upstream/opnsense-docs
1
0
Fork 0
mirror of https://github.com/opnsense/docs.git synced 2026-05-28 04:02:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Hardware / BIOS: Restructure BIOS section and change installation instruction. Includes new A20 BIOS

Browse source
This commit is contained in:
Stephan de Wit 2024-08-12 17:23:22 +02:00
parent 3bb3145ebd
commit ab595c2d5f
20 changed files with 157 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -73,3 +73,20 @@ pip[3] install sphinx-autobuild
```
sphinx-autobuild source build/html
```
#### Publish BIOS ROM Images
BIOS ROM images are written to OPNsense appliances using a FAT32 formatted drive containing in its root directory
the combined contents of the `source/hardware/files/BIOS_update_sources.zip` file and the latest platform-specific
compressed BIOS ROM image. The BIOS_update_sources directory contains the EFI boot structure to trigger the
`startup.nsh` file when booting from the drive.
```
0cf1b042223482ea073a7a3599d6170be7c849ff8399936cf5a9db1ec5406dcf BIOS_update_sources.zip
```
Place a `.FD` ROM image into the `source/hardware/files/` directory and run:
```
./make_bios.py --platform <A10|A20|A30> --source <.FD filename>
```

106
make_bios.py Executable file
View file

@ -0,0 +1,106 @@
#!/usr/local/bin/python3
"""
Copyright (c) 2024 Deciso B.V.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
"""
import os
import argparse
import zipfile
import shutil
import hashlib
def extract_zip(zip_path, extract_to):
with zipfile.ZipFile(zip_path, 'r') as zip_ref:
for member in zip_ref.namelist():
# Remove the top-level directory name
member_name = member.split('/', 1)[1] if '/' in member else member
target_path = os.path.join(extract_to, member_name)
if not member.endswith('/'):
with zip_ref.open(member) as source, open(target_path, 'wb') as target:
shutil.copyfileobj(source, target)
else:
os.makedirs(target_path, exist_ok=True)
def extract_file(file_path, extract_to):
if zipfile.is_zipfile(file_path):
extract_zip(file_path, extract_to)
else:
shutil.copy(file_path, os.path.join(extract_to, 'LATEST.FD'))
def create_tar_bz2(source_dir, output_file):
shutil.make_archive(
base_name=output_file,
format='gztar',
root_dir=source_dir
)
def merge_files(file1_path, file2_path, output_path):
temp_dir = 'temp_extracted'
os.makedirs(temp_dir, exist_ok=True)
extract_file(file1_path, temp_dir)
extract_file(file2_path, temp_dir)
output_dir_name = os.path.splitext(os.path.basename(output_path))[0]
combined_dir = os.path.join(temp_dir, output_dir_name)
os.makedirs(combined_dir, exist_ok=True)
for item in os.listdir(temp_dir):
item_path = os.path.join(temp_dir, item)
if item != output_dir_name:
shutil.move(item_path, combined_dir)
create_tar_bz2(combined_dir, output_path)
shutil.rmtree(temp_dir)
def calculate_sha256(file_path):
sha256_hash = hashlib.sha256()
with open(file_path, 'rb') as f:
for byte_block in iter(lambda: f.read(4096), b""):
sha256_hash.update(byte_block)
return sha256_hash.hexdigest()
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('--platform', help='BIOS platform [A10|A20|A30]')
parser.add_argument('--source', help='BIOS ROM image name in source/hardware/files')
args = parser.parse_args()
if not args.platform or args.platform not in ['A10', 'A20', 'A30']:
print('invalid platform')
exit(1)
if not args.source.endswith('.FD'):
print('invalid source file, must be a .FD file')
exit(1)
static = 'source/hardware/files/BIOS_update_sources.zip'
source = f'source/hardware/files/{args.source}'
output = f'source/hardware/files/{args.platform}_bios'
merge_files(static, source, output)
print(calculate_sha256(f'{output}.tar.gz'), f'{output}.tar.gz')

