Watchguard XTM 5 Series



  • @t-rexky:

    I have not attempted to fiddle with the rest of the code to correct the factory errors.  I find the code very confusing, with my limited coding experience - I have done mostly C in the past.  I tried the Intel reference manual but that was of not much help either.  So if you recall how you fixed the errors it would be great to see a diff.

    I have now confirmed that the BIOS (and the CPUs of course) support C1E state, so when idle the power is already as low as it can get even without SpeedStep.  The benefit will be at partial loads, but I'm not sure how to quantify it.  I looked at it this way - if I can spend a bit of time now and learn in the process it's worth it, even if it saves me only a few $ over the deployment time.  At my rates here 1W a year is about $1 saved  ::)

    have you tried the dsdt editors? theres apparently one on mac that will spit out errors you have and correct them for you, not sure if i trust it though. (thats provided you have access to a mac).



  • @stephenw10:

    Yes, seems to.  But I've just seen a horrible typo!  :-[

    Edit: OK this looks better. Works OK here but YMMV. To be honest it doesn't do much from my testing. Maybe 1W less, at idle at least.

    Steve
    [/quote] @stephenw10  So is speedstep working on the e8400 with your files you linked by loading this at bootup?



  • Has anyone got 2.4.3 update working on XTM 5 yet? For me 2.4.2 update works fine. But if i try updating from 2.4.1 to 2.4.3 the unit stops booting. Any ideas?


  • Netgate Administrator

    @747builder: Yes. Loading the compiled .aml file at boot works as long as you're running a BIOS with Speedstep unlocked and enabled.

    @diesel678: Yes, running 2.4.3 here. Had no issues upgrading.

    Edit: Typo



  • I measured my youngest (manufactured in 2015) XTM5 box power consumption with the Q9505S CPU in all power states with all cores loaded using mprime.  This unit is also equipped with 80+ PSU made by FSP, as opposed to my other two units that have Seventeam PSUs.  The idle power consumption on this box is only 37W.  But in my measurement I also discovered why Lanner / WatchGuard might have disabled Speedstep.  Basically, it looks like the box power consumption savings are smaller than the extra processing time required by the CPU caused by reduced frequency, resulting in net power consumption increase rather than decrease!  See the attachment.

    A good practical case study would be to measure steady state power consumption of a XTM5 box in actual installation with both BIOS configurations.  Like a unit doing all its routing / firewalling / UTM duties under controlled traffic…

    Edit: I had a momentary lapse of reason and the numbers in the attachment are obviously incorrect, since they assume that when the box is idle it consumes 0W as opposed to 37W.  I will post corrected numbers later tonight, but there is a notable overall power saving, so implementing SpeedStep remains worthwhile.

    ![XTM5 Speedstep Power.jpg_thumb](/public/imported_attachments/1/XTM5 Speedstep Power.jpg_thumb)
    ![XTM5 Speedstep Power.jpg](/public/imported_attachments/1/XTM5 Speedstep Power.jpg)



  • Ok, fresh off the press, here are the corrected power consumption numbers and net energy use for XTM5 with Q9505S in each available processor power state.  Note that I was able to load the CPU more consistently by selecting a different mprime torture workload and I repeated each test several times to eliminate measurement variability.  Also note that I reformatted the table to make it easier to understand. The numbers look very good and I will definitely keep Speedstep enabled in my deployed box.  Under partial loads the energy savings are substantial!

    Peter.

    Edit: Cleaned-up the attached image for additional clarity.

    ![XTM5 Speedstep Energy Usage.jpg_thumb](/public/imported_attachments/1/XTM5 Speedstep Energy Usage.jpg_thumb)
    ![XTM5 Speedstep Energy Usage.jpg](/public/imported_attachments/1/XTM5 Speedstep Energy Usage.jpg)


  • Netgate Administrator

    Nice! Guess I'll leave it enabled then.  ;)

    I'll do it anyway just to see how it affects stability, if at all.

    Steve



  • I've read in a different thread that you do not need to flash the bios on an XTM 505 if you use a hard drive to boot pfsense. I can get the hard drive to boot on a different machine but on my XTM 505 it boots up shows me the bios and just plays a weird post jingle. When I get into bios everything is still view only. So I'm guessing I will have to flash it. Is there a particular bios I should flash with?


