Howto install on watchguard M300

hello,
need some help on installing on a watchguard M300
i have access to serial console and cfcard
but i cannot find any download for QorIQ
https://downloads.openwrt.org/releases/22.03.0-rc1/targets/ ???

what i found is

but i have no idea howto deal with it.

seems however the qoriq platform isn't available...

The qoriq target is marked "source-only", one would have to compile it themselves.

4 Likes

Successfully managed to compile my own kernel in a Hyper-V Quick Create Ubuntu 2022.4 environment, and got a USB drive flashed with the <...>-ext4-sdcard.img, but the U-Boot commands are failing as follows:

MB-M300 => setenv bootargs root=/dev/sda2 rw rootdelay=10 console=ttyS0,115200 fsl_dpaa_fman.fsl_fm_max_frm=1530; ext2load usb 0:1 $loadaddr $OpenWrt_kernel && bootm $loadaddr;
Unknown command 'setenv' - try 'help'
** File not found uImage **
MB-M300 =>

I suspect I'm flashing the wrong image to the USB drive or doing something wrong in menuconfig when setting up the build. I've avoided doing anything with kernel_menuconfig after being warned against it here in the build docs, but as this is a whole new target thanks to Stijn, I might just be missing a step somewhere that's obvious to those who do this every day, but is easily missed by new folks if it's not spelled out. Could eventually matter for installation instructions too.

If I read the commit message correctly, you are supposed to write it to an SD card and replace the original SD card with the newly written one. Otherwise the device will still boot into the OEM firmware. Because clearly ...

... you are not on the u-boot command line at this point.

2 Likes

Ah, I was going by the device page, which appears to differ somewhat (and does say to use a USB drive, which is odd...). I'll take another stab tomorrow.

[edit, for clarification]: My process was to get the aforementioned image flashed on to a USB drive, plug it in per the device page, and reboot with the main SD card removed specifically so that a normal boot would fail. I ended up at a terminal of some kind, that I assumed was u-boot but evidently was not. It did give a u-boot version upon request, but I'm no longer sitting next to the thing and cannot paste in a convenient log of what it read out. I do recall it being a 2014 version, which lines up reasonably well with the release year of the M300 and M200 being 2015.

It seems that the process on the device page is an alternative to the one outlined in the commit.

Regardless, both ways boil down to getting access to the u-boot command line, which usually involves cancelling the predefined boot process (or, as described in the commit, deliberately making it fail).

You should at some point see something like

Hit any key to stop autoboot

And hitting that any key will get you on the u-boot command line. Then you can probably try the USB way.

1 Like

if you remove, replace or format the sdcard you will end at the u-boot command prompt.
in my case

