Watchguard XTM 5 Series

DeLorean

For normal use is 2Gb RAM more then enough.
For running Squid and/or Snort, i recommend 4Gb RAM and a faster cpu, if that's not already happend.
Also, the speed of the RAM is important, it must be a least 667Mhz, lower will not work.
I use always 800Mhz RAM, same speed as the RAM that came with this type of XTM5.

Grtz
DeLorean

dhoffman98

OK, so I need to verify something with flashing my BIOS because something didn't work (and thankfully didn't do anything to the box).

I'm going to put as much information here that I hope might be helpful.

Command "flashrom –programmer internal" returned:

flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p19 (amd64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI) mapped at physical address 0x00000000fff00000.
No operations were specified.

Then I ran "flashrom -V -r –programmer internal".
It comes back with a bunch of info. I trimmed what you see below to the lines I think might be the most important.

Initializing internal programmer
No coreboot table found.
Using Internal DMI decoder.
DMI string chassis-type: "Desktop"
DMI string system-manufacturer: "To Be Filled By O.E.M."
DMI string system-product-name: "To Be Filled By O.E.M."
DMI string system-version: "To Be Filled By O.E.M."
DMI string baseboard-manufacturer: "To be filled by O.E.M."
DMI string baseboard-product-name: "To be filled by O.E.M."
DMI string baseboard-version: "To be filled by O.E.M."
Found Winbond Super I/O, id 0x82
Found chipset "Intel ICH7/ICH7R" with PCI ID 8086:27b8.
Enabling flash write… Root Complex Register Block address = 0xfed1c000
GCS = 0x810460: BIOS Interface Lock-Down: disabled, Boot BIOS Straps: 0x1 (SPI)
Top Swap: not enabled
...
Maximum FWH chip size: 0x100000 bytes
SPI Read Configuration: prefetching disabled, caching enabled,
BIOS_CNTL = 0x01: BIOS Lock Enable: disabled, BIOS Write Enable: enabled
SPIBAR = 0x00000008007c5000 + 0x3020
...
The following protocols are supported: FWH, SPI.
...
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI).
Reading flash... done.

I tried the following command to flash (adding the -V for verbose output): "flashrom -V -w xtm5_83.rom –programmer internal"

Enabling flash write… Root Complex Register Block address = 0xfed1c000
GCS = 0x810460: BIOS Interface Lock-Down: disabled, Boot BIOS Straps: 0x1 (SPI)
...
Maximum FWH chip size: 0x100000 bytes
SPI Read Configuration: prefetching disabled, caching enabled,
BIOS_CNTL = 0x01: BIOS Lock Enable: disabled, BIOS Write Enable: enabled
...
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI) mapped at physical address 0x00000000fff00000.
Chip status register is 0x00.
Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set
Chip status register: Bit 6 is not set
Chip status register: Block Protect 3 (BP3) is not set
Chip status register: Block Protect 2 (BP2) is not set
Chip status register: Block Protect 1 (BP1) is not set
Chip status register: Block Protect 0 (BP0) is not set
Chip status register: Write Enable Latch (WEL) is not set
Chip status register: Write In Progress (WIP/BUSY) is not set
...
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI).
Flash image seems to be a legacy BIOS. Disabling coreboot-related checks.
Reading old flash chip contents... done.
Erasing and writing flash chip... Trying erase function 0... 0x000000-0x00ffff:S, 0x010000-0x01ffff:S, 0x020000-0x02ffff:S, 0x030000-0x03ffff:S, 0x040000-0x04ffff:S, 0x050000-0x05ffff:S, 0x060000-0x06ffff:S, 0x070000-0x07ffff:S, 0x080000-0x08ffff:S, 0x090000-0x09ffff:S, 0x0a0000-0x0affff:S, 0x0b0000-0x0bffff:S, 0x0c0000-0x0cffff:S, 0x0d0000-0x0dffff:E, 0x0e0000-0x0effff:S, 0x0f0000-0x0fffff:S
Erase/write done.
Verifying flash... VERIFIED.
Restoring MMIO space at 0x8007c8070
Restoring MMIO space at 0x8007c807c
Restoring MMIO space at 0x8007c8078
Restoring MMIO space at 0x8007c8076
Restoring MMIO space at 0x8007c8074
Restoring PCI config space for 00:1f:0 reg 0xdc

Finally, when running the command to verify the image: "flashrom -v xtm5_83.rom –programmer internal"

flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p19 (amd64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI) mapped at physical address 0x00000000fff00000.
Reading old flash chip contents... done.
Verifying flash... VERIFIED.

So…. the way I'm seeing it, it supposedly flashed the chip.
But then I shut the system down, and then power on again.
I get to a shell and again run: "flashrom -v xtm5_83.rom --programmer internal"

This time, I get this:

Calibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI) mapped at physical address 0x00000000fff00000.
Reading old flash chip contents... done.
Verifying flash... FAILED at 0x000dc000! Expected=0xff, Found=0x05, failed byte count from 0x00000000-0x000fffff: 0x113

And when I go back into the BIOS next time, everything is still the same, and everything is locked except for date and time.