  • Netgate Administrator

    Yes, it should be possible to boot without flashing the BIOS. I may have already unlocked mine before I put an SSD in there. It certainly boots a CF card without any change.

    Either the image I tweaked ages ago or t-rexky's image linked above should unlock the options and allow you to choose what to boot from.

    There are details on flashing it earlier in this thread.

    Be aware that flashing your BIOS is always inherently risky and that doing so with an image you downloaded from a forum even more so.  ;) Your box may end up a brick etc etc

    Steve



  • @stephenw10:

    Yes, it should be possible to boot without flashing the BIOS. I may have already unlocked mine before I put an SSD in there. It certainly boots a CF card without any change.

    Either the image I tweaked ages ago or t-rexky's image linked above should unlock the options and allow you to choose what to boot from.

    There are details on flashing it earlier in this thread.

    Be aware that flashing your BIOS is always inherently risky and that doing so with an image you downloaded from a forum even more so.  ;) Your box may end up a brick etc etc

    Steve

    Got it, thank you. The only CF card I have at the moment is the 1GB that came with the Watchguard. When I used Win32DiskImager to image that card with your rom it still wont boot to the CF card. Is there a size limitation or am I goofing something up?



  • What do you mean by "When I used Win32DiskImager to image that card with your rom it still wont boot to the CF card."?  You need a CF card with a bootable OS on it, BSD or Linux, a file with the BIOS image and installed 'flashrom' tools to actually do the reading and writing of the EPROM…

    Also, the XTM5 boxes boot from SATA devices if there is no CF card installed without a need to flash the BIOS, so there is something else gone south with your attempts.  So, unchanged factory BIOS with factory settings should successfully boot a SATA drive as long as you remove the CF card.  All you need to do is unplug the CF card and plug-in the SATA drive, then power-up.



  • @t-rexky:

    What do you mean by "When I used Win32DiskImager to image that card with your rom it still wont boot to the CF card."?  You need a CF card with a bootable OS on it, BSD or Linux, a file with the BIOS image and installed 'flashrom' tools to actually do the reading and writing of the EPROM…

    Also, the XTM5 boxes boot from SATA devices if there is no CF card installed without a need to flash the BIOS, so there is something else gone south with your attempts.  So, unchanged factory BIOS with factory settings should successfully boot a SATA drive as long as you remove the CF card.  All you need to do is unplug the CF card and plug-in the SATA drive, then power-up.

    Ok, obviously I'm being a dummy about the BIOS then. Thanks for the info. I guess I still have some troubleshooting to do with the SSD then.. I can boot pfsense if I plug the SSD into another machine. But for whatever reason the Watchguard just sits there stuck at the different startup options.



  • Keep in mind that the XTM box BIOS defaults to IDE mode on SATA, not AHCI.  If you installed pfSense on a machine in AHCI mode then perhaps it chokes on the XTM in IDE mode…  I don't know enough about pfSense driver implementation to be able to talk intelligently about this.  Hopefully someone else can chip in.



  • @t-rexky:

    Keep in mind that the XTM box BIOS defaults to IDE mode on SATA, not AHCI.  If you installed pfSense on a machine in AHCI mode then perhaps it chokes on the XTM in IDE mode…  I don't know enough about pfSense driver implementation to be able to talk intelligently about this.  Hopefully someone else can chip in.

    I did notice the system was in AHCI mode when I was installing to the hard drive. I swapped it to IDE and then booted to a DVD of pfsense and then reinstalled to the drive but I'm getting the same results. I'll test creating the installation media in IDE as well.



  • If you’re wanting to unlock the bios I would remove the CF card and run straight from the ssd and get it working first. Then follow the instructions on page three of this forum. I believe I used putty and fetched it directly and then updated the bios that way.

    @stephenw10:

    Investigating the XTM8 box caused me to re-investigate the various bios editing tools available and I have now found that newer versions of amibcp are able to correctly edit the SuperIO tables without corrupting the bios in the process. So now we can have the bios correctly configure the SIO chip for gpio use and set the arm/disarm LED to red at boot, which seems like the way it should have been all along.