(WatchGuard U-Boot 2014.07 - Jun 23 2015 )
MB-M300 => ?
            ?       - alias for 'help'
base    - print or set address offset
bdinfo  - print Board Info structure
boot    - boot default, i.e., run 'bootcmd'
bootd   - boot default, i.e., run 'bootcmd'
bootelf - Boot from an ELF image in memory
bootm   - boot application image from memory
bootp   - boot image via network using BOOTP/TFTP protocol
bootvx  - Boot vxWorks from an ELF image
cmp     - memory compare
coninfo - print console devices and information
cp      - memory copy
cpu     - Multiprocessor CPU boot manipulation and release
crc32   - checksum calculation
date    - get/set/reset date & time
dhcp    - boot image via network using DHCP/TFTP protocol
echo    - echo args to console
editenv - edit environment variable
env     - environment handling commands
erase   - erase FLASH memory
errata  - Report errata workarounds
exit    - exit script
ext2load- load binary file from a Ext2 filesystem
ext2ls  - list files in a directory (default /)
false   - do nothing, unsuccessfully
fatinfo - print information about filesystem
fatload - load binary file from a dos filesystem
fatls   - list files in a directory (default /)
fdt     - flattened device tree utility commands
flash_test- simple flash test
flinfo  - print FLASH memory information
go      - start application at address 'addr'
grepenv - search environment variables
help    - print command description/usage
i2c     - I2C sub-system
iminfo  - print header information for application image
imls    - list all images found in flash
imxtract- extract a part of a multi-image
interrupts- enable or disable interrupts
irqinfo - print information about IRQs
itest   - return true/false on integer compare
loadb   - load binary file over serial line (kermit mode)
loads   - load S-Record file over serial line
loadx   - load binary file over serial line (xmodem mode)
loady   - load binary file over serial line (ymodem mode)
loop    - infinite loop on address range
mac     - display and program the system ID and MAC addresses in EEPROM
md      - memory display
mdio    - MDIO utility commands
mii     - MII utility commands
mm      - memory modify (auto-incrementing address)
mmc     - MMC sub system
mmcinfo - display MMC info
mtest   - simple RAM read/write test
mw      - memory write (fill)
nand    - NAND sub-system
nboot   - boot from NAND device
nfs     - boot image via network using NFS protocol
nm      - memory modify (constant address)
pci     - list and access PCI Configuration Space
pci_test- PCI Device Detection:
ping    - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
protect - enable or disable FLASH write protection
ram_test- simple test
reginfo - print register information
reset   - Perform RESET of the CPU
rtc_test- simple rtc read test for second
run     - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv  - set environment variables
setexpr - set environment variable as the result of eval expression
sf      - SPI flash sub-system
showvar - print local hushshell variables
sleep   - delay execution for some time
source  - run script from memory
sw      - read/write init and vlan
test    - minimal test like /bin/sh
tftpboot- boot image via network using TFTP protocol
true    - do nothing, successfully
usb     - USB sub-system
usbboot - boot from USB device
version - print monitor, compiler and linker version

maybe one of the following commands would be fine if you have a dhcp/tftp environment.

tftp/dhcp/nfs/boop
MB-M300 => dhcp
BOOTP broadcast 1
DHCP client bound to address 192.168.77.134
Using FM1@DTSEC10 device
TFTP from server 192.168.77.191; our IP address is 192.168.77.134
Filename 'startrom.com'.
Load address: 0x1000000
Loading: ##
         2.3 MiB/s
done
Bytes transferred = 26941 (693d hex)

do a printenv, to see all the uboot defaults.

but what you've posted should be enough to setup and make a TFTP transfer.

MB-M300 }> printenv
S▒st}mmcblk0p3
S▒st=mmcblk0p2
WGKernelfile}uImage_m300
baudrate}115200
bdev}sda3
targst}?dev?mmcblk0p3 rwtdelay}2 nle}ttyS0,115200
tcmd}run wtSysA
tdelay}10
tfile}uImage
tader_flash_update}ptectff 0xeff40000 0xefffffff &&erase 0▒eff40000 0▒efffffff &                                                                                                                                         & cp.b 0x100000 0▒eff40000 0xc0000 && ptectn 0xeff40000 0xefffffff && cmp.b 0xef                                                                                                                                         f40000 0▒100000 0▒c0000
c}ffe
nledev=tt▒S0
eth1addr}00:90
eth2addr}00:90
eth3addr}00:90
eth4addr}00:90
ethact}FM1@DTSEC3
ethaddr}00:90
ethprime}FM1@DTSEC3
fdtaddr}fc0000
fdtfile}m300.dtb
fman_ude}eff20000
hwnfig}fsl_ddr:ctlr_intlv}cacheline,bank_intlv}au;usb1:dr_de}st,phy_t▒pe}utmi
lannet=setenvtargst}?dev/ram rwtdelay}10 nle}ttyS0,115200 ramdisk_sie}2800000 &&                                                                                                                                         usb start && fatad mmc 0:1 1000000 uImage && fatad mmc 0:1 c00000  m300.dtb && f                                                                                                                                         atad mmc 0:1 2000000 lannertfs.ext2.g?▒t.lanner &&tm 1000000 2000000 c00000
lannerots=setenvtargst=?dev?ram rwtdelay}10 nle}tt▒S0,115200 ramdisk_sie}2800000                                                                                                                                          &&usb start && fatad usb 0:1 1000000 uImage && fatad usb 0:1 c00000  m300.dtb &                                                                                                                                         & fatad usb 0:1 2000000 lannertfs.ext2.g?▒t.lanner.usb &&tm 1000000 2000000 c000                                                                                                                                         00
adaddr}1000000
netdev}eth0
nft}setenvtargst}?dev?nfs rw nft}$serverip:tpath ip}$ipaddr:$serverip:$gatewayip                                                                                                                                         :$netmask:$stname:$netdevff nle}$nledev,$baudrate ttargs;tftp $adaddr tfile;tftp                                                                                                                                          $fdtaddr $fdtfiletm $adaddr - $fdtaddr
nuke_env}ptectff 0▒eff30000 0xeff3ffff && erase 0xeff30000 0▒eff3ffff
rat}setenvtargst}?dev?ram rw nle}$nledev,$baudrate ttargs; tftp $ramdiskaddr $ra                                                                                                                                         mdiskfile;tftp $adaddr tfile;tftp $fdtaddr $fdtfiletm $adaddr $ramdiskaddr $fdta                                                                                                                                         ddr
ramdiskaddr}2000000
ramdiskfiletfs.ext2.g?▒t
tpath}pt?nft
stderr}serial
stdin}serial
stut}serial
t}"ut.bin"
taddr}0▒eff40000
wt}setenvtargst}?dev/$SysAot rw otdela~_&▒▒▒▒/▒▒▒▒,$baudrate ttargs; ext2ad mmc                                                                                                                                          0:1 $fdtaddr $fdtfile; e▒t2ad mmc 0:1 $adaddr $WGKernelfile; usb start;tm $adadd                                                                                                                                         r - $fdtaddr;
wtRevery}setenvtargs wgde}safet}?dev?$Syst rw nle}$nledev,$baudrate ttargs; e▒t2                                                                                                                                         ad mmc 0:3 $fdtaddr $fdtfile; ext2ad mmc 0:3 $adaddr $WGKernelfile; usb start;tm                                                                                                                                          $adaddr - $fdtaddr;
wtS▒sA}setenvtargst}?dev/$Syst rwtdela~_&▒▒▒▒O▒▒▒▒,$baudrate ttargs; ext2ad mmc                                                                                                                                          0:3 $fdtaddr $fdtfile; e▒t2ad mmc 0:3 $adaddr $WGKernelfile; usb start;tm $adadd                                                                                                                                         r - $fdtaddr;
wtSysB}setenvtargst}?dev?$Syst rwtdela~_&▒▒▒▒/▒▒▒▒,$baudrate ttargs; ext2ad mmc                                                                                                                                          0:2 $fdtaddr $fdtfile; e▒t2ad mmc 0:2 $adaddr $WGKernelfile; usb start;tm $adadd                                                                                                                                         r - $fdtaddr;

Envinment sie: 2990?8188 bytes

also having problems compiling image
on a ubuntu wsl i get:

make[2]: *** [package/Makefile:73: package/install] Error 1
make[2]: Leaving directory '/home/+++/openwrt'
make[1]: *** [package/Makefile:111: /+++++/openwrt/staging_dir/target-powerpc64_e5500_musl/stamp/.package_install] Error 2
make[1]: Leaving directory '/home/+++/openwrt'
make: *** [/home/+++/openwrt/include/toplevel.mk:230: world] Error 2

i will install a new ubuntu server 20.04 and try again
(btw: do NOT use sudo -i )

sudo apt update
sudo apt upgrade
sudo apt-get install subversion build-essential libncurses5-dev zlib1g-dev gawk git ccache gettext libssl-dev xsltproc file

sudo apt install linux-headers-amd64 make sudo   << may be unneserary
sudo apt install linux-headers-generic make sudo

sudo apt install git
git config --global http.sslverify false
git clone https://github.com/openwrt/openwrt
cd openwrt
./scripts/feeds install libpam
./scripts/feeds update -a
./scripts/feeds install -a
make -j4

So that is a bit confusing. Does the system actually have the same, identical command prompt

MB-M300 =>

for both command line environments, u-boot and OEM firmware?

setenv serverip 192.168.xx.xxx
tftp ./openwrt/openwrt-qoriq-generic-watchguard_firebox-m300-initramfs-fit-uImage.itb

image loads from tftp

Filename './openrt/openwrt-qoriq-generic-_э▒▒Յɑ}▒▒ɕ▒▒▒-m300-initramfs-fit-uImage.itb'.
Load address: 0x1000000
▒#############▒▒###▒▒#####▒▒##▒▒###▒▒##▒▒########▒▒#▒▒###▒▒▒#▒▒▒###################
         #▒▒###########▒▒#▒▒####▒▒####3########▒▒#######▒▒#################▒▒####
         #####▒▒###▒▒###▒▒######▒▒▒######▒▒#####▒▒#▒▒############▒▒########▒▒###▒▒##
         ##########################▒▒#######▒▒#▒▒▒▒#########▒▒################
         ###▒▒############▒▒#####▒▒##▒▒#▒▒#▒▒####▒▒###########▒▒#▒▒#########▒▒######
         #####▒▒#################▒▒###########▒▒#######▒▒#▒▒######'######▒▒#####
         ##################▒▒######▒▒▒######################▒▒▒▒####▒▒######▒▒#
         ▒##################▒▒#▒▒########▒▒#################▒▒################
         ########▒▒##▒▒########▒▒####▒▒###################
         3.6 MiB/s
done
Bytes transferred = 9236552 (8cf048 hex)
MB-M300 => boot
Card did not respond to voltage select!
** Bad device mmc 0 **
Card did not respond to voltage select!
** Bad device mmc 0 **
IU)start USB...
USB0:   USB EHCI 1.00
scanning bus 0 for devices... LUSB Device(s) found
USB1:   USB EHCI 1.00
scanning bus 1 for devices... 1 USB Device(s) found
       scanning usb for storage devices... 0 Storage Device(s) found
WARNING: adjusting available memory to 30000000
## Loading kernel from FIT Image at 01000000 ...
   Using 'config-1' configuration
   Trying 'kernel-1' kernel subimage
     Description:  POWERPC OpenWrt Linux-5.10.131
     Created:      2022-07-26   7:15:38 UTC
     Type:         Kernel Image
     Compression:  gzip compressed
     Data Start:   0x010000ec
     Data Size:    9199089 Bytes = 8.8 MiB
5    Architecture: Po_▒A
      OS:           Linux
     Load Address: 0x00000000
     Entry Point:  0x00000000
     Hash algo:    crc32
     Hash value:   503854b1
     Hash algo:    sha1
     Hash value:   764952d59ff6b43d0f0b853217ad8c0281e195fd
   Verifying Hash Integrity ... crc32+ sha1+ OK
ERROR: Did not find a cmdline Flattened Device Tree
Could not find a valid device tree

TFTP would be nice, if someone can help with correct syntax

I also tried to burn image with rufus to USB & sdcard

MB-M300 => setenv bootargs root=/dev/sda2 r▒▒▒ё▒▒▒▒=10 console=ttyS0,115200 fsl_dpaa_fman.fsl_fm_max_frm=1530; ext2load usb 0:1 $loadaddr $OpenWrt_kernel && bootm $loadaddr;
** File not found uImage **

It looks like you might have a bad ground on your serial cable as well. Haven't had time today to try getting mine working again though I'll post outcomes/data when I do.

Good news! Got things working, just had to modify some things from this commit to get the USB drive I had imaged to be used as the boot drive while incorporating the new kernel format.

You can watch me bumbling through the commands here...

