Watchguard Firebox M400/M500

zanthos

After a lot of hacking, bricking my M400, re-flashing via SPI, on and on and on, I finaly managed to unlock the BIOS of my M400 by flashing a self-modified BIOS from Lanner.
If it is allowed, I can upload it here…

stephenw10

Ooo fun. What mods did you have to do?

Hmm, I'm pretty sure it's an FW-7585 though. The 7584 has an H81 chipset and the m400 defintely has a C226, like the 7585.

pglover19

Do you think this modification would work for the M440 model as well? I have 2 of these units that I would love to get pfSense working.

stephenw10

No, the M440 is completely different. You would need to start out with the UP-2010 BIOS. But as we have found it still won't help you there as the FreeBSD igb driver is, currently, unable to recognise the NIC/PHY combination.

Steve

zanthos

@stephenw10 said in Watchguard Firebox M400:

Ooo fun. What mods did you have to do?

After a lot of trial and error the solution was using UEFI Tool (https://github.com/LongSoft/UEFITool). For whatever reason I had to use an old build which let me replace parts of my file.
I had to extract the BIOS part from the supplied Lanner BIOS and use this to replace the BIOS part of a backup ROM of my unit.

Maybe all the flashing (including Intel ME) finally did something else not covered in what i described above. But as I read some helping docs, Intel ME is stored in the BIOS chip which is a Winbond 25W64FV. So completely erasing this chip and reprogramming via SPI with my modified file finally did the trick.

@stephenw10 said in Watchguard Firebox M400:

Hmm, I'm pretty sure it's an FW-7585 though. The 7584 has an H81 chipset and the m400 defintely has a C226, like the 7585.

I have been told by Lanner that the BIOS is exactly the same for both FW 7585 and 7584, even tough they have different chipsets. Probably the C226 is a superset of the H81...
At least it is recognized in the BIOS:

iJay-XTM5

@zanthos
Does the unlocked bios allow the fans controls to be adjusted?
I've got the fans dialed down pretty well for now, but still interested to know as I need to move to a Xeon at some point.
Thanks

zanthos

Unlocked BIOS overview:

Main:

Advanced:

Advanced - CPU:

Advanced - SATA:

Advanced - USB:

Advanced - Super IO:

Advanced - H/W Monitor:

Advanced - H/W Monitor - Smart Fan:

Advanced - LAN Boot:

Advanced - Serial Console Redirection:

Chipset:

Chipset - Power:

Chipset - System Agent:

Chipset - Memory Configuration:

Boot:

Security:

Exit:

zanthos

@ijay-xtm5 said in Watchguard Firebox M400:

Does the unlocked bios allow the fans controls to be adjusted?
I've got the fans dialed down pretty well for now, but still interested to know as I need to move to a Xeon at some point.
Thanks

@ijay-xtm5
You can switch from Auto to Manual mode and define a value. Haven't played with this one tough...

@zanthos said in Watchguard Firebox M400:

Advanced - H/W Monitor - Smart Fan:

stephenw10

Hmm, can you not change the target value in Smart mode?

Scorch95

@zanthos

Could you upload the modified bios along with a detailed step by step instruction on how to flash it over?

zanthos

Hi there

Just managed to unlock (hopefully) everything in this BIOS.
Speedstep is now working

Unfortunately I cannot upload it here. File size limit
Also split files (7z and rar) don't work...

Maybe @stephenw10 you can alter this setting?

stephenw10

It's better to host it somewhere separately and just link to it IMO. That's what I have always done for BIOS images.
I can put it with the other images on my Google site if you PM me.

Do you believe it's flashable directly? You seemed to imply you had done a number of things there.

Steve

zanthos

DISCLAIMER: I don't take any responsibility if you flash using my files. I won't provide help if you brick your device.
(Unbricking is possible using SPI, see below)

Here's the BIOS:
https://1drv.ms/f/s!AgeHb7hLRzQ-iAw82hEAiVojSDWJ
@stephenw10 you may copy those files to your webhost. I cannot provide those files forever.

Currently it's my Version 5.
There may be things to be enhanced. There may be bugs. Be warned!

How to flash:
a) SPI:
Use your favorite SPI programmer connected to the mainboard.
I used this one:
https://www.ebay.de/itm/CH341A-Series-Chip-SPI-Flash-USB-Programmer-24-EEPROM-BIOS-Writer-25-Neu/273040494657?hash=item3f927b5041:g:U8oAAOSw3wVaaagG:rk:1:pf:0
You will need a programming software. I used "AsProgrammer":
https://github.com/nofeletru/UsbAsp-flash/releases/

b) Software flashing:
Download Rufus here: https://rufus.ie/
Create a bootable FreeDOS Stick or CF Card. FreeDOS is embedded in Rufus. So no need to download.
Maybe your original M400 will not boot from USB. Then create CompactFlash card.
Download "freedos_ext_v5.7z" above and extract it to your just created FreeDOS drive. Overwrite all files!!
Maybe you will need to alter "autoexec.bat" to match your keyboard layout. Current setting is German ("keyb gr"). To have US keyboard layout, you will need "keyb us".
Connect via Serial to your M400. Use a CISCO style cable. Use 9600 8 N 1. I tried higher speeds, didn't work.
I can't help using AFUEFI.exe or AFUDOS.EXE. There are lots of parameters… Maybe someone here knows all the tricks or find help with your favorite Internet search engine.

Good luck and please report back!

stephenw10

Just to be clear there is real risk doing this. Not until you've felt the regret of your shiny box failing to POST because you updated a firmware to get something you didn't really need in the first place will you understand that! Ask me how I know.

If you have an SPI reader then you can be reasonably confident of being able to recover it eventually if anything does go wrong. But if you don't...

Steve

moppa

Do we know what the max ram is on this board?

stephenw10

The standard Lanner board claims 8GB.

Steve

Scorch95

@stephenw10

Do we know if it’s ECC registered or unbuffered?

stephenw10

Unbuffered ECC or non-ECC. Again that's just from the fw-7585 manual, I haven't actually tried anything else myself.
The RAM supplied is Unbuffered ECC which means I don't have anything spare lying around to add to it. Not that I need to as 4GB is plenty for most applications, and I only use it for testing.

Steve

zanthos

@scorch95
Registered ECC does not work. At least this one I tried: Samsung 8GB 2Rx4 PC3 10600R (M393B1K70CH0)

.

The supplied memory seems to be ECC unbuffered: Transcend 4G 1Rx8 DDR3 1600 ECC (679323-0288)

Scorch95

Is there any way to figure out why the system hangs on reboot whereas with the XTM5 it didn't have any problems? I went ahead and did a reinstall on the SSD and it still has the issue. I'm assuming that it has something to do with no longer running from the CF card.

EDIT: By this I mean is there any kind of logs I can pull that I could post here that might be useful in determining the cause and hopefully help find a solution to the issue?