[As Good As Solved!] Watchguard Firebox Arm/Disarm LED

stephenw10

Agreed, strange output.
I certainly does help. It looks like you've got ICH2 so that's a different datasheet for starters.
If you do a:

pciconf -lb

You should see the PCI device and vendor IDs to confirm the chip.
Look for chip=0x24408086 or chip=0x244C8086. That's the LPC-PCI brigbe used to configure the GPIOs.
That command should give you the base pci address and from that you can read the gpio base address and then test the gpios. However on my box it doesn't!  :(

Steve

iFloris

Luckily, pciconf -lb does work here.

0x244C8086 shows up as:

isab0@pci0:0:31:0:	class=0x060100 card=0x00000000 chip=0x24408086 rev=0x05 hdr=0x00
atapci0@pci0:0:31:1:	class=0x010180 card=0x24408086 chip=0x244b8086 rev=0x05 hdr=0x00
    bar   [20] = type I/O Port, range 32, base 0xff00, size 16, enabled

0x244C8086 isn't in the output.

The full output is as follows:

hostb0@pci0:0:0:0:	class=0x060000 card=0x11308086 chip=0x11308086 rev=0x04 hdr=0x00
pcib1@pci0:0:30:0:	class=0x060400 card=0x00000000 chip=0x244e8086 rev=0x05 hdr=0x01
isab0@pci0:0:31:0:	class=0x060100 card=0x00000000 chip=0x24408086 rev=0x05 hdr=0x00
atapci0@pci0:0:31:1:	class=0x010180 card=0x24408086 chip=0x244b8086 rev=0x05 hdr=0x00
    bar   [20] = type I/O Port, range 32, base 0xff00, size 16, enabled
safe0@pci0:2:6:0:	class=0xff0000 card=0x00010001 chip=0x114116ae rev=0x01 hdr=0x00
    bar   [10] = type Prefetchable Memory, range 32, base 0xefbfe000, size 8192, enabled
re0@pci0:2:9:0:	class=0x020000 card=0x813910ec chip=0x813910ec rev=0x20 hdr=0x00
    bar   [10] = type I/O Port, range 32, base 0xd500, size 256, enabled
    bar   [14] = type Memory, range 32, base 0xefefa000, size 512, enabled
re1@pci0:2:10:0:	class=0x020000 card=0x813910ec chip=0x813910ec rev=0x20 hdr=0x00
    bar   [10] = type I/O Port, range 32, base 0xd600, size 256, enabled
    bar   [14] = type Memory, range 32, base 0xefefb000, size 512, enabled
re2@pci0:2:11:0:	class=0x020000 card=0x813910ec chip=0x813910ec rev=0x20 hdr=0x00
    bar   [10] = type I/O Port, range 32, base 0xd900, size 256, enabled
    bar   [14] = type Memory, range 32, base 0xefefc000, size 512, enabled
re3@pci0:2:12:0:	class=0x020000 card=0x813910ec chip=0x813910ec rev=0x20 hdr=0x00
    bar   [10] = type I/O Port, range 32, base 0xda00, size 256, enabled
    bar   [14] = type Memory, range 32, base 0xefefd000, size 512, enabled
re4@pci0:2:13:0:	class=0x020000 card=0x813910ec chip=0x813910ec rev=0x20 hdr=0x00
    bar   [10] = type I/O Port, range 32, base 0xdd00, size 256, enabled
    bar   [14] = type Memory, range 32, base 0xefefe000, size 512, enabled
re5@pci0:2:14:0:	class=0x020000 card=0x813910ec chip=0x813910ec rev=0x20 hdr=0x00
    bar   [10] = type I/O Port, range 32, base 0xde00, size 256, enabled
    bar   [14] = type Memory, range 32, base 0xefeff000, size 512, enabled

However, I don't know how to interpret 0xff00 as the base.
Running ./readio gives me the following:

[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(5): ./readio 0xff00
Reading ff00 :0

stephenw10

2440 is the ICH2 chip,82801BA, 244C is ICH2-M, 82801BAM. You have the former.
Unfortunately your output is like mine. The base address we need is that of the isab0 device, not listed.
Still this is all interesting stuff!  :D

Steve

iFloris

And there I was thinking it did work for me!