MB-M300 => setenv OpenWrt_kernel watchguard_firebox-m300-fit-uImage.itb
MB-M300 =>   setenv loadaddr 0x20000000
MB-M300 =>   setenv wgBootStenv bootargs root=/dev/sda2 rw rootdelay=2 console=$consoledev,$baudrate fsl_dpaa_fman.fsl_fm_max_frm=1530; mmc dev 0; ext2load usb 0:1 $loadaddr $OpenWrt_kernel; bootm $loadaddr'
> '
MMC: no card present
5296632 bytes read in 358 ms (14.1 MiB/s)
bootm - boot application image from memory

Usage:
bootm [addr [arg ...]]
    - boot application image stored in memory
        passing arguments 'arg ...'; when booting a Linux kernel,
        'arg' can be the address of an initrd image
        When booting a Linux kernel which requires a flat device-tree
        a third argument is required which is the address of the
        device-tree blob. To boot that kernel without an initrd image,
        use a '-' for the second argument. If you do not pass a third
        a bd_info struct will be passed instead

For the new multi component uImage format (FIT) addresses
        must be extened to include component or configuration unit name:
        addr:<subimg_uname> - direct component image specification
        addr#<conf_uname>   - configuration specification
        Use iminfo command to get the list of existing component
        images and configurations.

Sub-commands to do part of the bootm sequence.  The sub-commands must be
issued in the order below (it's ok to not issue all sub-commands):
        start [addr [arg ...]]
        loados  - load OS image
        ramdisk - relocate initrd, set env initrd_start/initrd_end
        fdt     - relocate flat device tree
        cmdline - OS specific command line processing/setup
        bdt     - OS specific bd_t processing
        prep    - OS specific prep before relocation or go
        go      - start OS
MB-M300 => setenv OpenWrt_kernel watchguard_firebox-m300-fit-uImage.itb
MB-M300 =>   setenv loadaddr 0x20000000
MB-M300 =>   setenv wgBootStenv bootargs root=/dev/sda2 rw rootdelay=2 console=$consoledev,$baudrate fsl_dpaa_fman.fsl_fm_max_frm=1530; ext2load usb 0:1 $loadaddr $OpenWrt_kernel; bootm $loadaddr'
> '
5296632 bytes read in 357 ms (14.1 MiB/s)
bootm - boot application image from memory

Usage:
bootm [addr [arg ...]]
    - boot application image stored in memory
        passing arguments 'arg ...'; when booting a Linux kernel,
        'arg' can be the address of an initrd image
        When booting a Linux kernel which requires a flat device-tree
        a third argument is required which is the address of the
        device-tree blob. To boot that kernel without an initrd image,
        use a '-' for the second argument. If you do not pass a third
        a bd_info struct will be passed instead

For the new multi component uImage format (FIT) addresses
        must be extened to include component or configuration unit name:
        addr:<subimg_uname> - direct component image specification
        addr#<conf_uname>   - configuration specification
        Use iminfo command to get the list of existing component
        images and configurations.

Sub-commands to do part of the bootm sequence.  The sub-commands must be
issued in the order below (it's ok to not issue all sub-commands):
        start [addr [arg ...]]
        loados  - load OS image
        ramdisk - relocate initrd, set env initrd_start/initrd_end
        fdt     - relocate flat device tree
        cmdline - OS specific command line processing/setup
        bdt     - OS specific bd_t processing
        prep    - OS specific prep before relocation or go
        go      - start OS
MB-M300 => bootm $loadaddr
WARNING: adjusting available memory to 30000000
## Loading kernel from FIT Image at 20000000 ...
   Using 'config-1' configuration
   Trying 'kernel-1' kernel subimage
     Description:  POWERPC OpenWrt Linux-5.10.127
     Created:      2022-07-06  19:09:39 UTC
     Type:         Kernel Image
     Compression:  gzip compressed
     Data Start:   0x200000ec
     Data Size:    5259169 Bytes = 5 MiB
     Architecture: PowerPC
     OS:           Linux

And then, the terminal output after a successful boot!

