Watchguard Firebox XTM 8 Series
-
Ok so as it stands my XTM 8 is locked in a never ending bios reboot due to a "CMOS Checksum Bad" error :(
How this happened is as follows:
I had flashed the Lanner FW-8750 firmware to the board - flashrom0.9.2 gave an error and to get on irc.
I spoke with idwer/stefan and a couple of other flashrom devs who were kind enough to compile the lastest flashrom (0.9.6.2 - I think) for pfsense 2.0.3 (many thanks guys).
However before that had come through, I flashed back the back up Bios - got the same error - rebooted and the XTM 8 was back to how it was from the factory ie bios locked but working.
I then followed the Lanner reps advice and used AFUDOS to flash the Lanner bios, which reported it had flashed successfully! and thats how I got to the never ending bios reboot :(
So at the moment I'm waiting on a SPI programming board to arrive from the US so I can flash the bios via the SPI header.
Eamon
-
Yikes, that's a message you never want to see. :o
Although the xtm8 is based on the 8750 is not an 8750, there are hardware differences that may mean the standard BIOS cannot work. Though I can't think what they might be.
Failed CMOS checksum is a fairly standard error after updating the BIOS. I take it you've tried clearing the cmos or trying to load the default values. I'm sure the flashrom guys will have discussed that.
You can always try the 4 resistors like I did. ;)
Steve
-
No it's not the message I wanted to see either!
The bios they sent was after I had supplied the serial number and board model/version so one would assume it would match!
Yeah I've cleared the cmos, it won't allow me to get into the bios which is the worst part :(
I'm avoiding the 4 resistors and going for a proper SPI programmer ;)
Eamon
-
More patient than me. :)
-
Not really, I just hate soldering ;)
-
Looks like I'll have to go the soldering route :(
I've tried the BlackCat SPI programmer but it just won't recognise the rom even though it supports it :(
Eamon
-
Is the ROM chip powered? How does it connect?
-
The rom chip is powered when the unit is in standby.
The SPI programmer connects directly to the SPI-ROM header on the motherboard. I've tried it every which way but no joy :(
Eamon
-
Well that's quite disappointing. A long wait for no result. :(
Good luck with the soldering. :)Steve
-
My XTM 510 is flashed with unlocked BIOS, thanks @ stephenw10. It works like a charm with pfsense.
Now i have two XTM 810 and will try to run pfsense on them. I want to get into the BIOS without luck.
Can someone tell me the correct serial settings for that and has someone a unlocked BIOS running?greetz from Germany
edit:
Get into Bios with keyboard connected to the XTM 810 and del key ok.
Now i try to make a cf with pfsense and run it and make a Bios backup file. -
Excellent. If you could post your success flashing the bios in the xtm5 thread that would be great.
I hope you have read through this whole thread. Eams discovered to his misfortune that the flashrom program is not compatible with the eprom in the xtm8. I think he also struggled using a dos flasher. I suggest you make sure you can read/write the chip via the SPI header before experimenting. ;)
No one has manger to get pfSense running on an xtm8 yet. One of the problems is that the console port is com2 and the Nano pfSense images are hardcoded to use com1.
Steve
-
Yes, nano bsd image do not boot.
I do not have spi, but two XTM 8. If something goes wrong i have a second chance :-)I think to install pfsense to the cf with a vm on a esxi server.
I report my experiences. -
Please keep us updated with anything you find. :)
Steve
-
Update
I was able to boot freedos and make a backup of my XTM810 bios.
Test to flashback the bios was ok. But i can not load the bios in any editor i found. :-(
Here is a link if someone need it.http://uploaded.net/file/kzeu66vy
Can someone tell me a tool to look into the bios?
Now i made the original XTM OS image on the cf and boot the box with logging in putty. Here is the output file.
http://ul.to/jxmxmvul
-
How did you boot FreeDOS? Using com2 using a video card? I'm not sure if Eams ever managed to boot it.
The log is interesting, you'll notice it's on ttyS1 but the pfSense images are hardcoded for ttyS0. At least I believe they use the I/O and memory addresses directly. One possible solution to that would be to swap those addresses in the BIOS if it can be unlocked.If you read back through the thread you'll see we had trouble opening the file also. It seems the BIOS file is available in two types, the bios code itself and a container file than has additional information. The bios editors can only open the code and not the container. By opening the larger file in the hex editor and comparing it to a known bios file I was able to remove the code from the container and open it in amibcp but I have no idea if it can be put back into the container.
Steve
A page referencing the two file types can be found here. Of course it doesn't apply directly.
-
I was able to open my bios backup file in a Windows XP VM with "MMTOOL V3.22 BKMOD".
It show me the correct Bios Version and many things. So i think the Bios is ready to edit but i don' t know what to do.
I hope it is a step forward :-)
Here is a screenshot from this tool.http://ul.to/2c1k11h0
I booted freedos from the CF, but it only boot with an option at boot time.
F8 to use single step boot and than esc key brings me to a prompt. Than dir to the bios folder where i have copied the afudos.exe.
This works fine, i made the backup and i flashed the backup to test. Always with no errors.
When i find the time today i make pictures from the boot and bring it online. -
Interesting.
So are you using a usb keyboard? A video card in the box? I assume you aren't using serial since I don't think afudos would work. :-\You have to use AMIBCP to edit the bios parameters, MMtool is for adding or removing modules. It's interesting that your backup file is 1MB. All the backup files we have from other methods are 2MB which causes problems. Given that your file is only 1MB you should be able to open it in AMIBCP. I'll download your backup file and try it.
Steve
-
I don' t use vga card. I try it with the vga connector but i don 't know the right pins i have to connect to the vga cable.
All i have done is with serial connection via RS232 and putty on 115200 baudrate.
All done with a USB Keyboard connected to XTM810.My backup will not load in amipcb. :(
I have made a video how i get the bios file. The Upload is very huge and takes an hour.
http://youtu.be/S7ZGi3sCJDQ
-
Ah! Thanks for that. :)
So you're using the freedos image I posted but interrupting the boot process before it switches to serial console. This relies on the bios serial redirect code to function. Worth baring in mind if you ever change anything, serial port parameters, redirect settings etc.Steve
-
I downloaded your bios backup file and it opened fine in AMIBCP 3.46. :)
Here is a modified version: https://sites.google.com/site/pfsensefirebox/home/xtm8v1.rom
The only thing I have done is changed the user access level defaults from 2 (limited) to 3 (full). The MD5 of the file is f831c43035334db94f070644ca272380. I did try to add some text but it didn't like that so I that's the only change I've made.Obviously you flash this at your own risk!
Steve