    Flashing the bios is always a risk and I have bricked my own box doing it many times! However it was always due to a corrupt bios file rather than the flashing process itself and it is possible to recover from a bad flash (see earlier posts here). So the modified bios file is here. Flash at your own risk!

    Modifications are:
    Bios setup menus are unlocked and some aditional menus are unhidden.
    LCD now reports 'pfSense V1.8' at boot time.
    Speedstep is unlocked and enabled if you have a compatible CPU.
    Arm/Disarm LED is now red from boot.

    Probably the safest way to get this file, least chance of corruption, is to fetch it straight to the box.

    [2.1-BETA1][root@pfsense.localdomain]/tmp(10): fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
    xtm5_83.rom                                   100% of 1024 kB 1957 kBps
    
    

    You can then also check its MD5 sum is correct:

    [2.1-BETA1][root@pfsense.localdomain]/tmp(11): md5 xtm5_83.rom
    MD5 (xtm5_83.rom) = e75bc93ca2db547a3facb8d611f0d441
    
    

    Then write it with flashrom from there:

    [2.1-BETA1][root@pfsense.localdomain]/tmp(13): flashrom -w xtm5_83.rom
    flashrom v0.9.5.2-r1515 on FreeBSD 8.3-RELEASE-p8 (i386), built with libpci 3.1.9, GCC 4.2.1 20070719  [FreeBSD], little endian
    flashrom is free software, get the source code at http://www.flashrom.org
    
    Calibrating delay loop... OK.
    Found chipset "Intel ICH7/ICH7R". Enabling flash write... OK.
    Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000.
    Flash image seems to be a legacy BIOS. Disabling coreboot-related checks.
    Reading old flash chip contents... done.
    Erasing and writing flash chip... Erase/write done.
    Verifying flash... VERIFIED.
    
    

    It may be necessary to reset the CMOS with the on board jumper to get access to the bios menus. My box has been unlocked for so long I can't remember if I had to and I have no easy way to test.  ::)

    Steve



  • I made some additional BIOS tweaks and I think I am now done.  One thing I was still unable to get working is the password protection of the BIOS - no matter what I tried the unit always bypasses the password check when entering BIOS setup.  It has been this way ever since I unlocked it.  Here is the list of changes:

    ACPI_AML version 0x03:
    Introduced independent BIOS minor version codes for ACPI_AML revisions
    BIOS branch x.x.An for E3400 CPU, where n is the ACPI_AML revision
    BIOS branch x.x.Bn for Q9505S CPU, where n is the ACPI_AML revision
    Changed 'Sign On Message' to include 'Unlocked v1.9.A3 / E3400 PT'.
    Changed 'Sign On Message' to include 'Unlocked v1.9.B3 / Q9505S PT'.
    
    XTM515-BIOS1.3-UNLOCKED1.9:
    Modified BIOS Strings from 'Fan confiruration' to 'Fan configuration'
    Modified DVMT BIOS String "This setting is only available for WinXp." to "This setting is only for WindowsXP." & introduced line breaks.
    Changed Failsafe and Optimal IDE mode to AHCI (00 -> 02)
    Changed Failsafe and Optimal 'Remote Access Term Type' to VT100 (00 -> 01)
    Changed Failsafe and Optimal 'Always CF Card Boot' to Disable
    Changed 'Sign On Message' to include 'Unlocked v1.9 PT'.
    
    XTM515-BIOS1.3-UNLOCKED1.8b:
    Corrected all ACPI_AML iasl Warnings based on "Internet wisdom"
    Corrected all applicable ACPI_AML iasl Remarks, 17 benign Remarks remain
    Introduced all eight P-states in ACPI_AML for E3400 CPU
    Corrected P-sate power consumption values based on XTM5 power measurements
    Changed 'Sign On Message' to include 'Unlocked v1.8b PT / E3400'.
    Changed 'Sign On Message' to include 'Unlocked v1.8b PT / Q9505S'.
    
    XTM515-BIOS1.3-UNLOCKED1.8a:
    Implemented P-state dependencies _PSD in ACPI_AML.
    Changed 'Sign On Message' to include 'Unlocked v1.8a PT / E3400'.
    Changed 'Sign On Message' to include 'Unlocked v1.8a PT / Q9505S'.
    
