Flash Wrap without removing CF card?

rneily · Dec 8, 2005, 8:33 PM

Since the update bundles have ceased to go from .94.x to 95.x, is there any way to flash a new Embedded image to the CF flash card while an older version of PfSense running?

I know you can apply updates to the command line, but can I download a full image to the running wrap and flash the CF card somehow?

I hate to keep opening the WRAP enclosure, removing the board and then removing the CF card to flash it…

sullrich · Dec 8, 2005, 8:47 PM

@rneily:

Since the update bundles have ceased to go from .94.x to 95.x, is there any way to flash a new Embedded image to the CF flash card while an older version of PfSense running?

I know you can apply updates to the command line, but can I download a full image to the running wrap and flash the CF card somehow?

I hate to keep opening the WRAP enclosure, removing the board and then removing the CF card to flash it…

Sorry, not at this time. Requires a normal flash which will require you to remove the flash card.

PITA, I know but that's how the cookie crumbles sometimes with Alpha software.

satu · Dec 8, 2005, 8:47 PM

Well, a friend of mine has made a rectangular hole behind the cf, so he can remove it easily :)

Sateetje · Jun 22, 2006, 9:22 PM

Does RC1 support this?

sullrich · Jun 22, 2006, 9:36 PM

No it doesn't. Sorry.

hoba · Jun 22, 2006, 9:55 PM

@satu:

Well, a friend of mine has made a rectangular hole behind the cf, so he can remove it easily :)

YES! RC1 supports a rectangular hole in the case. ;D

Eaterofpies · Jul 2, 2006, 4:57 PM

I havent tried the update from an old version of pfsense as I only got my wrap box yesterday.You can flash from a monowall to the latest version of pfsense (details below). I havent worked out how to flash from pfsense to monowall via the command prompt yet whenever I try to do a dd I get an error message saying operation not permitted :(

THIS WILL DESTROY YOUR CONFIG

Get an unofficial monowall image with a ssh server (http://www.xs4all.nl/~fredmol/m0n0/) and flash monowall (you may need to enable ssh i didnt take any notes)l

SSH into monowall username: root pass: whatever your web interface password is

Create an 80 meg ramdisk
/sbin/mount_mfs -s 168960 -T qp120at -b 8192 -f 1024 dummy /ftmp

Uncompress your pfsense image using gunzip or winrar
SCP your pfsense image to the ramdisk

I think you have to unmount something here possibly /cf but i cant remember sorry :(

Reflash your cf card
dd if=/ftmp/pfSense.img of=/dev/ad0 bs=16k

Reboot into pfsense
/sbin/reboot

Anyone know why dd dosent want to play? im using the latest embedded image and a wrap 1E. Im assuming its because somethings using it but i cant work out what.

sullrich · Jul 2, 2006, 7:11 PM

This will not work. pfSense doesn't boot from a ram disk(mfs) like m0n0wall.

You have to reflash.

Eaterofpies · Jul 2, 2006, 8:34 PM

Heh i found that out the hard way . . .

I nearly got it to boot monowall by remounting / as RW then copying the kernel and ram disk image out of the monowall image and reconfiguring the boot loader.

Only problem was that i forgot the config xml so it just shut down when it booted.

The plan was to then reinstall monowall over the top so it wasnt such a mess :D.

You could then reflash it using the latest version as described in my previous post

This could probably be made to work but its a lot more hassle than just pulling the CF card out.

Numbski · Jul 3, 2006, 2:37 PM

I'm just brainstorming here, so feel free to smack me down if you must….

Mount an external nfs share so we have access to the image we want to flash (I know, network flash bad bad bad)....

Become root, force root filesystem into rw. Begin dd.

The system will return, then hang, right? Upon reboot you should have a fresh pfSense install sans your config, however if you backed up your config.xml ahead of time, then you just need to set the lan IP, go in, and reload the config.

I have a couple of embedded systems back at the office I can try this on for grins. As the guys have said - UNSUPPORTED. :P If this works, I'm happy for you, but you still won't be able to do an unattended upgrade, you'll have to be present, it would only save you from having the rip the system open.

That said, if it did work, what I could say is prior to flashing, mount the flash image as an md volume, and copy your config file over first, THEN flash. Upon reboot it would be the closest to an inline upgrade one could hope for currently.

Numbski · Jul 7, 2006, 8:11 PM

Sadly, I still have not had a chance to give this a try, but I did have a second thought on the matter.

Most of my CF cards are either 128 or 512, yet the embedded image is only 64MB. The thought comes to mind that one could partition the card. ie, go ahead and flash as per normal, then run mkfs and create another partition that uses the remainder of the card's space. Edit /etc/fstab so that it gets mounted as additional space.

When you want to update, copy the file over to this new rw partition, and then follow the directions I have above. When the dd command returns you should fully expect the system to hang. Reboot and you should be all set.

pcatiprodotnet · Jul 11, 2006, 8:05 PM

I mount my WRAP.2C Motherboards upside down (outdoor case). Since I use only one mini-pci wireless, I have both CF and mini-pci slot on same side facing up. All too easy… other than making the custom tight-fit/right-angle Serial cable.
-pc

Eaterofpies · Jul 16, 2006, 9:28 PM

what would really be ideal is something similar to monitor mode on cisco kit (well PIXs at any rate havent used the rest).

