Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5
-
I wasnt sure if i should post this in the original thread since it was an older thread. I have an old Watchguard XTM 5 (NC2AE8) that im just using for a test environment box. Id really like to be able to quickly flash different OS to it via USB. It looks like the issue was solved a long time ago but no matter how many times i read through the old thread I cant figure out how to flash the BIOS. Ive tried on both pfsense and using ubuntu since it also has flashrom. i get the same message on both. Ive followed the flashrom commands and made sure to follow them step by step. Im really not sure if its a difference in hardware, or because im using newer OS than the users did previously or what. I tried really hard to figure this out for a week now. Any help would be greatly appreciated. I have the rom downloaded if its the right one for my hardware. Heres the steps i was following and the output i got.
To flash your BIOS, use the commands below one at a time from console-
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal[2.7.2-RELEASE][admin@pfSense.home.arpa]/root: flashrom -w xtm5_83.rom --programmer internal
flashrom v1.3.0 on FreeBSD 14.0-CURRENT (amd64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 4, resolution: 1ns).
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... register_spi_master called with incomplete master definition. Please report a bug at flashrom@flashrom.org
OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically. -
@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
Watchguard XTM 5 Series
Disclaimer: I don't own the device, I just read through the first 200 post of the original thread and the flashrom man page (haven't used it for quite some time).
In https://forum.netgate.com/post/392330 stephenw10 runs
flashrom -V
and in that output there's a line:... Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000. ...
Is the flash chip also recognised if you run that command? If not then maybe something board specific is necessary. FreeBSD flashrom man page mentiones
flashrom -L
to see all supported motherboards, etc.And I think it's saver for the first step after
flashrom -V
to try and read out the flash.
Runflashrom -p internal -r xtm5_bios.raw
(call the file whatever you want), if the flash chip was recognised. -
@patient0 thank you for the reply. I did try running flashrom -p internal just to see if it found the device and it returns the same error. I am also wondering if maybe my specific board might be slightly different that the ones mentioned in the thread. I will try the flashrom -L command first thing tomorrow as I can't remember if I tried that yet. I know that the thread is quite old now so I'm wondering if maybe a specific version of flashrom needs to be used to communicate with the boards architecture.
-
@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
maybe my specific board might be slightly different that the ones mentioned in the thread
That's be a possibility of course but on the other hand I would expect that the BIO chip on such an old device is supported by flashrom.
Maybe you can have a look at the board and see if you can find the SPI chip.
-
This post is deleted! -
Hmm, interesting. I also see that in 2.8:
[2.8.0-BETA][admin@xtm5.stevew.lan]/root: flashrom -p internal flashrom v1.3.0 on FreeBSD 15.0-CURRENT (amd64) flashrom is free software, get the source code at https://flashrom.org Using clock_gettime for delay loops (clk_id: 4, resolution: 1ns). Found chipset "Intel ICH7/ICH7R". Enabling flash write... register_spi_master called with incomplete master definition. Please report a bug at flashrom@flashrom.org OK. No EEPROM/flash device found. Note: flashrom can never write if the flash chip isn't found automatically.
It looks like maybe the new flashrom version no longer finds it for some reason....
Looks like it errors out on the SPI and never does any SPI probes....
Edit: Actually looks like this might have been fixed shortly after the 1.3.0 release but the FreeBSD pkg is old...
-
@stephenw10 thanks for the reply! I was hoping to hear from you. I'm going to try to find some older builds to check with later in the week when I have some time to check. Hopefully if I find the right combo of os and flashrom to play nice with the hardware I'll be able to get it to work. Your comments in the old thread are a gold mine.
-
Yeah, I think I've forgotten much of it!
Reading back through it does look like some people were hitting this error even on older flashrom versions. Which does make me wonder if maybe something is setting the SPI bus..
But, yes, try an older version first.
-
@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
I wasnt sure if i should post this in the original thread since it was an older thread. I have an old Watchguard XTM 5 (NC2AE8) that im just using for a test environment box. Id really like to be able to quickly flash different OS to it via USB. It looks like the issue was solved a long time ago but no matter how many times i read through the old thread I cant figure out how to flash the BIOS. Ive tried on both pfsense and using ubuntu since it also has flashrom. i get the same message on both. Ive followed the flashrom commands and made sure to follow them step by step. Im really not sure if its a difference in hardware, or because im using newer OS than the users did previously or what. I tried really hard to figure this out for a week now. Any help would be greatly appreciated. I have the rom downloaded if its the right one for my hardware. Heres the steps i was following and the output i got.
To flash your BIOS, use the commands below one at a time from console-
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal[2.7.2-RELEASE][admin@pfSense.home.arpa]/root: flashrom -w xtm5_83.rom --programmer internal
flashrom v1.3.0 on FreeBSD 14.0-CURRENT (amd64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 4, resolution: 1ns).
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... register_spi_master called with incomplete master definition. Please report a bug at flashrom@flashrom.org
OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.Thats not going to work on Watchguard. You must use AMI firmware update utility (afudos.exe) to read or update bios chip.
Download freedos image and burn it to a USB flash drive along with bios binary file and AMI bios flash tool. Boot the machne from that flash drive and perform the update.