    XTM515-BIOS1.3-UNLOCKED1.8:
    Changed 'Sign On Message' to include 'Unlocked v1.8 PT / E3400'.
    Corrected ACPI version help string line breaks in "Enabled RSDP pointers to 64-bit [...]".
    
    XTM515-BIOS1.3-UNLOCKED1.7:
    Changed 'Sign On Message' to include 'Unlocked v1.7 PT / E3400'.
    Modified LCD boot string from "WG BIOS 1.3" to "Firewall UTM" in module 1B (Single Link Arch BIOS).
    
    XTM515-BIOS1.3-UNLOCKED1.6:
    Changed 'Sign On Message' to include 'Unlocked v1.6 E3400 PT'.
    Created two ROM branches, one for E3400 CPU and one for Q9505S CPU.
    
    XTM515-BIOS1.3-UNLOCKED1.5:
    Changed 'Sign On Message' to include 'Unlocked v1.5 PT'.
    Enabled 'PCIPnP' and 'Chipset' menus.
    Enabled 'CPU Configuration' submenu in 'Advanced' menu.
    Enabled 'ACPI Configuration' submenu in 'Advanced' menu.
    
    XTM515-BIOS1.3-UNLOCKED1.4:
    Updated platform 11 CPUID 1067a microcode to version a0b.
    
    XTM515-BIOS1.3-UNLOCKED1.3:
    Disabled 'Lan ByPass Control' submenu in 'Advanced' menu.
    Modified BIOS Strings from 'Port0 AHCI Speed limit to' to 'Port0 AHCI Speed limit' for Port0 to Port3.
    
    XTM515-BIOS1.3-UNLOCKED1.2:
    Changed 'Aways CF Card Boot' to 'Show' in 'Advanced' menu.
    
    XTM515-BIOS1.3-UNLOCKED1.1:
    Unlocked the BIOS by changing 'User Access Level' to 03 in 'Security' menu.
    

    And those who are interested can download it from here:

    https://www.dropbox.com/s/icnp3jloiw5rnyb/XTM515-BIOS-v1.9.zip?dl=0

    As before, I included the factory and the modified ACPI tables in source format (.dsl) and compiled format (.aml).

    DISCLAIMER: These work great for me, but please USE AT YOUR OWN RISK.


  • Netgate Administrator

    Did you add the code to set the ARM LED red? Don't think I can live without that now.  ;)

    Steve



  • @t-rexky:

    Keep in mind that the XTM box BIOS defaults to IDE mode on SATA, not AHCI.  If you installed pfSense on a machine in AHCI mode then perhaps it chokes on the XTM in IDE mode…  I don't know enough about pfSense driver implementation to be able to talk intelligently about this.  Hopefully someone else can chip in.

    Figured out what my problem was… I was trying to boot on a GPT partition scheme.. I know what I'm doing, I swear!



  • @stephenw10:

    Did you add the code to set the ARM LED red? Don't think I can live without that now.  ;)

    Steve

    Unfortunately no, this is one of the features that I personally did not require.  I presume it's fairly trivial to implement?


  • Netgate Administrator

    Yes just add the registers and values to the bootblock SIO table.

    | Register | Value | Description |
    | 07 | 08 | Logical device to 8, GPIO2 |
    | 30 | 01 | Enable GPIO2 as GPIO |
    | f0 | cf | Set bits 4 & 5 as output |
    | f1 | 20 | Set bit 5 high, Red |



  • Looks pretty straight forward, thanks for the info!  I also looked up the data sheets to confirm I understand what this is changing.


  • Netgate Administrator

    I spent more hours than I care to admit reading that datasheet!  ;)
    Finding those values when the GPIOs are not enabled by default required a lot of trial and error.

    Steve



  • I can only imagine how many hours you spent on this!  Reverse-engineering can be a lot of fun, but with a general purpose chip and so many possibilities this must have been labour of love…

    I modified the most recent version of my unlocked BIOS to implement the LED initialization to red and the adventurous can obtain the file from my dropbox:

    https://www.dropbox.com/s/o09qcz21apu4dk6/xtm515-bios1.3-unlocked1.9.led.rom.zip?dl=0

    This has been tested on one of my units and it works fine.  Please note that this version does not implement any SpeedStep definitions - it is effectively the unlocked WatchGuard factory BIOS with all my other tweaks.