So, is there another way of finding out what the base address for lsab0 is?

And I agree that this is all very interesting, though it does go slightly over my head.
Still, it must be said that you are good at explaining what I need to to and what to expect!

stephenw10

I have to say I'm learning as I go here.
There must be another way since it's an integral part of the os. I have a feeling it's probably passed to the os by the bios. Certainly the bios code sets up the chipset initially so if it moved the gpiobase thats where it would be stored.
Intel provide a helpful application note for doing just this. Here.
They explain how it's all setup and how the registers relate to one another. They even provide example code for finding the gpiobase and the LPC base and it's written for FreeBSD. Unfortunately it's only sample functions and not something that could be compiled.  :(
I don't really want to start messing about trying to write a program to do this. I sure there's FreeBSD package that can do this already I just don't know what it is.

Steve

stephenw10

Edit: Don't do this! Perhaps it makes interesting reading for someone. See my post a few below here after Wallabybob pointed out my failure to understand pciconf.  ::)

Here's something that seems to work, if you're feeling brave!  :P I spent ages trying to compile a very simple program but gave up after more compile errors than I could count. Anyway the basic functionality is included in the pciutils package. First install the package:

/etc/rc.conf_mount_rw

pkg_add -r pciutils

/etc/rc.conf_mount_ro

rehash

This is a port of the Linux lspci utility with some extra bits.
Fire it up and see what you have:

[2.0-BETA5][root@pfSense.localdomain]/root(34): lspci
00:00.0 Host bridge: Intel Corporation Mobile 915GM/PM/GMS/910GML Express Processor to DRAM Controller (rev 04)
00:02.0 VGA compatible controller: Intel Corporation Mobile 915GM/GMS/910GML Express Graphics Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 1 (rev 04)
00:1c.1 PCI bridge: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 2 (rev 04)
00:1c.2 PCI bridge: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 3 (rev 04)
00:1c.3 PCI bridge: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) PCI Express Port 4 (rev 04)
00:1d.0 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #1 (rev 04)
00:1d.1 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #2 (rev 04)
00:1d.2 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #3 (rev 04)
00:1d.3 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB UHCI #4 (rev 04)
00:1d.7 USB Controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller (rev 04)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev d4)
00:1f.0 ISA bridge: Intel Corporation 82801FBM (ICH6M) LPC Interface Bridge (rev 04)
00:1f.1 IDE interface: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) IDE Controller (rev 04)
00:1f.3 SMBus: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) SMBus Controller (rev 04)
01:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8053 PCI-E Gigabit Ethernet Controller (rev 19)
02:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8053 PCI-E Gigabit Ethernet Controller (rev 19)
03:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8053 PCI-E Gigabit Ethernet Controller (rev 19)
04:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8053 PCI-E Gigabit Ethernet Controller (rev 19)
05:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13)
05:01.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13)
05:02.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13)
05:03.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13)
05:04.0 Network and computing encryption device: Cavium Networks Nitrox XL N1 Lite

This is my Xe box. You can see the ICH LPC bridge listed has PCI address 00:1f.0 (obviously change this to your address).
So now we can get lspci to spit out the configuration data. This function comes with a danger warning but works fine here:

[2.0-BETA5][root@pfSense.localdomain]/root(35): lspci -s 00:1f.0 -xxx
00:1f.0 ISA bridge: Intel Corporation 82801FBM (ICH6M) LPC Interface Bridge (rev 04)
00: 86 80 41 26 07 01 00 02 04 00 01 06 00 00 80 00
10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
20: 00 00 00 00 00 00 00 00 00 00 00 00 86 80 41 26
30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
40: 01 04 00 00 80 00 00 00 81 04 00 00 10 00 00 00
50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
60: 0b 0c 05 0a d0 00 00 00 0b 80 80 09 00 00 00 00
70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80: 10 00 0f 34 81 00 00 00 91 02 00 00 00 00 00 00
90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
a0: 20 02 00 00 00 00 00 00 00 00 00 00 00 03 00 00
b0: 00 00 00 00 00 00 00 00 55 55 55 55 00 00 00 00
c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
d0: 33 22 11 00 67 45 00 00 c0 c0 00 00 00 00 00 00
e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
f0: 01 c0 d1 fe 00 00 00 00 80 0f 04 00 00 00 00 00

