pfSense on Watchguard M370

stephenw10

The m470 does appear to have a C230 series chipset but I've found that can be misleading:

[2.6.0-RELEASE][admin@m470-2.stevew.lan]/root: pciconf -lv
hostb0@pci0:0:0:0:	class=0x060000 card=0x20158086 chip=0x190f8086 rev=0x07 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers'
    class      = bridge
    subclass   = HOST-PCI
pcib1@pci0:0:1:0:	class=0x060400 card=0x20158086 chip=0x19018086 rev=0x07 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '6th-10th Gen Core Processor PCIe Controller (x16)'
    class      = bridge
    subclass   = PCI-PCI
pcib2@pci0:0:1:1:	class=0x060400 card=0x20158086 chip=0x19058086 rev=0x07 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = 'Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x8)'
    class      = bridge
    subclass   = PCI-PCI
pcib3@pci0:0:1:2:	class=0x060400 card=0x20158086 chip=0x19098086 rev=0x07 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = 'Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x4)'
    class      = bridge
    subclass   = PCI-PCI
xhci0@pci0:0:20:0:	class=0x0c0330 card=0x72708086 chip=0xa12f8086 rev=0x31 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller'
    class      = serial bus
    subclass   = USB
none0@pci0:0:20:2:	class=0x118000 card=0x72708086 chip=0xa1318086 rev=0x31 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family Thermal Subsystem'
    class      = dasp
ig4iic0@pci0:0:21:0:	class=0x118000 card=0x72708086 chip=0xa1608086 rev=0x31 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family Serial IO I2C Controller'
    class      = dasp
ig4iic1@pci0:0:21:1:	class=0x118000 card=0x72708086 chip=0xa1618086 rev=0x31 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family Serial IO I2C Controller'
    class      = dasp
ahci0@pci0:0:23:0:	class=0x010601 card=0x72708086 chip=0xa1028086 rev=0x31 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode]'
    class      = mass storage
    subclass   = SATA
pcib4@pci0:0:28:0:	class=0x060400 card=0x72708086 chip=0xa1108086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
pcib5@pci0:0:28:4:	class=0x060400 card=0x72708086 chip=0xa1148086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
pcib6@pci0:0:28:5:	class=0x060400 card=0x72708086 chip=0xa1158086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
pcib7@pci0:0:28:6:	class=0x060400 card=0x72708086 chip=0xa1168086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
pcib8@pci0:0:28:7:	class=0x060400 card=0x72708086 chip=0xa1178086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
pcib9@pci0:0:29:0:	class=0x060400 card=0x72708086 chip=0xa1188086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
pcib10@pci0:0:29:1:	class=0x060400 card=0x72708086 chip=0xa1198086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
pcib11@pci0:0:29:2:	class=0x060400 card=0x72708086 chip=0xa11a8086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
pcib12@pci0:0:29:3:	class=0x060400 card=0x72708086 chip=0xa11b8086 rev=0xf1 hdr=0x01
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family PCI Express Root Port'
    class      = bridge
    subclass   = PCI-PCI
isab0@pci0:0:31:0:	class=0x060100 card=0x72708086 chip=0xa1498086 rev=0x31 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'C236 Chipset LPC/eSPI Controller'
    class      = bridge
    subclass   = PCI-ISA
none1@pci0:0:31:2:	class=0x058000 card=0x72708086 chip=0xa1218086 rev=0x31 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family Power Management Controller'
    class      = memory
none2@pci0:0:31:4:	class=0x0c0500 card=0x72708086 chip=0xa1238086 rev=0x31 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '100 Series/C230 Series Chipset Family SMBus'
    class      = serial bus
    subclass   = SMBus
none3@pci0:1:0:0:	class=0x0b4000 card=0x00008086 chip=0x04348086 rev=0x21 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'DH89XXCC Series QAT'
    class      = processor
none4@pci0:1:0:1:	class=0x020000 card=0x0dc18297 chip=0x04368086 rev=0x21 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'DH8900CC Null Device'
    class      = network
    subclass   = ethernet
igb0@pci0:2:0:0:	class=0x020000 card=0x0000ffff chip=0x15218086 rev=0x01 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I350 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb1@pci0:2:0:1:	class=0x020000 card=0x0000ffff chip=0x15218086 rev=0x01 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I350 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb2@pci0:2:0:2:	class=0x020000 card=0x0000ffff chip=0x15218086 rev=0x01 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I350 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb3@pci0:2:0:3:	class=0x020000 card=0x0000ffff chip=0x15218086 rev=0x01 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I350 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb4@pci0:3:0:0:	class=0x020000 card=0x0000ffff chip=0x15218086 rev=0x01 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I350 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb5@pci0:3:0:1:	class=0x020000 card=0x0000ffff chip=0x15218086 rev=0x01 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I350 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb6@pci0:3:0:2:	class=0x020000 card=0x0000ffff chip=0x15218086 rev=0x01 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I350 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb7@pci0:3:0:3:	class=0x020000 card=0x0000ffff chip=0x15218086 rev=0x01 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I350 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb8@pci0:5:0:0:	class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb9@pci0:6:0:0:	class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb10@pci0:7:0:0:	class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb11@pci0:8:0:0:	class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb12@pci0:9:0:0:	class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb13@pci0:10:0:0:	class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb14@pci0:11:0:0:	class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb15@pci0:12:0:0:	class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet

Steve

HangmansNoose001380

Part 2: Detecting and backing up chip

1. You’ll need SPI programmer software that can read the chip from the CH341A/Mobo SPI. Listed below are the 2 pieces of software that I have found that will read the chip:
   a. AsProgrammer v2.0.3a -
   b. NeoProgrammer V2.2.0.8
2. Note the following steps are for the AsProgrammer software. The steps are mostly same for both programmer software. Do not attempt the steps below unless the CMOS battery has been removed and the power cable has been disconnected from the M370.
   a. Launch AsProgrammer
   b. Click “Read ID” button and you should get a list of 3 chips (2 WINBOND W25Q128 chips and 1 Spansion. I believe you can select either of the WINBOND options but I used the W25Q128FV.
   
   

c. Next you’ll need to unprotect the chip by clicking the “Unprotect” button to the right of “Read ID”.

d. After Detecting/Selecting/Unprotecting the chip click the “Read IC” button. This reads the original bios from the chip.

e. Once the read completes run a verification check by clicking the “Verify IC” button to make sure the image read into memory is clean.

f. At this point, if the verification succeeded without errors, I would strongly suggest saving the original bios as a backup copy. If you receive an error either the chip is still protected, cables are not connected correctly, or USB port is not supplying enough power to the mobo. Do not proceed with Step 3 if you do not have a clean backup.

HangmansNoose001380

Part 3: Erasing Chip

1. After saving the original bios the next step is the click the “Erase IC” button. This will completely erase the contents of the chip and can take a few minutes.
   
   
   
2. After the Erase has completed, you’ll need to verify the chip was erased successfully by clicking the drop-down button next to the “Verify IC” button and selecting “Blank check”. Note whether the verification was successful or not before proceeding with the next step. Sometimes the chip must be erased twice before verification succeeds.
   
   

HangmansNoose001380

Part 4: Reprogramming chip with modded bios

1. Open the modified bios file in AsProgrammer that you would like to flash to the chip.
   

2. Click the “Program IC” button to start the flash of the modified bios to the chip.
   

3. Click “Yes” in the pop-up window asking for confirmation to start the programming.
   

4. Programming can take several minutes to complete. There is a progress bar to show completion status.
   bolded text
   

5. Once complete click the “Verify IC” button to verify the modified bios was flashed successfully.
   
   
   

6. If all steps completed successfully you should be able to disconnect your SPI programmer from the mobo SPI header, insert your CMOS battery back in, plug the power cable back in and power it on. The machine takes about a minute or so to boot up and post, then it will reboot, power on and immediately power off and reboot again, and after that you should be able to access the bios menu at this point.

HangmansNoose001380

WatchGuard original post:

WatchGuard original prompt to access bios:

Mod_Bios post:

Mod_Bios Menu:

HangmansNoose001380

Side note: I would not enable Turbo Mode option in the modified bios if you are running a 6th gen processor. pfSense will hang on boot if it's enabled with a 6th gen processor. Works fine with a 7th gen processor.

Example of my configuration with 6th gen processor:

HangmansNoose001380

This post is deleted!

HangmansNoose001380

After comparing notes with @stephenw10 it does appear the M370 and M470 have different chipsets, so this guide should only be used for the M370 unless you're feeling adventurous.

On the M370 when I run pciconf -lv I get this:
isab0@pci0:0:31:0: class=0x060100 card=0x72708086 chip=0xa1488086 rev=0x31 hdr=0x00
vendor = 'Intel Corporation'
device = 'B150 Chipset LPC/eSPI Controller'
class = bridge
subclass = PCI-ISA

For the M470 it says:
isab0@pci0:0:31:0: class=0x060100 card=0x72708086 chip=0xa1498086 rev=0x31 hdr=0x00
vendor = 'Intel Corporation'
device = 'C236 Chipset LPC/eSPI Controller'
class = bridge
subclass = PCI-ISA

djstrauss

Hi all, i hope you're doing great.
@HangmansNoose001380 @stephenw10 @soupman @all in the post.