    Peter.



  • Back once more with a little bit of the BIOS modifying information that I promised a while ago.  Unfortunately I do not have the time to write elaborate instructions, but in any case there is a minimum amount of knowledge required in order to be successful, so just a few pointers should be enough.

    Fundamentally, a few software tools and files are required that one can locate on the "net" with a little bit of effort. As always, be cautious about the source and do the required virus checks, etc., especially for items 1 and 2 below:

    • AmiBCP-3.51.zip

    • MMTool_322_1B_21Fix.zip

    • Intel IASL compiler tools for platform of your choice (I compiled it for my Mac) to modify the ACPI module

    • Any hex editor if you would like to change the string displayed on the LCD

    • Intel microcode update files for your CPU

    The AmiBCP program is used to unlock the BIOS, modify the displayed menus, enable the red LED, change boot version string, change any other BIOS strings, etc.

    The MMTool program is used to extract/insert/replace individual modules within the BIOS.  For example, you can use it to replace the microcode for the specific platform and cpuid, or you can replace the ACPI_AML module with one that contains the Speedstep configuration specific to your CPU.

    For a little bit more information I would refer you to the realm readme file in my unlocked BIOS archive that I posted a little bit ago.  I tried to be a little bit more descriptive in it and indicate where the changes are being made.  It should be a good starting point.

    Peter.



  • I've successfully upgraded an XTM 505 and 515 using the following DIMMs.
    XTM 505: CRUCIAL CT25664AA800.K16F (2 GB 240-PIN DDR2 DIMM UNBUFFERED)
    XTM 515: G.SKILL F2-6400CL5D-4GBPQ (DDR2 2GB PC2-6400 CL5-5-5-15 1.8V-1.9V) @wildio:

    Hi everyone!  Thanks for all the info in here.  With it, I've managed to convert an XTM 515 to a very nice Sophos box.  However, I keep getting stuck on upgrading the memory.  I've tried everything I see here and nothing is working.  Does anyone have a link or part number for the memory I will need?  Would be super awesome!  Don't think Amazon is going to let me return anything else for another 10 years probably.






  • Hi All,

    First post with plenty of reading ahead so glad to have found this forum and great to see such a strong community.

    Very much rookie status so looking for basics of what I'm missing to get going again.

    So far Ive done the following:

    Upgraded both XTM530's with ram 4gb and c2d e8400 proc's
    Burnt 2 4gb cf cards one with pfsense 2.43 serial image and freedos1.2 using win32disk
    Using putty and usb/rj45 fdti chip console cable to connect via console port

    Using tab I can access locked bios and navigate through menus, however when I let either
    box with either card boot with burnt images 530 boxes seem to freeze with no sign
    of OS's running, only cursor in top left or centre of screen unresponsive.

    AMIBIOS(C)2006 American Megatrends, Inc.
    MB-7580 Ver.WD0 04/26/2010
    CPU : Intel(R) Core(TM)2 Duo CPU    E8400  @ 3.00GHz
    Speed : 3.00 GHz

    Press DEL to run Setup (F4 on Remote Keyboard)
    Press n if you want to boot from the network
    Press F11 for BBS POPUP  (F3 on Remote Keyboard)
    The MCH is operating with DDR2 667
    DRAM Timing: Tcl:5/Tras:15/Trp:5/Trcd:5/Twr:5/Trfc:44/Twtr:3/Trrd:3/Trtp:3
    Initializing USB Controllers .. Done.
    4062MB OK

    Have I missed step or could there be something wrong with hardware or images burnt?

    Lastly CPU seems to be running unusually hot at 65 degrees celius so could this be related?

    thanks


  • Netgate Administrator

    What exact image did you use? At what point does it appear to freeze?

    65C does seem very hot. How are you measuring that? Is the heatsink seated correctly? Fans running?

    Steve



  • Hi Steve.

    Googled after posting and 65deg seems to be mid range for that proc where the second box
    with slower proc runs cooler at 38deg.

    conflicting results from further testing??

