PSA: Flashing new Protectli BIOS directly from OPNsense

Started by Grossartig, November 12, 2024, 07:04:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 12, 2024, 07:04:51 PM
If you are running OPNsense on a Protectli box and want to update your firmware without having to boot into a Linux distro, this is how I accomplished it:

Install flashrom in OPNsense terminal window:
Code Select
pkg install flashrom

Download protectli frmware updater:
Code Select
curl -LO https://github.com/protectli-root/protectli-firmware-updater/releases/download/v1.1.47/flashli.tar.gz

Extract and study the flashli/configurations.py file. It will tell you which command/parameters to use for your particular model.

Read the existing BIOS from your box and save it to a file (just for safekeeping):

Code Select
flashrom -p internal -r oldbios.bin

Find the new firmware images inside the images folder and pick the one for your model (the ones starting with "protectli" are coreboot, the others are AMIBIOS).

Construct the flash command as needed. For my FW4B, it looked as follows:

Code Select
flashrom -p internal -w fw4b_YLBWL440P.bin

After flashing succeeds, fully shut down and boot your box back up.

August 03, 2025, 07:37:30 AM #1
Thank you so much! I was trying to re-image and older OPNsense device but was stuck with coreboot which doesn't support UEFI. Couldn't get either the OPNsense installer nor the Protectli flash image to boot with legacy bios.
This finally solved it!
August 03, 2025, 08:18:54 PM #2 Last Edit: August 03, 2025, 08:58:10 PM by OPNenthu
JFYI, a list of BIOS vs. UEFI coreboot variants can be found here: https://kb.protectli.com/kb/coreboot-information/

I don't know if it makes a difference in terms of these flashing instructions.  Does this FreeBSD procedure work on the UEFI variants as well?

EDIT: answering myself after a more thorough read of the document: yes, the 'flashrom' method works for all of them.  There are cautionary notes specifically regarding the FW series, though:

QuoteProtectli validated the installation of coreboot using flashrom on Ubuntu 20.04/22.04 ). It is important to use Ubuntu 20.04 or newer because previous versions of Ubuntu used an older version of flashrom that did not support the FW6A/B/C

Quote[FW Series Notes] We have noticed possible odd behavior with coreboot flashes done in a UEFI environment for the FW Series. Verify the following steps are done with a legacy install of Ubuntu if you are flashing a FW Series Vault. (Do not install the UEFI version of Ubuntu/do not boot to the UEFI version of Ubuntu) *FW4C can use UEFI*

For reference, Ubuntu 20.04 currently has flashrom 1.3.0 in its repos.
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE (I226-V)
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE (I210)
Print
Go Up Pages1
User actions