145
source/hardware/bios.rst
View file

@ -2,7 +2,7 @@
BIOS updates / settings
====================================
This page is dedicated to up-to-date BIOS update downloads as well as a generic instruction on
This page is dedicated to the latest BIOS update downloads for Deciso appliances as well as a generic instruction on
how to install them.
=====================================================================================================================
@ -18,147 +18,70 @@ how to install them.
DEC800, DEC3800 & DEC4000 series
--------------------------------------
+---------------+------------------------------------------------------------------------------------------------------------------------------------------+
|**08-2023**: Version 13 (latest) |
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| OS | Download |SHA256 Checksum |
+===============+=========================================================================+================================================================+
| Windows |:download:`Windows installer <files/NetBoard_A20_0013_USB_installer.zip>`|cd2904cbf9357ea506925b8ab882525c771789f3e2a862c47ab752fe0109a726|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Linux |:download:`Image <files/A20_0013_BIOS_USB_IMAGE.img.bz2>` |dea85532b7ddd50924d5bd6589150f44f38d9e4ace1a196c6b8d3114ba44b290|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| CVE update. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------+
+---------------+------------------------------------------------------------------------------------------------------------------------------------------+
|**12-2022**: Version 10a |
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| OS | Download |SHA256 Checksum |
+===============+=========================================================================+================================================================+
| Windows |:download:`Windows installer <files/NetBoard_A20_010a_USB_installer.zip>`|7911491dd1980affc189c290a4590c72105445aab3c74163b649daba1b9fd271|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Linux |:download:`Image <files/A20_010a_BIOS_USB_IMG.img.bz2>` |19d2d011b2d63eff3d6e422b475a1bde2dd76c752d1abcb224c2c4310f273a44|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| CVE update. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------+
+---------------+------------------------------------------------------------------------------------------------------------------------------------------+
|**03-2022**: Version 9 |
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| OS | Download |SHA256 Checksum |
+===============+=========================================================================+================================================================+
| Windows |:download:`Windows installer <files/NetBoard_A20_0009_USB_installer.zip>`|e92dc8e3822ae295e218a3e67fe86743ccb0220fcbd98e22dbfa5fd9e3b7d9f7|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Linux |:download:`Image <files/A20_0009_BIOS_USB_IMAGE.img.bz2>` |d217149a90f5ed2b3fe6a317b5317c94d4f4988a9065249ce6addf790e42b609|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Addresses a series of |
| `vulnerabilities <https://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors/>`_ |
| found in the InsydeH2O UEFI firmware, which affects the NetBoard `A20 <https://www.deciso.com/netboard-a20/>`_ security appliances from Deciso. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------------------------------------------------------------------+
|**06-2024** Version 15 |
+-------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| Download |SHA256 Checksum |
+=========================================================================+===============================================================================+
|:download:`Archive <files/A20_bios.tar.gz>` |da3bb83194d92af5b61b37a44286dd181f0d44e4e4d9683968c3bd60cbcb89a6 |
+-------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| CVE Update. |
+---------------------------------------------------------------------------------------------------------------------------------------------------------+
-------------------------
DEC700 and DEC2700 series
-------------------------
+---------------+------------------------------------------------------------------------------------------------------------------------------------------+
|**05-2024**: Version 30 (latest) |
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| OS | Download |SHA256 Checksum |
+===============+=========================================================================+================================================================+
| Windows |:download:`Windows installer <files/NetBoard_A10_0030_USB_installer.zip>`|0ce9fac6504c6d36cf7dd0f26a1e4dc3f4386cd896e0d353bb86902d2958db6f|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Linux |:download:`Image <files/A10_0030_BIOS_USB_IMAGE.img.bz2>` |4d6495450c1c83a8dd317d5e15b8fa256751ee70be15a839ff9c64e927b11b53|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| CVE Update. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------+
+---------------+------------------------------------------------------------------------------------------------------------------------------------------+
|**08-2023**: Version 28 |
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| OS | Download |SHA256 Checksum |
+===============+=========================================================================+================================================================+
| Windows |:download:`Windows installer <files/NetBoard_A10_0028_USB_installer.zip>`|0c17614f5c0a2d6216ce6af065a2465e6127893f13bf2257eafa22c01e8bdd78|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Linux |:download:`Image <files/A10_0028_BIOS_USB_IMAGE.img.bz2>` |9a6a7350c9a29b630273f7200033629b37f08479165e8f5b6a905d81662b0b31|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| CVE Update. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------+
+---------------+------------------------------------------------------------------------------------------------------------------------------------------+
|**03-2023**: Version 24 |
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| OS | Download |SHA256 Checksum |
+===============+=========================================================================+================================================================+
| Windows |:download:`Windows installer <files/NetBoard_A10_0024_USB_installer.zip>`|a4f63ac91a20a74ef32a74e18f791186fba1b281734024fe52f317a59ddc3eb3|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Linux |:download:`Image <files/A10_0024_BIOS_USB_IMAGE.img.bz2>` |6831eb1945ea71b27c9fe420a842b2a8a6966c53c1935232d57cef35e1598e25|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| CVE Update and improved fan control. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------+
+---------------+------------------------------------------------------------------------------------------------------------------------------------------+
|**03-2022**: Version 22 |
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| OS | Download |SHA256 Checksum |
+===============+=========================================================================+================================================================+
| Windows |:download:`Windows installer <files/NetBoard_A10_0022_USB_installer.zip>`|5fc6fcc98d17d207b29e4e8f9ac5a0765a2f69b2ff058f958e7727519d0b676f|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Linux |:download:`Image <files/A10_0022_BIOS_USB_IMAGE.img.bz2>` |a4c107d7fa1240fbb1e2fd5368c30d5ff7e66897424cf34942dd260b11eca9b8|
+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+
| Addresses a series of |
| `vulnerabilities <https://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors/>`_ |
| found in the InsydeH2O UEFI firmware, which affects the NetBoard `A10 <https://www.deciso.com/netboard-a10/>`_ security appliances from Deciso. |
+----------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+---------------------------------------------------------------------------------------------------------------------------------------------------------+
|**05-2024** Version 30 |
+-------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| Download |SHA256 Checksum |
+=========================================================================+===============================================================================+
|:download:`Archive <files/A10_bios.tar.gz>` |30b3df027140b9eaa8affe8c571f5ab580cc895d2102d613cf52341cd8eb6a86 |
+-------------------------------------------------------------------------+-------------------------------------------------------------------------------+
| CVE Update. |
+---------------------------------------------------------------------------------------------------------------------------------------------------------+
**Installation instructions**
=====================================================================================================================
Updating the UEFI firmware requires writing a bootable image to a USB drive on a separate machine.
Make sure you have an empty or unused USB drive before starting this procedure.
Make sure you have an empty or unused USB drive before starting this procedure. Also make sure the USB
drive is FAT32 formatted.
.. warning::
All data on the USB drive will be overwritten. Make sure you have no important data on there.
As a general warning, following this procedure is on your own risk.
As a general warning, following this procedure is at your own risk.
**Step 1**
Download the right file depending on your platform from the section above. For Windows,
an installer is provided. For Linux, an image is provided.
Download the latest BIOS archive file for your platform from the downloads section above.
**Step 2**
Optionally verify the SHA256 checksum.
Verify the SHA256 checksum.
**Step 3**
Insert the USB drive. For Windows, unzip and start the installer executable and follow the instructions.
When prompted for a drive select the USB drive.
Insert the USB drive into your computer and extract the archive to the USB drive. Make sure the file structure is as follows:
::
For Linux, decompress the image and write the image to the USB drive::
cd /<directory where image is located>
bzip2 -d <image name>.bz2
sudo dd if=./<image name>.img of=/dev/<drivename> bs=1024k
Where *image name* refers to the downloaded image, and *drivename* refers to the USB drive.
.. note::
When selecting a drive on Linux, make sure you select the *entire* drive, not a single partition
(e.g. */dev/sdb*, not */dev/sdb1*)
USB drive:/
├── LATEST.FD
├── startup.nsh
├── H2OFFT-Sx64.efi
├── efi/
│ ├── boot/
│ │ ├── Bootx64.efi
**Step 4**
If all went well and no errors occurred, safely remove the USB drive from the computer and plug it into
the appliance.
Safely remove the USB drive from the computer and plug it into the appliance.
**Step 5**