    Both boxes "seem" to freeze after the controller cards loads the CF card images
    pfSense-CE-memstick-serial-2.4.3-RELEASE-amd64.img


    AMIBIOS(C)2006 American Megatrends, Inc.
    MB-7580 Ver.WD0 04/26/2010
    CPU : Intel(R) Core(TM)2 Duo CPU    E8400  @ 3.00GHz
    Speed : 3.00 GHz

    Press DEL to run Setup (F4 on Remote Keyboard)
    Press n if you want to boot from the network
    Press F11 for BBS POPUP  (F3 on Remote Keyboard)
    The MCH is operating with DDR2 667
    DRAM Timing: Tcl:5/Tras:15/Trp:5/Trcd:5/Twr:5/Trfc:44/Twtr:3/Trrd:3/Trtp:3
    Initializing USB Controllers .. Done.
    4062MB OK

    Auto-Detecting Pri Master..IDE Hard Disk
    Pri Master : SanDisk SDCFH-004G  HDX 6.03
                Ultra DMA Mode-2
    Auto-detecting USB Mass Storage Devices ..
    00 USB mass storage devices found and configured.

    0078


    However the orig watchguard CF card doesnt seems to freeze still running after 7-10mins

    Though strangly after in the bios for 3-5mins it freezes



  • Netgate Administrator

    Hmm, my box with that same CPU rarely gets above 45C. However that's mostly idle and booted into the OS where it's running various CPU halt features to reduce usage. The BIOS setup does not do that.

    Also your CPU target temperature is 70C so the fans are probably not spooling up.

    I would expect it to boot that image if it's written to the CF card correctly (I recommend using Etcher) but that's an install image meant for installing to something else like an SSD maybe.

    You might try booting a Nano image as a test: https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.3.5-RELEASE-2g-amd64-nanobsd.img.gz

    Steve



  • I've removed cleaned and repasted the E8400 proc with similar bios temps
    but guessing that is secondary at this stage.

    the second box runs at 45dec Celsius so will look at first box temps

    Swapped out ram, hdd, switched sata ports, replaced drive, removed partitions but cf card with image above still
    wont boot BUT can confirm both boxes boot and work from nana image using etcher which
    confirmed was burned sucessfully.

    Downloaded last image from pfsense NY USA site where first image was pfsense asia

    Will try 2.35 serial amd64 installer but doesnt seem likely will work given 2.43 is stable

    Running out of idea of than that?

    EDIT: sigh 2.35 did start and installed to hdd so back to troubleshooting why 2.43 wont install on my XTM530?


  • Netgate Administrator

    Did you verify the file checksum?

    Allow Etcher to extract the file? (write the img.gz file directly).

    I have done exactly that on my box here and it worked fine.

    You can always just update from 2.3.5.

    Steve



  • didnt know etcher could extract the img.gz file but great feature.

    In hindsight may have well been a checksum error, as again downloaded 2.43
    serial from another pfsense site and it installed last night.

    We learn the most "doing" through our own and other peoples experiences so
    thanks so much Steve and hope others will benefit from this.



  • Next ;) would like to unlock the bios with added features, from your experience which is the
    latest safe image I could upgrade too?

    And the cpu fans are definitely spinning up high then slows which I repasted the cpu heatsink, what else could
    be causing the high temps. The heatsink sheild are warm to hot so transfer seems effective.


  • Netgate Administrator

    I think either of the two images linked in this thread should be fine. I've only tested the one I modified. Quite a few people have flashed that now and I haven't had any reports of failure.

    t-rexky's bios includes the modified DSDT table if you have one of the CPUs he's using.

    Flashing the BIOS is inherently risky. You have been warned etc! 😉

    Steve



  • Thanks Steve.

    I'm guessing the failure rate when flashing is very low, much the same as a pc motherboard
    as you say noone has reported failure? 👀

    Did I recall seeing someone or you sucessfully recovering a bricked unit with with some hardware
    or replacing the bios chip but again guessing its surface mounted


  • Netgate Administrator

    Yeah, I bricked mine a few times using an older bios editing program that had glitchy results. I recovered it using 4 resistors and a parallel port cable. I don't think I have anything with a parallel port that still work though. 😉

    The actual images available now

    Steve


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy