1,128 @@
 #!/bin/sh
 #
 #
 
 # The default of 3GB is too small for GCE, so override the size here.
 export VMSIZE=20g
 
 # Set to a list of packages to install.
 export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update \
 	firstboot-pkgs google-cloud-sdk panicmail sudo \
 	sysutils/py-google-compute-engine lang/python \
 	lang/python3"
 
 # Set to a list of third-party software to enable in rc.conf(5).
 export VM_RC_LIST="ntpd sshd growfs \
 	firstboot_pkgs firstboot_freebsd_update google_startup \
 	google_accounts_daemon google_clock_skew_daemon \
 	google_instance_setup google_network_daemon"
 
 vm_extra_install_base() {
 	echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf
 	echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf
 	echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf
 	metalog_add_data ./etc/resolv.conf
 }
 
 vm_extra_pre_umount() {
 	local DEVFSISOURS
 
 	# Enable growfs on every boot, not only the first, as as instance's disk can
 	# be enlarged post-creation
 	sed -i -e '/KEYWORD: firstboot/d' /etc/rc.d/growfs
 
 	cat << EOF >> ${DESTDIR}/etc/rc.conf
 dumpdev="AUTO"
 ifconfig_DEFAULT="SYNCDHCP mtu 1460"
 ntpd_sync_on_start="YES"
 # need to fill in something here
 #firstboot_pkgs_list=""
 panicmail_autosubmit="YES"
 EOF
 
 	cat << EOF >> ${DESTDIR}/boot/loader.conf
 autoboot_delay="-1"
 beastie_disable="YES"
 loader_logo="none"
 hw.memtest.tests="0"
 console="comconsole,vidconsole"
 hw.vtnet.mq_disable=1
 kern.timecounter.hardware=ACPI-safe
 aesni_load="YES"
 nvme_load="YES"
 EOF
+	metalog_add_data ./boot/loader.conf
 
 	echo '169.254.169.254 metadata.google.internal metadata' >> \
 		${DESTDIR}/etc/hosts
 
         # overwrite ntp.conf
 	cat << EOF > ${DESTDIR}/etc/ntp.conf
 server metadata.google.internal iburst
 
 restrict default kod nomodify notrap nopeer noquery
 restrict -6 default kod nomodify notrap nopeer noquery
 
 restrict 127.0.0.1
 restrict -6 ::1
 restrict 127.127.1.0
 EOF
 
 	cat << EOF >> ${DESTDIR}/etc/syslog.conf
 *.err;kern.warning;auth.notice;mail.crit                /dev/console
 EOF
 
 	cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
 KbdInteractiveAuthentication no
 X11Forwarding no
 AcceptEnv LANG
 AllowAgentForwarding no
 ClientAliveInterval 420
 EOF
 
 	cat << EOF >> ${DESTDIR}/etc/crontab
 0       3       *       *       *       root    /usr/sbin/freebsd-update cron
 EOF
 
 	cat << EOF >> ${DESTDIR}/etc/sysctl.conf
 net.inet.icmp.drop_redirect=1
 net.inet.ip.redirect=0
 kern.ipc.soacceptqueue=1024
 debug.trace_on_panic=1
 debug.debugger_on_panic=0
 EOF
 
 	# To meet GCE marketplace requirements, extract the src.txz and
 	# ports.txz distributions to the target virtual machine disk image
 	# and fetch the sources for the third-party software installed on
 	# the image.
 	if [ -e "${DESTDIR}/../ftp/src.txz" ]; then
 		tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR}
 	fi
 	if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then
 		tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR}
 		_INSTALLED_PACKAGES=$(pkg -r ${DESTDIR} info -o -q -a | grep -v ^base/)
 		for PACKAGE in ${_INSTALLED_PACKAGES}; do
 			make -C ${DESTDIR}/usr/ports/${PACKAGE} fetch \
 			    DISTDIR=${DESTDIR}/usr/ports/distfiles \
 			    DISABLE_VULNERABILITIES=YES \
 			    I_DONT_CARE_IF_MY_BUILDS_TARGET_THE_WRONG_RELEASE=YES
 		done
 	fi
 
 	## XXX: Verify this is needed.  I do not see this requirement
 	## in the docs, and it impairs the ability to boot-test a copy
 	## of the image prior to packaging for upload to GCE.
 	#sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys
 
 	return 0
 }
 
 # Do everything except deleting resolv.conf since we construct our own
 # Googlized resolv.conf file in vm_extra_install_base.
 vm_emulation_cleanup() {
 	if [ -n "${QEMUSTATIC}" ]; then
 		rm -f ${DESTDIR}/${EMULATOR}
 	fi
 	return 0
 }