Watchguard XTM 5 Series
-
@stephenw10 I burned the CF Card with Rufus and checked that it was bootable with BootableUSBTest. Here's all I get on boot:
https://pastebin.com/sthY2FXC
I did notice that my CPU is HOT (!!) 65-72 at idle. I'm wondering if I might have received a bad CPU or if I didn't apply enough thermal paste and it overheated. Think that could cause the problem?
-
It will run hot with only the BIOS setup, there is no CPU idle process at that point.
The fact it's showing the BIOS setup proves the CPU is good.
That output is at 115200bps?
Steve
-
This post is deleted! -
@stephenw10 Yes, 115200.
When I first received the unit it would boot and then the console would cut off. After I reconnected it would show me the pfsense boot sequence. Once I flashed the bios, it wouldn't require the reconnection and displayed it all straight through.
It's actually acting the same way as the locked bios would with 3 exceptions. 1) Reconnecting doesn't yield any further console output. 2) The hard drive light initially blinks a bit and then stays solid on. 3) The cursor doesn't jump around at all.... It sits at the end of the boot sequence and doesn't move any further.
-
Hmm, hard to know what to suggest there then. You might try resetting the CMOS just in case it's picked up some rogue setting.
Steve
-
@stephenw10 yeah, I've pulled the battery and left the power off overnight and no change. It's a real stumper. :/
-
You have anything else you can test the CF card in?
Are you using the standard BIOS? You might try writing the unlocked one just to set the registers.
Steve
-
@stephenw10 Yeah. :/ It's the unlocked bios already and I don't have a way to flash anything else until I can get it to boot. I've got a new CF Card and processor I'm going to try tonight. Running out of other ideas.
-
I'm also in the process of turning an XTM 5 into a usable box with pfsense.
I've been reading various forum threads, blogs about the subject. But the details (which can be crucial...) are still a bit vague.- I have no problem at all with console redirection. I can see BIOS POST, the Watchguard boot-menu and startup log and eventually the login prompt are all visible and usable with default serial console settings (baudrate 115200).
- I first created my own console cable (db9 to rj45) while waiting for delivery of a proper USB console cable. Double checked the pinout on my home-made cable but it wouldn't take my keyboard input, just display output of the XTM. Still don't understand why it doesn't work, but the ordered USB variant works fine....
- Installed pfsense to a hdd using a donor PC as described in many places. However, XTM fails to boot from hdd (with or without a CF card inserted). Not sure if it is due to donor-PC being in AHCI mode, or because I need to change boot-order of XTM in bios. Or maybe it is booting but i just don't see anything since my console is at 115200 baud and (i think) pfsense defaults to 9600? I would expect at least to see some garbage output if the baudrate is incorrect? I did read somewhere the XTM boots from SATA if CF is missing, but in other posts people seem convinced bios must be unlocked and boot order changed.
Next step: I need to unlock bios, either to enable AHCI mode and change boot device order. Can't find any good instructions for this, so i'm just going to try writing $random_linux live image to a spare CF card (and then use flashrom with xtm5_83.rom). That should allow me to enter and change bios settings to further debug booting from the hdd. fingers crossed
-
@samtap I believe you have to flash the PFSense HDD with an MBR boot record. I played around with this a bit using Rufus to write the image -- I don't remember the exact settings that I used but it sounds like that is your issue.
-
I would expect it to boot a HD if there is no other boot media present. You can only change the boot order with the unlocked BIOS but the HD should be in the list, USB is not. Though I don't recall now if I ever tried it. It's been way too long.
pfSense has defaulted to 115200 for the console speed since 2.2 so you should see something there if you enabled the serial console on the install.
You can write the BIOS from flashrom in pfSense. If you write a Nano image to a CF card that will boot.
Steve
-
Right now the issue i'm facing is entering the BIOS. It says to press the DEL key or F4 on remote keyboards. I think in vt100 mode the del key works, and in ansi mode the F4 key (escape sequence). But it just halts the boot process, i.e. it doesn't boot Fireware from the CF card, display reads 'Watchguard` but it doesn't load the BIOS, the output just freezes :-(.
-
@samtap It's actually the tab key on vt100.
I was finally able to get mine to boot again. I don't know if I had a bad CF card or if my processor was causing issues. Another E8500 was <$10 so I swapped that out and replaced my CF card. Wrote the image on my card reader from Windows with Rufus and it booted right up. It still has an issue where occasionally the console will continue past the bios with (my guess) black on black text.... but pulling the cables and re-initializing putty brings it back up.
From the CF card I installed PFSense to a 60gb hard drive that I pulled out of an early macbook. I'd rather not worry about burning up the card. I've not stressed it, yet but my temps are much lower and I haven't received any i/o errors, yet.
I believe I've been successful. Finishing up the rest of my network rack tonight and I'll configure and deploy it. Fingers crossed!
-
Yes, use TAB to enter the BIOS setup over serial. However everything (except the date and time?) is read-only in the standard BIOS.
You should not need to enter the BIOS to boot from CF though.
Steve
-
Thanks @Fffrank and @stephenw10, it is the TAB key! Would have taken me forever to find that out by myself ;-). I know the bios is locked but it's good to know I can access it once i've flashed the unlocked/modified bios.
-
@t-rexky Hi - we decommissioned a couple of gen 2 (04/26/2010 Bios) XTM510's last year. We've been running pfSense as routers on vmWare for several years but it's always a bit of a challenge having them virtual when it comes time to shut down the environment. If I can get the XTM510's converted I'll use them instead of the VM's that have served so well for the last couple of years.
Long story short, have succeeded in copying an install image to the 1GB CF and then installing 2.4.4 64bit to a 120MB SSD and booting to that. Interfaces are up and all seems green. Getting ready to replace the original Celeron 440's with a couple CoreDuo E5700's that I picked up off of eBay.
Can I use the your BIOS image to update my current locked American Megatrends 080015 (Rev. 8.15) with the Core Duo E5700's?
-
Yes you can. You would probably want to use the most recent file of his or the file I modded long ago as they don't contain DSDT speedstep data which the other do and wouldn't match your CPU.
Steve
-
@stephenw10 Thanks for your reply - I assume his latest that will work for me is this?:
t-rexky 5 months ago
I can only imagine how many hours you spent on this! Reverse-engineering can be a lot of fun, but with a general purpose chip and so many possibilities this must have been labour of loveā¦I modified the most recent version of my unlocked BIOS to implement the LED initialization to red and the adventurous can obtain the file from my dropbox:
https://www.dropbox.com/s/o09qcz21apu4dk6/xtm515-bios1.3-unlocked1.9.led.rom.zip?dl=0
This has been tested on one of my units and it works fine. Please note that this version does not implement any SpeedStep definitions - it is effectively the unlocked WatchGuard factory BIOS with all my other tweaks.
-
Yes, I believe that should work though I've not tested it myself.
-
@stephenw10 Well, better to be safe than sorry, I have pulled down both of your images - just to verify -
There were a few posts several years ago that said you had to have EXACTLY the 02/03/2010 BIOS, but from what I understand from you and t-rexky your versions are ok to flash over the 04/26/2010 BIOS? Since I have spent a bit of time and a little dough shopping to get new disks, cpus and memory, I don't want to end up with nothing to put them in!Thanks again for your responses and all the work you guys have put into this over the years.