I'm open to suggestions.
Did I miss a step?
Did I use the wrong commands?
Did I use the wrong file?

Thanks in advance.

stephenw10

Looks like you didn't actually run the write command so it never wrote the file to the flash.

Steve

dhoffman98

Is this the proper command to write the file?

flashrom -V -w xtm5_83.rom –programmer internal

chpalmer

@dhoffman98:

Is this the proper command to write the file?

flashrom -V -w xtm5_83.rom –programmer internal

Ive never used the -v switch but my guess is it should go after the write switch if your going to use it.

flashrom -w xtm5_83.rom –programmer internal -v  or

flashrom -w -v xtm5_83.rom --programmer internal

chpalmer

pkg

pkg install flashrom

rehash

cd tmp

fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom

md5 xtm5_83.rom

flashrom -w xtm5_83.rom –programmer internal

needs a little bit of updating for the 2.4 branch.

;)

dhoffman98

Add to those instructions to pull the battery for a while after flashing. That was my problem, I had been writing the flash file, and it said it was verified, but after reboot, still locked out. Pulled the battery for 10 minutes, put it back, booted up and all is good now.

So now I have my BIOS flashed.
I have LCDProc working great.

Memory. I have two 1GB sticks on board now.
Considering some of what I've been reading about 2.4 and using ZFS file systems, it looks like creating a RAM disk is a good idea.
I believe someone on here posted that they have gone up to 8GB with no issues. Assuming that's 2x4GB… What else are the specs for RAM?
DDR2
800MHz
PC2-6400 ? Is that correct ?
240 pins

What else do I want to do before I make this "production-ready"?

Suggestions? Favorite add-on packages (already have Shellcmd and LCDProc).

dhoffman98

@chpalmer:

flashrom -w -v xtm5_83.rom –programmer internal

That one won't work. The file name has to be after the -w.

Turns out mine was working… I just needed to pull the battery while powered off and when I brought it back up, the new BIOS was running.

chpalmer

@dhoffman98:

That one won't work. The file name has to be after the -w.

Turns out mine was working… I just needed to pull the battery while powered off and when I brought it back up, the new BIOS was running.

What- you didn't read through the 20,000 plus pages to find out you need to pull the battery??  :o ;D

We tend to take things for granted sometimes and forget to mention that.  :P

Glad ya made it work!

:)

chpalmer

@dhoffman98:

Memory. I have two 1GB sticks on board now.
Considering some of what I've been reading about 2.4 and using ZFS file systems, it looks like creating a RAM disk is a good idea.
I believe someone on here posted that they have gone up to 8GB with no issues. Assuming that's 2x4GB… What else are the specs for RAM?
DDR2
800MHz
PC2-6400 ? Is that correct ?
240 pins

Im running 4GB ram here and a 120GB hard drive.  Cannot speak whether the board will handle 8GB or not..

A Former User

This post is deleted!

stephenw10

You have to extract the modules from the bios then search through it for the string that's sent to the LCD and edit it in hex. It's been a while since I did it I don't recall exactly which module it's in.

Steve

A Former User

This post is deleted!

stephenw10

I don't recall exactly which version it was I'm afraid. Unless it's noted somewhere here in thread already.

That's true though the earlier versions produced corrupted files which is why I ended up having to flash the chip via SPI directly a number of times.

Steve

DeLorean

@stephenw10:

I don't recall exactly which version it was I'm afraid. Unless it's noted somewhere here in thread already.

That's true though the earlier versions produced corrupted files which is why I ended up having to flash the chip via SPI directly a number of times.

Steve

Version 3.51 was the correct version.
Prior versions did corrupt the BIOS files.
You mentioned this exactly at the day, 3 years ago  ;D

@stephenw10:

@lolman
You have to use the 3.XX series on the XTM5 bios. I believe the 4.XX is for UEFI bios only. I started out using 3.43 but that mostly corrupted the BIOS image! Using 3.51 allowed me to edit the Superio tables and didn't corrupt the BIOS.

@mcdonnjd
Which model XTM5 do you have? It seems like it's different to those the rest of have so maybe it's one of the second generation models.

Steve

Grtz
DeLorean

stephenw10

Thank you me 3 years ago!  ;D

dhoffman98

@747Builder:

apparently i have the oddball with the 220Watt power supply in mine.

I'm with you. Same box. It's the 2nd Generation XTM 5 boxes. It seems that when they started expanding the product line, they made some changes.

A Former User

This post is deleted!

A Former User

This post is deleted!

DeLorean

@747Builder:

@stephenw10:

I don't recall exactly which version it was I'm afraid. Unless it's noted somewhere here in thread already.

That's true though the earlier versions produced corrupted files which is why I ended up having to flash the chip via SPI directly a number of times.

Steve

Stephen10,

do you happen to still have the Pinouts you got from Lanner on the SPI port? also what software did you use with your home made SPI programmer?
in my world its called CYA and making sure mine works ahead of time before hacking on the bios.

This diagram of pinouts is taken from the Lanner FW-7581W user manual

Grtz
DeLorean