So now we have the important part of the configuration table. Looking at the datasheet for the ICH6 the GPIO base address is stored in registers 0x48-0x4b. You have to read it in reverse: 00 00 04 81. i.e 0x481 Except that reading the datasheet more closely we see that "bit 0 is hardwired to 1 to indicate I/O space" for some reason.  ::) So the actual address is 0x480. Which we know to be true.

This procedure should work fine for you except that in the ICH2 the gpio base address is at 0x58-5B instead.

Steve

wallabybob

The FreeBSD utility pciconf can also be used to get this information. There is a man page at http://www.freebsd.org/cgi/man.cgi?query=pciconf&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&format=html

stephenw10

@wallabybob:

The FreeBSD utility pciconf can also be used to get this information.

Doh!  :-[
It was like three in the morning by the time I wrote that.

The same result can be had with:

[code]
[2.0-BETA5][root@pfSense.localdomain]/root(10): pciconf -r pci0:0:31:0: 0x48
00000481

On the X-core box with the ICH2 you need to look at 0x58 but the LPC device is in the same place so:

pciconf -r pci0:0:31:0: 0x58

Steve

iFloris

@stephenw10:

On the X-core box with the ICH2 you need to look at 0x58 but the LPC device is in the same place so:

pciconf -r pci0:0:31:0: 0x58

Steve

Progress! That is to say, the command gives me a response on my firebox.
The response is as follows:

[2.0-BETA5][admin@firebox1.domain]/root(1): pciconf -r pci0:0:31:0: 0x58
00004081 

I'm not sure what this means though!
What is the next step?

stephenw10

Aha! That's disappointingly similar to 480, open to confusion but it looks as though the GPIObase address is 0x4080.
The next setp is to re-try the instructions from here but using 0x4080 in place of 0x480.
Hopefully you should get something other than all ff or 0.

Steve

iFloris

@stephenw10:

The next setp is to re-try the instructions from here but using 0x4080 in place of 0x480.
Hopefully you should get something other than all ff or 0.

Steve

Indeed, the numbers are so alike that I first thought I had gotten the same response as you did.

And now, with your help, readio has given me an answer other than ff!

[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(4): ./readio 0x4080
Reading 4080 :80
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(5): ./readio 0x4081
Reading 4081 :31
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(6): ./readio 0x4082
Reading 4082 :20
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(7): ./readio 0x4083
Reading 4083 :1a
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(8): ./readio 0x4084
Reading 4084 :ff
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(9): ./readio 0x4085
Reading 4085 :ff
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(10): ./readio 0x4086
Reading 4086 :0
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(11): ./readio 0x4087
Reading 4087 :0
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(12): ./readio 0x408c
Reading 408c :0
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(13): ./readio 0x408d
Reading 408d :0
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(14): ./readio 0x408e
Reading 408e :bf
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(15): ./readio 0x408f
Reading 408f :9

Unfortunately, some of the responses are still 0 or ff.

stephenw10

@iFloris:

Unfortunately, some of the responses are still 0 or ff.

Not a problem, they should be.
So:

Experimental findings of ICH2 IO space;  

0x4080-0x4083 Set pins as gpio or native fuctions. 1=gpio
Default 1a003180				                0001 1010 0000 0000
Found  1a203180      						0001 1010 0010 0000 

0x4084-0x4087 Set gpios as input or output. 1=Input
Default	0000ffff
Found	0000ffff	bit 1 is input. Possible outputs are 	0000 0000 0000 0000 1111 1111 1111 1111 

								   1 1 1    1  (set as gpio & set as output)

0x408c-0x408f GPIO Levels
Default	1f1f0000											
Found	09bf0000				   	        0000 1001 1011 1111 

Hmm, doesn't really line up properly on the forum but.. Edit: Better

Only four pins are both enabled as GPIO and set as ouput and only two of those are set to 1. So try seting either of those to 0.