What a great accomplishment have been made here, this is terrific!!! Thanks for the update info and hard work.
The fact that you can flash a generic image to the units brings more opportunities to improve computing capabilities and also made the units more Software Friendly.

With standard limitations i have manage to install, pFSense (obviously) and some Hypervisors (Proxmox, VMWare Esxi), also some routing software (VyOS, Mikrotik RouterOS, OpenWRT) and Debian, just checking what could be a good a way to take advantage more efficiently and effective on the units.

I have only tested some i3 6100 with up to 32Gb Ram plus Some SATA SSD, but can assure you that on M370 Neither e3-1225v5 or e3-1240v5 or e3-1275v3 will work in the units, this looks like a Chipset limitations, as comments above.

Right now, i have 5 units (M370) brand new that were sitting on my office shelf. Actually 6, that one is running our beloved pFSense.

This updates give me hopes to prepare them and take advantage to build, maybe a Small VM cluster or how knows, some kind off weird project.

I have some CPUs (i5 6th and 7th gen, also a i7 7700 that maybe would work, using the Generic BIOS.

I'll be following up and help in anything I can, let's take this units to the next level.

Thanks all for your hard work.

Regards.

HangmansNoose001380

@nicknitro I can tell you that when I modded the bios I updated the Microcodes and the modules for video and network and I am currently running an i5-7500:

Mathias HH

Hi,

hast anyone a watchguard t70 or t30 running pfsense? I can get one of these and plan to start with pfsense on it.

Mathias

stephenw10

The T30 is an ARM device so nope. The T70 can be used but there is no driver for the switch interfaces so it requires hardware mods to use those ports. Significant risk of destroying it!
https://forum.netgate.com/topic/151470/watchguard-firebox-t70

Steve

soupman

I recovered the bios of the m370 and it is indeed unlocked.

My experience.
Laptop
usb-c (3.0 and 3.1) ---usb-c to usb a adapter---ch341A did not work. Drivers had to be installed manually. Still asprogrammer did not see the ch341a

Desktop
usb 3.0 -- ch341A worked, drivers loaded automatically after install.
recovery done with the desktop.

The ch341a is a risky board because of the 3.3v fault on it.
Thanks to all for the hard work and insights.

HangmansNoose001380

@soupman Thanks for the feedback. The earlier Ch341a's had a 3.3v issue that was corrected in the newer versions. It could also be possible to pull the 3.3v power connector (leave the ground) and just plug power into the box and program it with the it powered down, but I have not fully tested that method.

Mathias HH

@stephenw10 Thanks a lot for your Feedback, than i will try the T70

qinghua907

@hangmansnoose001380
Can you tell me how to change the password in BIOS? I have an m470, which may be different from the m370 motherboard. I want to modify the BIOS myself. Is there a tutorial?

HangmansNoose001380

@qinghua907 As stated above I don't have a method for removing the password as the Aptio V bios will regen it even if it is removed. The only way I have found to have an unlocked bios is to reflash a bios that doesn't have the password enabled (Lanner original/modified bios). I can't confirm this as I don't have a M470 but I believe the bios I used on the M370 is the same for the M470. I make no promises on this as it has not been tested. If you would like to test and validate if the same bios works or not pm me and I can send you a link to the bios I used. The instructions above should be the same but I take no responsibility for a bricked device. I would highly recommend following the section above to make a backup of the current bios and verifying it's valid before flashing the new bios. If you have a successful back you should always be able to revert to the default bios using the same methods.

qinghua907

@hangmansnoose001380 OK, please send me your BIOS download link, thank you

HangmansNoose001380

Just got a M470. I'm going to start testing to see if the same bios & process works for the M470.

HangmansNoose001380

Current testing:
Mod bios does indeed work for the M470. I assume this means it will also work with the 5 & 670. Xeon does work on the M470, currently running a Xeon E3-1260L v5. PCI-e works in the M470, won't run on the 370 as it requires the C236 chipset that is only in the M470+ models. Currently testing to make sure that all ports are working including the add-in card. Getting an E3-1240 v6 Xeon to test with as well as the microcode should allow any Skylake/Kabylake (5th/6th gen) processor.