Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5
-
@nimrod I can give it a try. Do you think it will work for the modded bios from the thread I referenced? As far as I can tell all the stock bios options lock out booting from the USB when another disk is present. I based those instructions off of people who were able to flash the modded ROM successfully at the time.
-
@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
@nimrod I can give it a try. Do you think it will work for the modded bios from the thread I referenced? As far as I can tell all the stock bios options lock out booting from the USB when another disk is present. I based those instructions off of people who were able to flash the modded ROM successfully at the time.
Your device is using AMI bios. And these tools are oficial AMI flash tools. Flashrom is good, but its very limited. On some devices like new motherboards it doesnt work at all. Cant read, cant write.
There is a command line switch that you can use and flash whatever you want. As long as the binary file is correct for the device you are using. As for the bios, you can always disconnect main drive. You dont need it for bios flashing anyway.
-
Why do you think that will not work? It worked for me and many other users. The XTM5 does not have a UEFI BIOS.
-
@stephenw10 said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
Why do you think that will not work? It worked for me and many other users. The XTM5 does not have a UEFI BIOS.
Dont get me wrong. It worked for me too. If you remember from other thread, i have Protectli device. Protectli coreboot implementation is flashed with their tool called flashli. This tool is a python script which is using flashrom under the hood.
However, on some motherboards flashrom just hangs even if it properly detects the chip. But official ami bios flash tool is able to read/write without any problems. Whether its legacy bios or uefi doesnt matter at all in this case.
Asus, Gigabyte and MSI go one step even further. Their chips are vendor locked and there is no software tool that can read them.
-
im back at this again. sofar today ive tried scripting the rom backup using a ms-dos and a freedos boot disk. that didnt work. i also tried just scripting a simple txt file to be made at boot in each version of dos. this didnt do anything either. its not the easiest to do this without a video out on the machine. dos doesnt play nice with serial console over usb. so without knowing exactly where the process is failing using this method, im currently back to the drawing board. looking for some fresh ideas if anyone has any.
-
@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
im back at this again. sofar today ive tried scripting the rom backup using a ms-dos and a freedos boot disk. that didnt work. i also tried just scripting a simple txt file to be made at boot in each version of dos. this didnt do anything either. its not the easiest to do this without a video out on the machine. dos doesnt play nice with serial console over usb. so without knowing exactly where the process is failing using this method, im currently back to the drawing board. looking for some fresh ideas if anyone has any.
Dos is using batch scripting. Make sure you redirect output into the file. Example without any parameters.
afudos.exe bios.bin > report.txtJust make sure you are executing this command from the directory on a flash drive or from the root of your flash drive. Repeat the whole process again, and then remove the flash an check report.txt to see why it failed.
-
@angelicadvocate I did compile the latest version 1.5.1 on a FreeBSD box. And copied it over to a 2.7.2, with two dependencies (which are available on FreeBSD 14).
flashrom -Landflashrom -Vdid work, I didn't test more.
You would need to installlibconfuseandlibftdi1Thinking about it, it may not be a good idea to write the BIOS with an untested software build.
But boot up an Live Linux distro which got a more recent version included may work.If you are crazy/trusting enough I can put the PKG file on my server for you to grab.
Or even better I can give you the ports files/diff and you can compile it yourself. -
@patient0 the issue seems to be that the newer versions of flashrom just dont support this board. i have tried with the latest version on several different OSes at this point. the last person i was able to find in the old thread that listed the version of everything they used was using flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p19 (amd64). pfsense 2.3.4 is based on freebsd 10.3 (i think) so im going to try it from there. i have located an iso and img of 2.3.4 and a copy of flashrom 0.9.9 so fingers crossed i can figure this out. it looks like there were some compatibility issues introduced with some hardware after flashrom version 1.x at least thats what im seeing everywhere i look. the biggest problem for now trying this is that the images i have for 2.3.4 arent the serial version. im trying to track down all the changes to redirect to serial to apply them manually but this is time consuming when you have to juggle back and fouth between two machines to get a display. if anyone has a direct download for the serial version of 2.3.4 that would be awesome.
@nimrod i couldnt get it to work. not saying it cant but this machine wont even generate a text with a simple script like "echo test > text.txt" since i dont have a way to hook up a monitor to see whats going on and i couldnt get dos to play nice with serial console im not even sure what i would try.
-
First thing I would try is just install 2.6 to get flashrom 1.2 since that was previously shown to work.
-
@stephenw10 i will try it thank you
-
@stephenw10 this might be a dumb question but is "pkg" broken in 2.6.0? if i try to use it for anything it tries to update to pkg 1.19.1_2 which isnt compatible with 2.6.0. im betting theres a flag to set to stop it from upgrading pkg before installing but i couldnt figure it out. for example if i run "pkg install flashrom" it will prompt to update pkg. if i type "n" then it cancels the install, if i click "y" then it updates to an incompatible version and then pkg is broken. i reinstalled 2.6.0 in case i just had a bad install but i saw the same behavior.
probably should have added this for context. after it updates pkg no matter what pkg command i run i get this:
[2.6.0-RELEASE][admin@pfSense.home.arpa]/root: pkg
ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by /usr/local/sbin/pkg not found -
It isn't but you must make sure the update branch is set to 2.6.