BIN
source/hardware/files/A10_0022_BIOS_USB_IMAGE.img.bz2
View file

Binary file not shown.

BIN
source/hardware/files/A10_0024_BIOS_USB_IMAGE.img.bz2
View file

Binary file not shown.

BIN
source/hardware/files/A10_0028_BIOS_USB_IMAGE.img.bz2
View file

Binary file not shown.

BIN
source/hardware/files/A10_0030_BIOS_USB_IMAGE.img.bz2
View file

Binary file not shown.

BIN
source/hardware/files/A10_bios.tar.gz Normal file
View file

Binary file not shown.

BIN
source/hardware/files/A20_0009_BIOS_USB_IMAGE.img.bz2
View file

Binary file not shown.

BIN
source/hardware/files/A20_0013_BIOS_USB_IMAGE.img.bz2
View file

Binary file not shown.

BIN
source/hardware/files/A20_010a_BIOS_USB_IMG.img.bz2
View file

Binary file not shown.

BIN
source/hardware/files/A20_bios.tar.gz Normal file
View file

Binary file not shown.

BIN
source/hardware/files/BIOS_update_sources.zip Normal file
View file

Binary file not shown.

BIN
source/hardware/files/NetBoard_A10_0022_USB_installer.zip
View file

Binary file not shown.

BIN
source/hardware/files/NetBoard_A10_0024_USB_installer.zip
View file

Binary file not shown.

BIN
source/hardware/files/NetBoard_A10_0028_USB_installer.zip
View file

Binary file not shown.

BIN
source/hardware/files/NetBoard_A10_0030_USB_installer.zip
View file

Binary file not shown.

BIN
source/hardware/files/NetBoard_A20_0009_USB_installer.zip
View file

Binary file not shown.

BIN
source/hardware/files/NetBoard_A20_0013_USB_installer.zip
View file

Binary file not shown.

BIN
source/hardware/files/NetBoard_A20_010a_USB_installer.zip
View file

Binary file not shown.