Watchguard Firebox XTM 8 Series
-
My XTM 510 is flashed with unlocked BIOS, thanks @ stephenw10. It works like a charm with pfsense.
Now i have two XTM 810 and will try to run pfsense on them. I want to get into the BIOS without luck.
Can someone tell me the correct serial settings for that and has someone a unlocked BIOS running?greetz from Germany
edit:
Get into Bios with keyboard connected to the XTM 810 and del key ok.
Now i try to make a cf with pfsense and run it and make a Bios backup file. -
Excellent. If you could post your success flashing the bios in the xtm5 thread that would be great.
I hope you have read through this whole thread. Eams discovered to his misfortune that the flashrom program is not compatible with the eprom in the xtm8. I think he also struggled using a dos flasher. I suggest you make sure you can read/write the chip via the SPI header before experimenting. ;)
No one has manger to get pfSense running on an xtm8 yet. One of the problems is that the console port is com2 and the Nano pfSense images are hardcoded to use com1.
Steve
-
Yes, nano bsd image do not boot.
I do not have spi, but two XTM 8. If something goes wrong i have a second chance :-)I think to install pfsense to the cf with a vm on a esxi server.
I report my experiences. -
Please keep us updated with anything you find. :)
Steve
-
Update
I was able to boot freedos and make a backup of my XTM810 bios.
Test to flashback the bios was ok. But i can not load the bios in any editor i found. :-(
Here is a link if someone need it.http://uploaded.net/file/kzeu66vy
Can someone tell me a tool to look into the bios?
Now i made the original XTM OS image on the cf and boot the box with logging in putty. Here is the output file.
http://ul.to/jxmxmvul
-
How did you boot FreeDOS? Using com2 using a video card? I'm not sure if Eams ever managed to boot it.
The log is interesting, you'll notice it's on ttyS1 but the pfSense images are hardcoded for ttyS0. At least I believe they use the I/O and memory addresses directly. One possible solution to that would be to swap those addresses in the BIOS if it can be unlocked.If you read back through the thread you'll see we had trouble opening the file also. It seems the BIOS file is available in two types, the bios code itself and a container file than has additional information. The bios editors can only open the code and not the container. By opening the larger file in the hex editor and comparing it to a known bios file I was able to remove the code from the container and open it in amibcp but I have no idea if it can be put back into the container.
Steve
A page referencing the two file types can be found here. Of course it doesn't apply directly.
-
I was able to open my bios backup file in a Windows XP VM with "MMTOOL V3.22 BKMOD".
It show me the correct Bios Version and many things. So i think the Bios is ready to edit but i don' t know what to do.
I hope it is a step forward :-)
Here is a screenshot from this tool.http://ul.to/2c1k11h0
I booted freedos from the CF, but it only boot with an option at boot time.
F8 to use single step boot and than esc key brings me to a prompt. Than dir to the bios folder where i have copied the afudos.exe.
This works fine, i made the backup and i flashed the backup to test. Always with no errors.
When i find the time today i make pictures from the boot and bring it online. -
Interesting.
So are you using a usb keyboard? A video card in the box? I assume you aren't using serial since I don't think afudos would work. :-\You have to use AMIBCP to edit the bios parameters, MMtool is for adding or removing modules. It's interesting that your backup file is 1MB. All the backup files we have from other methods are 2MB which causes problems. Given that your file is only 1MB you should be able to open it in AMIBCP. I'll download your backup file and try it.
Steve
-
I don' t use vga card. I try it with the vga connector but i don 't know the right pins i have to connect to the vga cable.
All i have done is with serial connection via RS232 and putty on 115200 baudrate.
All done with a USB Keyboard connected to XTM810.My backup will not load in amipcb. :(
I have made a video how i get the bios file. The Upload is very huge and takes an hour.
http://youtu.be/S7ZGi3sCJDQ
-
Ah! Thanks for that. :)
So you're using the freedos image I posted but interrupting the boot process before it switches to serial console. This relies on the bios serial redirect code to function. Worth baring in mind if you ever change anything, serial port parameters, redirect settings etc.Steve
-
I downloaded your bios backup file and it opened fine in AMIBCP 3.46. :)
Here is a modified version: https://sites.google.com/site/pfsensefirebox/home/xtm8v1.rom
The only thing I have done is changed the user access level defaults from 2 (limited) to 3 (full). The MD5 of the file is f831c43035334db94f070644ca272380. I did try to add some text but it didn't like that so I that's the only change I've made.Obviously you flash this at your own risk!
Steve
-
Flashed your bios successfully.
Try to boot freedos after flashing was ok, the box is still ok.
Look into Bios still locked, i now have removed CMOS battery and wait 10 Minutes.I report soon.
Many Thanks for your great work steve!