./writeio 0x408f 0x01 

Return it to it's original value after or things get confusing! Or:

./writeio 0x408e 0x9f 

One of those should switch off the red led.

Once we know that we can work on green and flashing!

Steve

iFloris

@stephenw10:

Only four pins are both enabled as GPIO and set as ouput and only two of those are set to 1. So try seting either of those to 0.

./writeio 0x408f 0x01 

Return it to it's original value after or things get confusing! Or:

./writeio 0x408e 0x9f 

One of those should switch off the red led.

Thanks, I've been meaning to try this.
However, when you write 'Return it to it's original value after or things get confusing!', how do I know what the original value was?
0x408e gave me a response of bf, so would that be 0xbf?
Or am I being nonsensical?

stephenw10

Yes, bf is 0xbf. I never really expected anyone else to be using the program so didn't spend much time sanitising the output, sorry.  :P  (in fact I don't think it matters if you include the 0x or not)
When you change 408e from 0xBF to 0x9F what you are actually doing is changing only 1 bit (B=1011 and 9=1001). I say to change it back since if you change more than one thing at a time it's hard to know what change had what effect.
The fact is that we don't know what, if anything, the other gpios are connected to. It's better to return them to their original state. On the boxes I have here none of the random number setting I have done had any ill effects and it all gets reset by the bios at boot so don't worry.
Good luck!

Steve

iFloris

After trying both ./writeio 0x408f 0x01 and ./writeio 0x408e 0x9f, I found the following:
The first command (0x01) makes the red led blink red / off (looks like it blinks synchronised to re0, but I'm not sure).
The second command (0x9f) does nothing (seemingly).

Afterwards, I reset 0x0408f to 0x09 and 0x408e to 0xbf.

stephenw10

Hmmm, interesting. Well it's something at least. It proves that the led is driven by the gpios i some way.
So it doesn't blink regularly, like once a second?

Anyway it seems that 0x408f bit 3 is red on.
To find green leave red off (or blink in this case) and try turning on bits 1 or 4 i.e.

./writeio 0x408f 0x11 or 0x03.

Normally the blinking action is set by the blink register which for you should be at 0x409b, to correspond with the ouputs at 0x408f. Try reading 0x409b, by default it is 00.

Steve

iFloris

I've tried both settings.

./writeio 0x408f 0x11 turns the led green and blinks at fast but irregular intervals.
./writeio 0x408f 0x03 does the same, but turns the led back to red.

I've reset to 0x11 now, so at least the arm led is green!
This is awesome.

Edit: actually, the blinking is regular. About four blinks per second.

stephenw10

Hmm, even more interesting.
So 0x408f set to 03 is the same as 01 yes?
The built in blink function is definitely 1Hz so if it's blinking at around 4Hz then something else is doing it. Still worth checking the blink registers at 0x409A and 0x409B.
It's likely only two pins actually do anything giving only 4 possible states. It appears to be 0x408F bits 3 and 4. We have tried:
01 which is default, solid red
00 red flashing
10 green flashing
11 haven't tried that yet.

Try ./writeio 0x408f 19

As I said there are four possible gpio pins so 16 possible states. Since there is some confusion I think we may just have to work through them.

Steve

iFloris

Good guess!  ./writeio 0x408f 19 turns the led green without blinking.

Edit: Seeing as you now know how to turn the led green on both the x peak and x core devices, perhaps someone can help you with building a package for everyone using a flavor of the firebox?

stephenw10

@iFloris:

Edit: Seeing as you now know how to turn the led green on both the x peak and x core devices, perhaps someone can help you with building a package for everyone using a flavor of the firebox?

That's the long term plan. Hopefully we can also include the lcd driver so we can have a single package for Firebox users that doesn't get broken every time you update.

It seems like we're missing something here though. The control is very different to the other two boxes.
Can you tell me what the out outs of these are:

./readio 0x409a
./readio 0x409b

Do you have bios access to your box? You can set the initial led status in the bios on the X-core. I can't remember what you could set it to but it was a load of different settings. We should be able to get, at least, all of those.

Anyway it seems like we are mostly victorious!  ;D

Steve