BusyBox v1.35.0 (2022-07-06 19:09:39 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.0-rc5, r19523-bfd070e7fa
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:/# [  194.707949] mv88e6085 0x0000000ffe4fc000:10 sweth6: Link is Up - 1Gbps/Full - flow control rx/tx
[  194.716765] IPv6: ADDRCONF(NETDEV_CHANGE): sweth6: link becomes ready
[  199.892049] mv88e6085 0x0000000ffe4fc000:10 sweth6: Link is Down
[  208.228876] mv88e6085 0x0000000ffe4fc000:10 sweth6: Link is Up - 1Gbps/Full - flow control rx/tx
[  223.801482] mmc0: new high speed SDHC card at address 59b4
[  223.807361] mmcblk0: mmc0:59b4 SDC   7.34 GiB
[  223.814768]  mmcblk0: p1 p2 p3 p4 < p5 p6 p7 >
version
/bin/ash: version: not found
root@OpenWrt:/# uname -a
Linux OpenWrt 5.10.127 #0 SMP Wed Jul 6 19:09:39 2022 ppc64 GNU/Linux
root@OpenWrt:/# model
/bin/ash: model: not found
root@OpenWrt:/# $BOARD
root@OpenWrt:/# cat /rpoc/cpuinfo
cat: can't open '/rpoc/cpuinfo': No such file or directory
root@OpenWrt:/# cat /proc/cpuinfo
processor       : 0
cpu             : e6500, altivec supported
clock           : 1500.000000MHz
revision        : 2.0 (pvr 8040 0120)

processor       : 1
cpu             : e6500, altivec supported
clock           : 1500.000000MHz
revision        : 2.0 (pvr 8040 0120)

processor       : 2
cpu             : e6500, altivec supported
clock           : 1500.000000MHz
revision        : 2.0 (pvr 8040 0120)

processor       : 3
cpu             : e6500, altivec supported
clock           : 1500.000000MHz
revision        : 2.0 (pvr 8040 0120)

processor       : 4
cpu             : e6500, altivec supported
clock           : 1500.000000MHz
revision        : 2.0 (pvr 8040 0120)

processor       : 5
cpu             : e6500, altivec supported
clock           : 1500.000000MHz
revision        : 2.0 (pvr 8040 0120)

processor       : 6
cpu             : e6500, altivec supported
clock           : 1500.000000MHz
revision        : 2.0 (pvr 8040 0120)

processor       : 7
cpu             : e6500, altivec supported
clock           : 1500.000000MHz
revision        : 2.0 (pvr 8040 0120)

timebase        : 37500000
platform        : CoreNet Generic
model           : WatchGuard Firebox M300
root@OpenWrt:/# [ 4947.498402] mv88e6085 0x0000000ffe4fc000:10 sweth6: Link is Down
[ 4968.314069] mv88e6085 0x0000000ffe4fc000:10 sweth6: Link is Up - 1Gbps/Full - flow control rx/tx

I don't want to overwrite the stock SD card just yet, there's a small but nonnegligible chance that I might need it some day. To that end, I'm not going to flash just yet, and I'm going to make sure I have a better SD card when I do.

Hopefully this helps someone, and if you have questions feel free to ask them!

ok , I get it up with

startrom.com = renamed openwrt-qoriq-generic-watchguard_firebox-m300-initramfs-fit-uImage.itb
(did not want to change my dhcp/tftp config)

setenv loadaddr 0x20000000
dhcp $loadaddr
setenv OpenWrt_kernel startrom.com
setenv wgBootStenv bootargs root=/dev/sda2 rw rootdelay=2 console=$consoledev,$baudrate fsl_dpaa_fman.fsl_fm_max_frm=1530; mmc dev 0; ext2load usb 0:1 $loadaddr $OpenWrt_kernel; bootm $loadaddr;

I can ssh to 192.168.1.1 but https://192.168.1.1 is not working

Did you remember to select a LuCi collection in make menuconfig? I realized I forgot to do that and am currently making a new build with the default uhttpd LuCi collection included; hopefully it works!

I did nothing but settings for M300 in menuconfig
any idea why my terminal is so messed up ? - i already tried a different cable

in the watchguard u-boot menu , when you press ctrl+c it asks for a password
this is probably the way to the u-boot comand line.