pfSense Gold Subscription

Author Topic: Watchguard Firebox XTM 8 Series  (Read 41089 times)

0 Members and 1 Guest are viewing this topic.

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #60 on: May 19, 2013, 07:31:10 am »
I'm thinking the bios dump is somehow wrong.

Had a bit of a dig around the Watchguard support site and I found this on the XTM 8

Hardware Specifications
                                XTM 8 Series
Processor                   2 .66 GHz Quad Core
Memory: Flash            1 GB
Memory: RAM             2 GB


Now that's either the BIOS flash memory or the compact flash card.

Eamon

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11869
  • Karma: +458/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #61 on: May 19, 2013, 08:17:11 am »
It's the CF that's 1GB. A 1GB BIOS would be huge!  ;)

I agree the most likely thing seems to be that the image is corrupt. That could have happened during extraction, a flashrom problem, or during transfer or something else.

Steve

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #62 on: May 19, 2013, 08:29:16 am »
Haha!! that's what I get for looking at the specs when I'm half awake!!

Ok so how do I get the BIOS saved properly? I did flashrom -r file.bin then I downloaded it via the pfSense webgui.

Is there a better way?

Eamon

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11869
  • Karma: +458/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #63 on: May 19, 2013, 01:23:26 pm »
Hmm. Ok. Sometimes your web browser can try to interpret files.
When extracting the bios from the XTM5 I used a filename that was filename.rom and I transfered it via SCP using WinSCP.

To check the file integrity you can generate an MD5 sum for it on the box and then on your windows machine or where ever you put it.

Code: [Select]
[2.1-BETA1][root@pfsense.localdomain]/tmp(3): flashrom -r backup.rom
flashrom v0.9.5.2-r1515 on FreeBSD 8.3-RELEASE-p8 (i386), built with libpci 3.1.9, GCC 4.2.1 20070719  [FreeBSD], little endian
flashrom is free software, get the source code at http://www.flashrom.org

Calibrating delay loop... OK.
Found chipset "Intel ICH7/ICH7R". Enabling flash write... OK.
Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000.
Reading flash... done.
[2.1-BETA1][root@pfsense.localdomain]/tmp(4): md5 backup.rom
MD5 (backup.rom) = fcefa2906d7c3179264a8528ba0a7cea

I use WinMD5 to check it after transfer.

Steve
« Last Edit: May 19, 2013, 01:33:41 pm by stephenw10 »

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #64 on: June 02, 2013, 06:48:59 am »
Ok so as it stands my XTM 8 is locked in a never ending bios reboot due to a "CMOS Checksum Bad" error :(

How this happened is as follows:

I had flashed the Lanner FW-8750 firmware to the board - flashrom0.9.2 gave an error and to get on irc.

I spoke with idwer/stefan and a couple of other flashrom devs who were kind enough to compile the lastest flashrom (0.9.6.2 - I think) for pfsense 2.0.3 (many thanks guys).

However before that had come through, I flashed back the back up Bios - got the same error - rebooted and the XTM 8 was back to how it was from the factory ie bios locked but working.

I then followed the Lanner reps advice and used AFUDOS to flash the Lanner bios, which reported it had flashed successfully! and thats how I got to the never ending bios reboot :(

So at the moment I'm waiting on a SPI programming board to arrive from the US so I can flash the bios via the SPI header.

Eamon

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11869
  • Karma: +458/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #65 on: June 02, 2013, 08:21:34 am »
Yikes, that's a message you never want to see.  :o

Although the xtm8 is based on the 8750 is not an 8750, there are hardware differences that may mean the standard BIOS cannot work. Though I can't think what they might be.

Failed CMOS checksum is a fairly standard error after updating the BIOS. I take it you've tried clearing the cmos or trying to load the default values. I'm sure the flashrom guys will have discussed that.

You can always try the 4 resistors like I did.  ;)

Steve

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #66 on: June 02, 2013, 08:28:53 am »
No it's not the message I wanted to see either!

The bios they sent was after I had supplied the serial number and board model/version so one would assume it would match!

Yeah I've cleared the cmos, it won't allow me to get into the bios which is the worst part :(

I'm avoiding the 4 resistors and going for a proper SPI programmer ;)

Eamon

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11869
  • Karma: +458/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #67 on: June 02, 2013, 09:00:01 am »
More patient than me.  :)

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #68 on: June 02, 2013, 09:02:22 am »
Not really, I just hate soldering ;)

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #69 on: June 14, 2013, 01:15:28 pm »
Looks like I'll have to go the soldering route :(

I've tried the BlackCat SPI programmer but it just won't recognise the rom even though it supports it :(

Eamon

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11869
  • Karma: +458/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #70 on: June 14, 2013, 01:17:39 pm »
Is the ROM chip powered? How does it connect?

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #71 on: June 14, 2013, 01:21:11 pm »
The rom chip is powered when the unit is in standby.

The SPI programmer connects directly to the SPI-ROM header on the motherboard. I've tried it every which way but no joy :(

Eamon

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11869
  • Karma: +458/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #72 on: June 14, 2013, 01:28:37 pm »
Well that's quite disappointing. A long wait for no result.  :(
Good luck with the soldering. :)

Steve

Offline angelkiller

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #73 on: September 13, 2013, 11:00:38 am »
My XTM 510 is flashed with unlocked BIOS, thanks @ stephenw10. It works like a charm with pfsense.
Now i have two XTM 810 and will try to run pfsense on them. I want to get into the BIOS without luck.
Can someone tell me the correct serial settings for that and has someone a unlocked BIOS running?

greetz from Germany


edit:
Get into Bios with keyboard connected to the XTM 810 and del key ok.
Now i try to make a cf with pfsense and run it and make a Bios backup file.
« Last Edit: September 13, 2013, 11:51:50 am by angelkiller »

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11869
  • Karma: +458/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #74 on: September 13, 2013, 12:32:28 pm »
Excellent. If you could post your success flashing the bios in the xtm5 thread that would be great.

I hope you have read through this whole thread. Eams discovered to his misfortune that the flashrom program is not compatible with the eprom in the xtm8. I think he also struggled using a dos flasher. I suggest you make sure you can read/write the chip via the SPI header before experimenting. ;)

No one has manger to get pfSense running on an xtm8 yet. One of the problems is that the console port is com2 and the Nano pfSense images are hardcoded to use com1.

Steve
« Last Edit: September 13, 2013, 12:35:03 pm by stephenw10 »