Watchguard XTM 5 Series
-
I have XTM 5 with the belwo BIOS
root@OPNsense:/conf # dmidecode | lessdmidecode 3.2
Scanning /dev/mem for entry point.
SMBIOS 2.5 present.
44 structures occupying 2148 bytes.
Table at 0x000FBCD0.Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: American Megatrends Inc.
Version: 080015
Release Date: 04/26/2010
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 1024 kBI am safe to use this image to update my BIOS from https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
-
They should all be compatible AFAIK, I've yet to see one that was not. That's just the date from the gen2 models, there are a few posts here confirming it works. For example:
https://forum.netgate.com/post/797569Of course flashing the BIOS is always inherently risky. You could lose power part way though etc...
And you're running the wrong OS...
Steve
-
@stephenw10
Thanks Steve... BIOS flash was successfully...
Still playing around with different firewalls before going production... if that makes sense
-
The original Watchguard CF card OS boot is able to start Recovery Mode (SysB) or Safe Mode (SysA Safe) from LCD Keys
I think is something embedded in MBR or in GRUB stage...I had a crazy idea... how shall be hard making a multiboot like that to choice via LCD keys which disk / partition will have to start ?
Obviously i think who should be the right one for the answer...
Stephen i'm very cold about ASM or C coding...
I can only give an original Watchguard CF image and no more right now. -
I believe that code is in BIOS and passed to GRUB. You will still see it try to boot recovery even without a CF card present.
Steve
-
@stephenw10 sorry for the delay... i tried without the CF Card and nothing happens during the startup phase on the LCD pressing UP or DOWN button of the case keypad... only the WG BIOS V 1.2 stay.
But you could be in right and some code could be embedded in bios too to storage a flag value somewhere...I'm affascinating by bios and i wish spend time investigating.. please may you give me some hints about software you used to modding the XTM5's AMI Bios ?
I tried to search on the web but i found only recent software that don't recognize this 1024k ROM. -
[1] Install the flashrom tool
pkg pkg install flashrom rehash[2] Download the new flash image
cd /tmp fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom md5sum xtm5_83.romThe MD5 has should be: e75bc93ca2db547a3facb8d611f0d441
[3] Reprogram the flash
Read and save the original/current flash image
flashrom -r rom.original –programmer internalWrite the new image
flashrom -w xtm5_83.rom –programmer internalVerify the write was successful
flashrom -v xtm5_83.rom –programmer internalPull the CMOS battery & mains power, wait a few minutes, reboot & voilà.
If everything's OK you can delete the new image file with:rm /tmp/xtm5_83.rom -
For actually editing the image there are a number of tools that can open and modify the older pre-uefi AMI BIOSes. Including AMIs own proprietary tool amibcp. You'll have to go searching for that if you want to use it.
Bare in mind it's very easy to make an image that doesn't POST and then you need to reflash the chip directly. I did it several times!
https://forum.netgate.com/post/336712Steve
-
@Dufflepod thanks i'm aware about that procedure. I wish to edit the .ROM file not just to push it on the CHIP as is.
@stephenw10 i found the right (i think) 3.51 version of the amibcp tools but it seems to have a partial control on the bios. I think you found some more specific tool... to be able to change Arm/Disarm LED status and to change the LCD text during bios...
If you could help me at least telling me the name of the right software ;)
I know after that i have to do my hard work on my own...
Thanks -
The ARM LED is set by setting the appropriate SIO registers.
The LCD message I changed by hex editing the right module directly. Which is why it had to be the same number of characters. -
thx -
@stephenw10 Hi, I bought two XTM 5, they have same motherboard (MB-7580W v1.0, CK: 9A80 2010-02-03).
They differ by the flash bios: one (I'll call it A) has a label with YK12 1046, the other (I'll call it B) has this label with YJ96 3493.
So I installed pfsense on a CF and I flashed unit A with flashrom. All fine, on boot I see the new string and the red led.
I wasn't able to do the same with unit B, flashrom was unable to find the device to write. So I loaded freedos with afudos in a cf and flashed this way. All fine on boot I see the new string but red led doesn't come up.
I can enter the bios and chenge settings but this led doesn't turn on during boot.
What happens?Ps: I unmounted the lcd assembly and mounted on the unit A and red led works.
-
Hmm, are they the same model xtm5? There were two generation but they were almost identical as far as I know.
Can you you set the LED using WGXepc?Steve
-
@stephenw10 Just tryed, WGXepc64 changes the led. I tryed with green and red.
Any ideas why the bios don't turn on the led? -
I don't. It should, it uses the same set of register changes in the SuperIO chip that WGXepc does.
-
Consider the possibility that the BIOS was previously flashed with a custom image...
-
@t-rexky Before the flashing the bios was the stock one
-
My very new unit at the time (year old display model) did not turn on the red light either.
-
@chpalmer but with the modded bios it should.
Infact the other unit ("same" as this one) turns on the red led.
I can't find the differences between them. Adding that the led works with WXGepc package. -
@valepe69 said in Watchguard XTM 5 Series:
@chpalmer but with the modded bios it should.
Infact the other unit ("same" as this one) turns on the red ledYes. it did. :) Watchguard must have made changes at some point.. Ive had several stock units (which I put pfsense on for friends) come through and noted the earlier ones had the red LED whereas mine and a later unit did not.
I always change the firmware on them when I get them.