Edit:
It' s done steve, bios is unlocked and the "view only" crap is gone :-)
But in redirect it shows only com2, there is no option to change it in anything else.Here is a screen from that menu.
http://ul.to/feznohzh
Can you tell me where the access level in amibcp is that you had modyfied?
If i can anything to try out commands or something elsa let me know.
-
Ah yes, sorry, I should have said you need to clear the cmos to force it reload the default values including the new user access level.
The setting for that is in the first tab in amibcp (edit: Setup Configuration) where you can select the bios menus. It's in the security menu. Nothing there is labelled or has any explanation of the different settings.
You don't want to choose anything other than com2 for the redirect because that's the only serial port on the box. The standard Lanner box it's based on has a com port for console access on the front and that's com1. No idea why Watchguard didn't want it. Anyway com1 is not present in the XTM8 so it's disabled in the bios. It may be possible to swap com 1 and 2 by simply reassigning their resources and thus allow pfSense nano image to boot correctly. Usually com ports are assigned a standard set of resources, if you reassign com2 to have I/O address 0x3f8 and IRQ 4 there's a good chance that nanobsd might use it. There's also a good chance it will break console redirection! ;) However you can always clear the cmos to get back to a working state.
Steve
-
Change to 3f8 and IRQ 4 but nano image of pfsense still not boot.
I tried for a test to boot from a usb stick with a ESXi on it. It shows me the initial of the boot process, so it' s able to boot usb sticks.
Later i test to boot a debian netinstall and a pfsense live image on usb stick.I think i must become the vga output to work. But i recognize not the right pin settings and i read that not all monitors allow this.
-
Damn. :(
You could try changing the redirect to 9600bps. It may be that the two processes are conflicting. Even try disabling console redirect completely. You'll have to reset the cmos afterwards to get back to the bios defaults if it doesn't work. I doubt it will since the XTM5 has those settings and it doesn't cause a problem.Annother possible way to go would be to re-programme the superIO chip to change which com port is com1. That might cause problems with the console redirect function though. Looking at the bios strings it seems all references to com1 have been removed from it.
The VGA header is standard VGA, any monitor should be able to display it. The problem is finding a suitable header cable. The 20pin header is 2mm pitch rather than the much more common 2.54mm (0.1"). You'll see that Eams did it by connecting individual wires directly to the header and using only green.
Steve
-
Ok, now i have the green screen :-)
Booted my pfsense install that i have done in a vm and it gives me an error to mount root from ufs:/dev/da0s1a
I think this is a failure trough install in a VM on the CF attached via usb.
Than i tried to boot a VMware ESXi installation by the same way. This i have done many times to usb sticks that later boot the VM ESXi Server.
It loads without errors and it shows me all NICs that the box have. Even from the doughter board.
Tomorrow i will soldering the vga cable and try to install pfsense a better way. Or to change the boot entry. But iam not so familar with bsd. In debian i came from i know there is a /etc/fstab where all the boot things are in.Before i forget it, i find out that the hdd led only lit when the cf is booting. When i boot from HDD it is never on, but on my screen via vga cable i could see the boot process.
And another interesting thing, i opened my bios backup and looked a little around the menus and entrys. I found there a entry with console redirections on 9600 baudrate. But bios is reachable with 115200 baudrate. Can it be a conflict with pfsense? -
Possibly, might as well change it and see.
I'm a bit confused about the mountroot error. That should never happen with one of the nanobsd images which always expect to be on ad0. What did you write to the CF card and how?
Steve
-
Oh sorry, thats not a nano image. This i have installed with a live cd from pfsense to a sata hdd not a cf card in a vm.
And i think thats the reason for the faulty boot path.Later i will try to bring the pfsense live image to the cf card and boot the box with that. A install to the hdd connected to the sata port could be possible.
I dont want to change more things in the bios file and flash. I think it is good to be unlocked, but every flash is risk.
-
After month of no time to bring up and running pfsense on a XTM 8 device, yesterday i found a way how it works!
A detaild setup i will bring up next year in a blog.
What i found is:
Boot nano image not working.
Box only boots from CF or HDD, USB not bootable.
I attached a ssd with a win7 installation and it boots, really nice with a green vga output ;-)
Attached a Live installation hdd boot, but it fail by wrong fstab entry.
The XTM8 will boot from /dev/ad8s1a or /dev/ad8s0a, i can not remember now. But in the afternoon i tell the correct entry.
After setup and boot the live installation in a second box (PC) and edit the fstab by:
mounting / rw
editing with vi the /etc/fstab to the right entry
poweroff the second box and attaching the hdd to the xtm8 and it boots correctlyThe nano image from cf, i think had same problems. I will test it with same way.
-
Sweet!! Keep us posted!!
