Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5

    Scheduled Pinned Locked Moved Hardware
    28 Posts 4 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      angelicadvocate
      last edited by

      Re: Watchguard XTM 5 Series

      I wasnt sure if i should post this in the original thread since it was an older thread. I have an old Watchguard XTM 5 (NC2AE8) that im just using for a test environment box. Id really like to be able to quickly flash different OS to it via USB. It looks like the issue was solved a long time ago but no matter how many times i read through the old thread I cant figure out how to flash the BIOS. Ive tried on both pfsense and using ubuntu since it also has flashrom. i get the same message on both. Ive followed the flashrom commands and made sure to follow them step by step. Im really not sure if its a difference in hardware, or because im using newer OS than the users did previously or what. I tried really hard to figure this out for a week now. Any help would be greatly appreciated. I have the rom downloaded if its the right one for my hardware. Heres the steps i was following and the output i got.

      To flash your BIOS, use the commands below one at a time from console-
      pkg
      pkg install flashrom
      rehash
      cd tmp
      fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
      md5 xtm5_83.rom
      flashrom -w xtm5_83.rom –programmer internal

      [2.7.2-RELEASE][admin@pfSense.home.arpa]/root: flashrom -w xtm5_83.rom --programmer internal
      flashrom v1.3.0 on FreeBSD 14.0-CURRENT (amd64)
      flashrom is free software, get the source code at https://flashrom.org
      Using clock_gettime for delay loops (clk_id: 4, resolution: 1ns).
      Found chipset "Intel ICH7/ICH7R".
      Enabling flash write... register_spi_master called with incomplete master definition. Please report a bug at flashrom@flashrom.org
      OK.
      No EEPROM/flash device found.
      Note: flashrom can never write if the flash chip isn't found automatically.

      patient0P N 2 Replies Last reply Reply Quote 0
      • patient0P
        patient0 @angelicadvocate
        last edited by patient0

        @angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:

        Watchguard XTM 5 Series

        Disclaimer: I don't own the device, I just read through the first 200 post of the original thread and the flashrom man page (haven't used it for quite some time).

        In https://forum.netgate.com/post/392330 stephenw10 runs flashrom -V and in that output there's a line:

        ...
        Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000.
        ...
        

        Is the flash chip also recognised if you run that command? If not then maybe something board specific is necessary. FreeBSD flashrom man page mentiones flashrom -L to see all supported motherboards, etc.

        And I think it's saver for the first step after flashrom -V to try and read out the flash.
        Run flashrom -p internal -r xtm5_bios.raw (call the file whatever you want), if the flash chip was recognised.

        A 1 Reply Last reply Reply Quote 0
        • A
          angelicadvocate @patient0
          last edited by

          @patient0 thank you for the reply. I did try running flashrom -p internal just to see if it found the device and it returns the same error. I am also wondering if maybe my specific board might be slightly different that the ones mentioned in the thread. I will try the flashrom -L command first thing tomorrow as I can't remember if I tried that yet. I know that the thread is quite old now so I'm wondering if maybe a specific version of flashrom needs to be used to communicate with the boards architecture.

          patient0P 1 Reply Last reply Reply Quote 0
          • patient0P
            patient0 @angelicadvocate
            last edited by

            @angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:

            maybe my specific board might be slightly different that the ones mentioned in the thread

            That's be a possibility of course but on the other hand I would expect that the BIO chip on such an old device is supported by flashrom.

            Maybe you can have a look at the board and see if you can find the SPI chip.

            1 Reply Last reply Reply Quote 0
            • patient0P
              patient0
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by stephenw10

                Hmm, interesting. I also see that in 2.8:

                [2.8.0-BETA][admin@xtm5.stevew.lan]/root: flashrom -p internal
                flashrom v1.3.0 on FreeBSD 15.0-CURRENT (amd64)
                flashrom is free software, get the source code at https://flashrom.org
                
                Using clock_gettime for delay loops (clk_id: 4, resolution: 1ns).
                Found chipset "Intel ICH7/ICH7R".
                Enabling flash write... register_spi_master called with incomplete master definition. Please report a bug at flashrom@flashrom.org
                OK.
                No EEPROM/flash device found.
                Note: flashrom can never write if the flash chip isn't found automatically.
                

                It looks like maybe the new flashrom version no longer finds it for some reason....

                Looks like it errors out on the SPI and never does any SPI probes....

                Edit: Actually looks like this might have been fixed shortly after the 1.3.0 release but the FreeBSD pkg is old...

                A 1 Reply Last reply Reply Quote 0
                • A
                  angelicadvocate @stephenw10
                  last edited by

                  @stephenw10 thanks for the reply! I was hoping to hear from you. I'm going to try to find some older builds to check with later in the week when I have some time to check. Hopefully if I find the right combo of os and flashrom to play nice with the hardware I'll be able to get it to work. Your comments in the old thread are a gold mine.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Yeah, I think I've forgotten much of it! 😉 Reading back through it does look like some people were hitting this error even on older flashrom versions. Which does make me wonder if maybe something is setting the SPI bus.. 🤔

                    But, yes, try an older version first.

                    1 Reply Last reply Reply Quote 0
                    • N
                      nimrod @angelicadvocate
                      last edited by

                      @angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:

                      Re: Watchguard XTM 5 Series

                      I wasnt sure if i should post this in the original thread since it was an older thread. I have an old Watchguard XTM 5 (NC2AE8) that im just using for a test environment box. Id really like to be able to quickly flash different OS to it via USB. It looks like the issue was solved a long time ago but no matter how many times i read through the old thread I cant figure out how to flash the BIOS. Ive tried on both pfsense and using ubuntu since it also has flashrom. i get the same message on both. Ive followed the flashrom commands and made sure to follow them step by step. Im really not sure if its a difference in hardware, or because im using newer OS than the users did previously or what. I tried really hard to figure this out for a week now. Any help would be greatly appreciated. I have the rom downloaded if its the right one for my hardware. Heres the steps i was following and the output i got.

                      To flash your BIOS, use the commands below one at a time from console-
                      pkg
                      pkg install flashrom
                      rehash
                      cd tmp
                      fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
                      md5 xtm5_83.rom
                      flashrom -w xtm5_83.rom –programmer internal

                      [2.7.2-RELEASE][admin@pfSense.home.arpa]/root: flashrom -w xtm5_83.rom --programmer internal
                      flashrom v1.3.0 on FreeBSD 14.0-CURRENT (amd64)
                      flashrom is free software, get the source code at https://flashrom.org
                      Using clock_gettime for delay loops (clk_id: 4, resolution: 1ns).
                      Found chipset "Intel ICH7/ICH7R".
                      Enabling flash write... register_spi_master called with incomplete master definition. Please report a bug at flashrom@flashrom.org
                      OK.
                      No EEPROM/flash device found.
                      Note: flashrom can never write if the flash chip isn't found automatically.

                      Thats not going to work on Watchguard. You must use AMI firmware update utility (afudos.exe) to read or update bios chip.

                      Download freedos image and burn it to a USB flash drive along with bios binary file and AMI bios flash tool. Boot the machne from that flash drive and perform the update.

                      A 1 Reply Last reply Reply Quote 0
                      • A
                        angelicadvocate @nimrod
                        last edited by

                        @nimrod I can give it a try. Do you think it will work for the modded bios from the thread I referenced? As far as I can tell all the stock bios options lock out booting from the USB when another disk is present. I based those instructions off of people who were able to flash the modded ROM successfully at the time.

                        N 1 Reply Last reply Reply Quote 0
                        • N
                          nimrod @angelicadvocate
                          last edited by

                          @angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:

                          @nimrod I can give it a try. Do you think it will work for the modded bios from the thread I referenced? As far as I can tell all the stock bios options lock out booting from the USB when another disk is present. I based those instructions off of people who were able to flash the modded ROM successfully at the time.

                          Your device is using AMI bios. And these tools are oficial AMI flash tools. Flashrom is good, but its very limited. On some devices like new motherboards it doesnt work at all. Cant read, cant write.

                          There is a command line switch that you can use and flash whatever you want. As long as the binary file is correct for the device you are using. As for the bios, you can always disconnect main drive. You dont need it for bios flashing anyway.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by stephenw10

                            Why do you think that will not work? It worked for me and many other users. The XTM5 does not have a UEFI BIOS.

                            N 1 Reply Last reply Reply Quote 1
                            • N
                              nimrod @stephenw10
                              last edited by nimrod

                              @stephenw10 said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:

                              Why do you think that will not work? It worked for me and many other users. The XTM5 does not have a UEFI BIOS.

                              Dont get me wrong. It worked for me too. If you remember from other thread, i have Protectli device. Protectli coreboot implementation is flashed with their tool called flashli. This tool is a python script which is using flashrom under the hood.

                              However, on some motherboards flashrom just hangs even if it properly detects the chip. But official ami bios flash tool is able to read/write without any problems. Whether its legacy bios or uefi doesnt matter at all in this case.

                              Asus, Gigabyte and MSI go one step even further. Their chips are vendor locked and there is no software tool that can read them.

                              A 1 Reply Last reply Reply Quote 0
                              • A
                                angelicadvocate @nimrod
                                last edited by

                                im back at this again. sofar today ive tried scripting the rom backup using a ms-dos and a freedos boot disk. that didnt work. i also tried just scripting a simple txt file to be made at boot in each version of dos. this didnt do anything either. its not the easiest to do this without a video out on the machine. dos doesnt play nice with serial console over usb. so without knowing exactly where the process is failing using this method, im currently back to the drawing board. looking for some fresh ideas if anyone has any.

                                N patient0P 2 Replies Last reply Reply Quote 0
                                • N
                                  nimrod @angelicadvocate
                                  last edited by

                                  @angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:

                                  im back at this again. sofar today ive tried scripting the rom backup using a ms-dos and a freedos boot disk. that didnt work. i also tried just scripting a simple txt file to be made at boot in each version of dos. this didnt do anything either. its not the easiest to do this without a video out on the machine. dos doesnt play nice with serial console over usb. so without knowing exactly where the process is failing using this method, im currently back to the drawing board. looking for some fresh ideas if anyone has any.

                                  Dos is using batch scripting. Make sure you redirect output into the file. Example without any parameters.

                                  afudos.exe bios.bin > report.txt
                                  

                                  Just make sure you are executing this command from the directory on a flash drive or from the root of your flash drive. Repeat the whole process again, and then remove the flash an check report.txt to see why it failed.

                                  1 Reply Last reply Reply Quote 0
                                  • patient0P
                                    patient0 @angelicadvocate
                                    last edited by patient0

                                    @angelicadvocate I did compile the latest version 1.5.1 on a FreeBSD box. And copied it over to a 2.7.2, with two dependencies (which are available on FreeBSD 14). flashrom -L and flashrom -V did work, I didn't test more.
                                    You would need to install libconfuse and libftdi1

                                    Thinking about it, it may not be a good idea to write the BIOS with an untested software build.
                                    But boot up an Live Linux distro which got a more recent version included may work.

                                    If you are crazy/trusting enough I can put the PKG file on my server for you to grab.
                                    Or even better I can give you the ports files/diff and you can compile it yourself.

                                    A 1 Reply Last reply Reply Quote 0
                                    • A
                                      angelicadvocate @patient0
                                      last edited by angelicadvocate

                                      @patient0 the issue seems to be that the newer versions of flashrom just dont support this board. i have tried with the latest version on several different OSes at this point. the last person i was able to find in the old thread that listed the version of everything they used was using flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p19 (amd64). pfsense 2.3.4 is based on freebsd 10.3 (i think) so im going to try it from there. i have located an iso and img of 2.3.4 and a copy of flashrom 0.9.9 so fingers crossed i can figure this out. it looks like there were some compatibility issues introduced with some hardware after flashrom version 1.x at least thats what im seeing everywhere i look. the biggest problem for now trying this is that the images i have for 2.3.4 arent the serial version. im trying to track down all the changes to redirect to serial to apply them manually but this is time consuming when you have to juggle back and fouth between two machines to get a display. if anyone has a direct download for the serial version of 2.3.4 that would be awesome.

                                      @nimrod i couldnt get it to work. not saying it cant but this machine wont even generate a text with a simple script like "echo test > text.txt" since i dont have a way to hook up a monitor to see whats going on and i couldnt get dos to play nice with serial console im not even sure what i would try.

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        First thing I would try is just install 2.6 to get flashrom 1.2 since that was previously shown to work.

                                        A 2 Replies Last reply Reply Quote 0
                                        • A
                                          angelicadvocate @stephenw10
                                          last edited by

                                          @stephenw10 i will try it thank you

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            angelicadvocate @stephenw10
                                            last edited by angelicadvocate

                                            @stephenw10 this might be a dumb question but is "pkg" broken in 2.6.0? if i try to use it for anything it tries to update to pkg 1.19.1_2 which isnt compatible with 2.6.0. im betting theres a flag to set to stop it from upgrading pkg before installing but i couldnt figure it out. for example if i run "pkg install flashrom" it will prompt to update pkg. if i type "n" then it cancels the install, if i click "y" then it updates to an incompatible version and then pkg is broken. i reinstalled 2.6.0 in case i just had a bad install but i saw the same behavior.

                                            probably should have added this for context. after it updates pkg no matter what pkg command i run i get this:
                                            [2.6.0-RELEASE][admin@pfSense.home.arpa]/root: pkg
                                            ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by /usr/local/sbin/pkg not found

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.