-
@nimrod I can give it a try. Do you think it will work for the modded bios from the thread I referenced? As far as I can tell all the stock bios options lock out booting from the USB when another disk is present. I based those instructions off of people who were able to flash the modded ROM successfully at the time.
-
@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
@nimrod I can give it a try. Do you think it will work for the modded bios from the thread I referenced? As far as I can tell all the stock bios options lock out booting from the USB when another disk is present. I based those instructions off of people who were able to flash the modded ROM successfully at the time.
Your device is using AMI bios. And these tools are oficial AMI flash tools. Flashrom is good, but its very limited. On some devices like new motherboards it doesnt work at all. Cant read, cant write.
There is a command line switch that you can use and flash whatever you want. As long as the binary file is correct for the device you are using. As for the bios, you can always disconnect main drive. You dont need it for bios flashing anyway.
-
Why do you think that will not work? It worked for me and many other users. The XTM5 does not have a UEFI BIOS.
-
@stephenw10 said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
Why do you think that will not work? It worked for me and many other users. The XTM5 does not have a UEFI BIOS.
Dont get me wrong. It worked for me too. If you remember from other thread, i have Protectli device. Protectli coreboot implementation is flashed with their tool called flashli. This tool is a python script which is using flashrom under the hood.
However, on some motherboards flashrom just hangs even if it properly detects the chip. But official ami bios flash tool is able to read/write without any problems. Whether its legacy bios or uefi doesnt matter at all in this case.
Asus, Gigabyte and MSI go one step even further. Their chips are vendor locked and there is no software tool that can read them.
-
im back at this again. sofar today ive tried scripting the rom backup using a ms-dos and a freedos boot disk. that didnt work. i also tried just scripting a simple txt file to be made at boot in each version of dos. this didnt do anything either. its not the easiest to do this without a video out on the machine. dos doesnt play nice with serial console over usb. so without knowing exactly where the process is failing using this method, im currently back to the drawing board. looking for some fresh ideas if anyone has any.
-
@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
im back at this again. sofar today ive tried scripting the rom backup using a ms-dos and a freedos boot disk. that didnt work. i also tried just scripting a simple txt file to be made at boot in each version of dos. this didnt do anything either. its not the easiest to do this without a video out on the machine. dos doesnt play nice with serial console over usb. so without knowing exactly where the process is failing using this method, im currently back to the drawing board. looking for some fresh ideas if anyone has any.
Dos is using batch scripting. Make sure you redirect output into the file. Example without any parameters.
afudos.exe bios.bin > report.txt
Just make sure you are executing this command from the directory on a flash drive or from the root of your flash drive. Repeat the whole process again, and then remove the flash an check report.txt to see why it failed.
-
@angelicadvocate I did compile the latest version 1.5.1 on a FreeBSD box. And copied it over to a 2.7.2, with two dependencies (which are available on FreeBSD 14).
flashrom -L
andflashrom -V
did work, I didn't test more.
You would need to installlibconfuse
andlibftdi1
Thinking about it, it may not be a good idea to write the BIOS with an untested software build.
But boot up an Live Linux distro which got a more recent version included may work.If you are crazy/trusting enough I can put the PKG file on my server for you to grab.
Or even better I can give you the ports files/diff and you can compile it yourself. -
@patient0 the issue seems to be that the newer versions of flashrom just dont support this board. i have tried with the latest version on several different OSes at this point. the last person i was able to find in the old thread that listed the version of everything they used was using flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p19 (amd64). pfsense 2.3.4 is based on freebsd 10.3 (i think) so im going to try it from there. i have located an iso and img of 2.3.4 and a copy of flashrom 0.9.9 so fingers crossed i can figure this out. it looks like there were some compatibility issues introduced with some hardware after flashrom version 1.x at least thats what im seeing everywhere i look. the biggest problem for now trying this is that the images i have for 2.3.4 arent the serial version. im trying to track down all the changes to redirect to serial to apply them manually but this is time consuming when you have to juggle back and fouth between two machines to get a display. if anyone has a direct download for the serial version of 2.3.4 that would be awesome.
@nimrod i couldnt get it to work. not saying it cant but this machine wont even generate a text with a simple script like "echo test > text.txt" since i dont have a way to hook up a monitor to see whats going on and i couldnt get dos to play nice with serial console im not even sure what i would try.
-
First thing I would try is just install 2.6 to get flashrom 1.2 since that was previously shown to work.
-
@stephenw10 i will try it thank you
-
@stephenw10 this might be a dumb question but is "pkg" broken in 2.6.0? if i try to use it for anything it tries to update to pkg 1.19.1_2 which isnt compatible with 2.6.0. im betting theres a flag to set to stop it from upgrading pkg before installing but i couldnt figure it out. for example if i run "pkg install flashrom" it will prompt to update pkg. if i type "n" then it cancels the install, if i click "y" then it updates to an incompatible version and then pkg is broken. i reinstalled 2.6.0 in case i just had a bad install but i saw the same behavior.
probably should have added this for context. after it updates pkg no matter what pkg command i run i get this:
[2.6.0-RELEASE][admin@pfSense.home.arpa]/root: pkg
ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by /usr/local/sbin/pkg not found