Basically its a seperate really cut down OS with the sole purpose of recovering the device when something goes wrong / you need to reflash / you screw up..

the cisco one includes a tftp client and some form of uploading firmware over serial i think (slow but good if you're stuck).
I have had a quick play but couldnt get anything along these lines working.

if that was working it would be relatively simple to load any image on we wanted. the only problem would be loading the images on without destroying the recovery mode and booting them.

think0r · Aug 18, 2006, 5:41 PM

This is obviously an issue of great importance to anyone running on an embedded device. Taking the unit apart for every firmware update is just not going to cut it for anyone that needs to manage a large number of these units. I don't see any reason why we can't just create a separate kernel specifically for embedded updating that uses a ram disk and runs tftp or something and add it to the current embedded image or pfsense. We could use a boot loader to to select "normal pfsense kernel" (default) or "updater kernel". Make an option in the web gui to allow us to change the boot loader config for the next reboot.

Does this seem do-able? Are there currently any plans to add some sort of firmware upgrading functionality to the embedded images that allow for in box or remote firmware updating?

sullrich · Aug 18, 2006, 5:59 PM

@think0r:

This is obviously an issue of great importance to anyone running on an embedded device. Taking the unit apart for every firmware update is just not going to cut it for anyone that needs to manage a large number of these units. I don't see any reason why we can't just create a separate kernel specifically for embedded updating that uses a ram disk and runs tftp or something and add it to the current embedded image or pfsense. We could use a boot loader to to select "normal pfsense kernel" (default) or "updater kernel". Make an option in the web gui to allow us to change the boot loader config for the next reboot.

You must be new around here. This has been hashed to death …

@think0r:

Does this seem do-able? Are there currently any plans to add some sort of firmware upgrading functionality to the embedded images that allow for in box or remote firmware updating?

Not at the present.

Maybe in the future. The problem is stuffng the 32 megabyte image into ram to update. Couple that lighty wants to hold this in ram and make a copy of it then you end up using 64 megs of ram just to get the update into ram. Most people will be using more than 64 megs of ram on a running embedded image.

If you want to do the work you outlined above, please send patches.

think0r · Aug 18, 2006, 6:09 PM

The updater kernel would be an alternate boot method. That is to say that pfsense would not be booted. The updater imagine would be tiny with only the ability to upload the new image into ram disk and flash it back to the CF card and perhaps copy any configs into memory then back to CF after writing. Why wouldn't this fit into the 128mb's of memory included on more WRAP boards?

sullrich · Aug 18, 2006, 6:27 PM

@think0r:

The updater kernel would be an alternate boot method. That is to say that pfsense would not be booted. The updater imagine would be tiny with only the ability to upload the new image into ram disk and flash it back to the CF card and perhaps copy any configs into memory then back to CF after writing. Why wouldn't this fit into the 128mb's of memory included on more WRAP boards?

It wouldnt fit on a RUNNING SYSTEM. Going with your idea, how are you going to signal that an update kernel should be loaded? I am not trying to poopoo your idea but its an unbelievable amount of work what you are proposing. Not only will the builder scripts need to be updated to be able to boot two different systems a whole new set of boot management code would need to be added.

billm · Aug 18, 2006, 6:32 PM

It's easy…

download developers edition
boostrap developers edition
change build system to make it generate binary diffs
make changes so binary diffs work
create a diff with your well commented work
file a ticket in cvstrac with your diff attached
if it makes sense we commit

When you get to step 7, let me know.

--Bill

think0r · Aug 18, 2006, 7:00 PM

@sullrich:

@think0r:

The updater kernel would be an alternate boot method. That is to say that pfsense would not be booted. The updater imagine would be tiny with only the ability to upload the new image into ram disk and flash it back to the CF card and perhaps copy any configs into memory then back to CF after writing. Why wouldn't this fit into the 128mb's of memory included on more WRAP boards?

It wouldnt fit on a RUNNING SYSTEM. Going with your idea, how are you going to signal that an update kernel should be loaded? I am not trying to poopoo your idea but its an unbelievable amount of work what you are proposing. Not only will the builder scripts need to be updated to be able to boot two different systems a whole new set of boot management code would need to be added.

Fine, I will just add my own bootloader and dual boot between pfsense and something else via the serial console. If adding a capable bootloader configuration to pfsense requires a massive rewrite of pfsense to work then forget it. It just seems short sighted to suggest we should all disassemble embedded devices for every update.

sullrich · Aug 18, 2006, 7:46 PM

@think0r:

Fine, I will just add my own bootloader and dual boot between pfsense and something else via the serial console. If adding a capable bootloader configuration to pfsense requires a massive rewrite of pfsense to work then forget it. It just seems short sighted to suggest we should all disassemble embedded devices for every update.

pfSense's main focus IS NOT ON EMBEDDED! If you want a product that focuses on embedded run m0n0wall!