When you see lib errors like that it's almost always because it's pulled in a pkg from a newer version. In older versions the branch was automatically switched to a newer available version in order to show it to the user. That doesn't happen in 2.7.2 and newer. (or anything after 23.09 in Plus)
-
@stephenw10 i didnt realise this needed to be set in the web interface. thanks for that. fingers crossed ill have an update for everyone soon. im seeing promising results.
-
@nimrod @patient0 @stephenw10 thank you everyone for the help! im adding a how-to below in case it helps anyone else. if i should add this to the OG thread or link to it there let me know.
-
@angelicadvocate said in Can someone help me with the BIOS mod on really old hardware? Watchguard XTM 5:
@nimrod @patient0 @stephenw10 thank you everyone for the help! im adding a how-to below in case it helps anyone else. if i should add this to the OG thread or link to it there let me know.
I always edit original post title and add "[SOLVED]" at the thread title and then post solution at the end. But you can do it either way.
-
Yup either (or both) would be fine.
-
How to Flash an Unlocked BIOS on WatchGuard XTM 5 with motherboard MB-7580T and flash chip Micron/Numonyx/ST M25P80 (flash chip stamped 25P80VG) using pfSense 2.6.0
Prerequisites:
You will need the pfSense 2.6.0 image and the new rom file. You will also need 2 drives. I used two SATA drives.
(One for the installer image and one to install to.)
You will also need a USB to serial console cable. I used this one
Also helpful: PuTTY, win32diskimager, and preferably a computer with ssh access to the device.
(This can also be done through the web management UI. Diagnostics > Command Prompt)ROM here: https://misc.alpha-labs.net/pfsense/xtm5_83.rom
MD5 hash of xtm5_83.rom: e75bc93ca2db547a3facb8d611f0d441
(you can use "curl -O" or "fetch" to download them straight to the device.)
(Or, download the files from another computer and use a USB drive.)Step 1: Install pfSense 2.6.0
Install pfSense 2.6.0 on your WatchGuard XTM 5 device.
Download the pfSense 2.6.0 image and flash it to one of the drives.
(I recommend using win32DiskImager for this.)
Then connect both drives and boot the device.
Connect using PuTTY with the serial cable and use 115200, 8, 1, None, None.
Follow on screen installer instructions.2.6.0 .img file here: archive.org/download/pfSense-CE-memstick-serial-2.6.0-RELEASE-amd64
Step 2: Set Repository to 2.6.0 in Web Interface
Log into the pfSense web interface (192.168.1.1).
Go to System > Update > Update Settings.
In the Branch dropdown, select 2.6.0.
Click Save to use the correct repository for pfSense 2.6.0, and reboot the device.Step 3: Install flashrom
(I used ssh to access the shell for this part.)
In the pfSense shell, run: pkg update
(If you receive an error here try "pkg update -f")
Then run: pkg install flashromStep 4: Check flashrom Version and Verify Flash Chip Detection
Ensure that you have the correct version (v1.2) by running: flashrom --version
Next, verify that your flash chip is detected properly by running: flashrom -p internal
(Check to make sure you see this line in the output: Found Micron/Numonyx/ST flash chip "M25P80")Step 5: Backup Current BIOS
Back up your current BIOS with: flashrom -p internal -r /root/bios-backup.bin
(or change the backup directory and file name by modifying "/root/bios-backup.bin")
(I recommend copying the file directly to the location where you mounted the USB drive {e.g., '/mnt/usb'}.)
(Alternatively, you could just copy the file afterwards using the cp command)Step 6: Prepare the New BIOS File
Copy your BIOS file (xtm5_83.rom) to /root on the pfSense device.
Skip this step if you used curl or fetch to download the rom straight to the device.
(I recommend verifying the MD5)Step 7: Write the New BIOS
Flash the new BIOS with: flashrom -p internal -w /root/xtm5_83.rom
(Use the correct directory for where your rom file is located.)
(If you are in the same directory as the file just run "flashrom -p internal -w xtm5_83.rom".)Step 8: Shutdown and Power Off
To shutdown from the terminal run: shutdown -p now
(Remove the CMOS battery for at least 10 minutes. REQUIRED)Step 9: Power On and Test
After 10 minutes, reinsert the CMOS battery and power on the device.
Verify that the system boots correctly with the new BIOS.
ELI5:
Flash 2.6.0 to second disk
Install OS to primary disk.
Set Repository in webManagement to 2.6.0
Run the following commands in order one at a time:pkg update pkg install flashrom flashrom --version flashrom -p internal flashrom -p internal -r bios-backup.bin flashrom -p internal -w xtm5_83.rom shutdown -p nowRemove CMOS battery for 10 minutes
Verify changes. -
A angelicadvocate referenced this topic on
-
Nice!
Though Google killed sites so my site where I had the rom is now dead.
-
@stephenw10 thanks for the catch. fixed the post. i did manage to find another url hosting the rom but it seems ive misplaced it. if i ever come across it in my notes ill add it to the thread.
