diff --git a/README.md b/README.md index 04aa6ba6..27a6b8c5 100644 --- a/README.md +++ b/README.md @@ -73,3 +73,20 @@ pip[3] install sphinx-autobuild ``` sphinx-autobuild source build/html ``` + +#### Publish BIOS ROM Images + +BIOS ROM images are written to OPNsense appliances using a FAT32 formatted drive containing in its root directory +the combined contents of the `source/hardware/files/BIOS_update_sources.zip` file and the latest platform-specific +compressed BIOS ROM image. The BIOS_update_sources directory contains the EFI boot structure to trigger the +`startup.nsh` file when booting from the drive. + +``` +0cf1b042223482ea073a7a3599d6170be7c849ff8399936cf5a9db1ec5406dcf BIOS_update_sources.zip +``` + +Place a `.FD` ROM image into the `source/hardware/files/` directory and run: + +``` +./make_bios.py --platform --source <.FD filename> +``` diff --git a/make_bios.py b/make_bios.py new file mode 100755 index 00000000..d0166e6e --- /dev/null +++ b/make_bios.py @@ -0,0 +1,106 @@ +#!/usr/local/bin/python3 +""" + Copyright (c) 2024 Deciso B.V. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +""" + +import os +import argparse +import zipfile +import shutil +import hashlib + +def extract_zip(zip_path, extract_to): + with zipfile.ZipFile(zip_path, 'r') as zip_ref: + for member in zip_ref.namelist(): + # Remove the top-level directory name + member_name = member.split('/', 1)[1] if '/' in member else member + target_path = os.path.join(extract_to, member_name) + if not member.endswith('/'): + with zip_ref.open(member) as source, open(target_path, 'wb') as target: + shutil.copyfileobj(source, target) + else: + os.makedirs(target_path, exist_ok=True) + +def extract_file(file_path, extract_to): + if zipfile.is_zipfile(file_path): + extract_zip(file_path, extract_to) + else: + shutil.copy(file_path, os.path.join(extract_to, 'LATEST.FD')) + +def create_tar_bz2(source_dir, output_file): + shutil.make_archive( + base_name=output_file, + format='gztar', + root_dir=source_dir + ) + +def merge_files(file1_path, file2_path, output_path): + temp_dir = 'temp_extracted' + os.makedirs(temp_dir, exist_ok=True) + + extract_file(file1_path, temp_dir) + + extract_file(file2_path, temp_dir) + + output_dir_name = os.path.splitext(os.path.basename(output_path))[0] + combined_dir = os.path.join(temp_dir, output_dir_name) + os.makedirs(combined_dir, exist_ok=True) + + for item in os.listdir(temp_dir): + item_path = os.path.join(temp_dir, item) + if item != output_dir_name: + shutil.move(item_path, combined_dir) + + create_tar_bz2(combined_dir, output_path) + shutil.rmtree(temp_dir) + +def calculate_sha256(file_path): + sha256_hash = hashlib.sha256() + with open(file_path, 'rb') as f: + for byte_block in iter(lambda: f.read(4096), b""): + sha256_hash.update(byte_block) + return sha256_hash.hexdigest() + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument('--platform', help='BIOS platform [A10|A20|A30]') + parser.add_argument('--source', help='BIOS ROM image name in source/hardware/files') + + args = parser.parse_args() + if not args.platform or args.platform not in ['A10', 'A20', 'A30']: + print('invalid platform') + exit(1) + + if not args.source.endswith('.FD'): + print('invalid source file, must be a .FD file') + exit(1) + + static = 'source/hardware/files/BIOS_update_sources.zip' + source = f'source/hardware/files/{args.source}' + output = f'source/hardware/files/{args.platform}_bios' + + merge_files(static, source, output) + print(calculate_sha256(f'{output}.tar.gz'), f'{output}.tar.gz') + diff --git a/source/hardware/bios.rst b/source/hardware/bios.rst index 101f3198..c889c175 100644 --- a/source/hardware/bios.rst +++ b/source/hardware/bios.rst @@ -2,7 +2,7 @@ BIOS updates / settings ==================================== -This page is dedicated to up-to-date BIOS update downloads as well as a generic instruction on +This page is dedicated to the latest BIOS update downloads for Deciso appliances as well as a generic instruction on how to install them. ===================================================================================================================== @@ -18,147 +18,70 @@ how to install them. DEC800, DEC3800 & DEC4000 series -------------------------------------- -+---------------+------------------------------------------------------------------------------------------------------------------------------------------+ -|**08-2023**: Version 13 (latest) | -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| OS | Download |SHA256 Checksum | -+===============+=========================================================================+================================================================+ -| Windows |:download:`Windows installer `|cd2904cbf9357ea506925b8ab882525c771789f3e2a862c47ab752fe0109a726| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Linux |:download:`Image ` |dea85532b7ddd50924d5bd6589150f44f38d9e4ace1a196c6b8d3114ba44b290| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| CVE update. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - -+---------------+------------------------------------------------------------------------------------------------------------------------------------------+ -|**12-2022**: Version 10a | -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| OS | Download |SHA256 Checksum | -+===============+=========================================================================+================================================================+ -| Windows |:download:`Windows installer `|7911491dd1980affc189c290a4590c72105445aab3c74163b649daba1b9fd271| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Linux |:download:`Image ` |19d2d011b2d63eff3d6e422b475a1bde2dd76c752d1abcb224c2c4310f273a44| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| CVE update. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - -+---------------+------------------------------------------------------------------------------------------------------------------------------------------+ -|**03-2022**: Version 9 | -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| OS | Download |SHA256 Checksum | -+===============+=========================================================================+================================================================+ -| Windows |:download:`Windows installer `|e92dc8e3822ae295e218a3e67fe86743ccb0220fcbd98e22dbfa5fd9e3b7d9f7| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Linux |:download:`Image ` |d217149a90f5ed2b3fe6a317b5317c94d4f4988a9065249ce6addf790e42b609| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Addresses a series of | -| `vulnerabilities `_ | -| found in the InsydeH2O UEFI firmware, which affects the NetBoard `A20 `_ security appliances from Deciso. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------+ ++---------------------------------------------------------------------------------------------------------------------------------------------------------+ +|**06-2024** Version 15 | ++-------------------------------------------------------------------------+-------------------------------------------------------------------------------+ +| Download |SHA256 Checksum | ++=========================================================================+===============================================================================+ +|:download:`Archive ` |da3bb83194d92af5b61b37a44286dd181f0d44e4e4d9683968c3bd60cbcb89a6 | ++-------------------------------------------------------------------------+-------------------------------------------------------------------------------+ +| CVE Update. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------+ ------------------------- DEC700 and DEC2700 series ------------------------- -+---------------+------------------------------------------------------------------------------------------------------------------------------------------+ -|**05-2024**: Version 30 (latest) | -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| OS | Download |SHA256 Checksum | -+===============+=========================================================================+================================================================+ -| Windows |:download:`Windows installer `|0ce9fac6504c6d36cf7dd0f26a1e4dc3f4386cd896e0d353bb86902d2958db6f| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Linux |:download:`Image ` |4d6495450c1c83a8dd317d5e15b8fa256751ee70be15a839ff9c64e927b11b53| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| CVE Update. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - -+---------------+------------------------------------------------------------------------------------------------------------------------------------------+ -|**08-2023**: Version 28 | -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| OS | Download |SHA256 Checksum | -+===============+=========================================================================+================================================================+ -| Windows |:download:`Windows installer `|0c17614f5c0a2d6216ce6af065a2465e6127893f13bf2257eafa22c01e8bdd78| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Linux |:download:`Image ` |9a6a7350c9a29b630273f7200033629b37f08479165e8f5b6a905d81662b0b31| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| CVE Update. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - -+---------------+------------------------------------------------------------------------------------------------------------------------------------------+ -|**03-2023**: Version 24 | -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| OS | Download |SHA256 Checksum | -+===============+=========================================================================+================================================================+ -| Windows |:download:`Windows installer `|a4f63ac91a20a74ef32a74e18f791186fba1b281734024fe52f317a59ddc3eb3| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Linux |:download:`Image ` |6831eb1945ea71b27c9fe420a842b2a8a6966c53c1935232d57cef35e1598e25| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| CVE Update and improved fan control. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - -+---------------+------------------------------------------------------------------------------------------------------------------------------------------+ -|**03-2022**: Version 22 | -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| OS | Download |SHA256 Checksum | -+===============+=========================================================================+================================================================+ -| Windows |:download:`Windows installer `|5fc6fcc98d17d207b29e4e8f9ac5a0765a2f69b2ff058f958e7727519d0b676f| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Linux |:download:`Image ` |a4c107d7fa1240fbb1e2fd5368c30d5ff7e66897424cf34942dd260b11eca9b8| -+---------------+-------------------------------------------------------------------------+----------------------------------------------------------------+ -| Addresses a series of | -| `vulnerabilities `_ | -| found in the InsydeH2O UEFI firmware, which affects the NetBoard `A10 `_ security appliances from Deciso. | -+----------------------------------------------------------------------------------------------------------------------------------------------------------+ - -| ++---------------------------------------------------------------------------------------------------------------------------------------------------------+ +|**05-2024** Version 30 | ++-------------------------------------------------------------------------+-------------------------------------------------------------------------------+ +| Download |SHA256 Checksum | ++=========================================================================+===============================================================================+ +|:download:`Archive ` |30b3df027140b9eaa8affe8c571f5ab580cc895d2102d613cf52341cd8eb6a86 | ++-------------------------------------------------------------------------+-------------------------------------------------------------------------------+ +| CVE Update. | ++---------------------------------------------------------------------------------------------------------------------------------------------------------+ **Installation instructions** ===================================================================================================================== Updating the UEFI firmware requires writing a bootable image to a USB drive on a separate machine. -Make sure you have an empty or unused USB drive before starting this procedure. +Make sure you have an empty or unused USB drive before starting this procedure. Also make sure the USB +drive is FAT32 formatted. .. warning:: - All data on the USB drive will be overwritten. Make sure you have no important data on there. - As a general warning, following this procedure is on your own risk. + As a general warning, following this procedure is at your own risk. **Step 1** -Download the right file depending on your platform from the section above. For Windows, -an installer is provided. For Linux, an image is provided. +Download the latest BIOS archive file for your platform from the downloads section above. **Step 2** -Optionally verify the SHA256 checksum. +Verify the SHA256 checksum. **Step 3** -Insert the USB drive. For Windows, unzip and start the installer executable and follow the instructions. -When prompted for a drive select the USB drive. +Insert the USB drive into your computer and extract the archive to the USB drive. Make sure the file structure is as follows: +:: -For Linux, decompress the image and write the image to the USB drive:: - - cd / - bzip2 -d .bz2 - sudo dd if=./.img of=/dev/ bs=1024k - -Where *image name* refers to the downloaded image, and *drivename* refers to the USB drive. - -.. note:: - - When selecting a drive on Linux, make sure you select the *entire* drive, not a single partition - (e.g. */dev/sdb*, not */dev/sdb1*) + USB drive:/ + ├── LATEST.FD + ├── startup.nsh + ├── H2OFFT-Sx64.efi + ├── efi/ + │ ├── boot/ + │ │ ├── Bootx64.efi **Step 4** -If all went well and no errors occurred, safely remove the USB drive from the computer and plug it into -the appliance. +Safely remove the USB drive from the computer and plug it into the appliance. **Step 5** diff --git a/source/hardware/files/A10_0022_BIOS_USB_IMAGE.img.bz2 b/source/hardware/files/A10_0022_BIOS_USB_IMAGE.img.bz2 deleted file mode 100644 index 237f19ed..00000000 Binary files a/source/hardware/files/A10_0022_BIOS_USB_IMAGE.img.bz2 and /dev/null differ diff --git a/source/hardware/files/A10_0024_BIOS_USB_IMAGE.img.bz2 b/source/hardware/files/A10_0024_BIOS_USB_IMAGE.img.bz2 deleted file mode 100644 index bb02592e..00000000 Binary files a/source/hardware/files/A10_0024_BIOS_USB_IMAGE.img.bz2 and /dev/null differ diff --git a/source/hardware/files/A10_0028_BIOS_USB_IMAGE.img.bz2 b/source/hardware/files/A10_0028_BIOS_USB_IMAGE.img.bz2 deleted file mode 100644 index eb612133..00000000 Binary files a/source/hardware/files/A10_0028_BIOS_USB_IMAGE.img.bz2 and /dev/null differ diff --git a/source/hardware/files/A10_0030_BIOS_USB_IMAGE.img.bz2 b/source/hardware/files/A10_0030_BIOS_USB_IMAGE.img.bz2 deleted file mode 100644 index 1042bc73..00000000 Binary files a/source/hardware/files/A10_0030_BIOS_USB_IMAGE.img.bz2 and /dev/null differ diff --git a/source/hardware/files/A10_bios.tar.gz b/source/hardware/files/A10_bios.tar.gz new file mode 100644 index 00000000..33fe7a25 Binary files /dev/null and b/source/hardware/files/A10_bios.tar.gz differ diff --git a/source/hardware/files/A20_0009_BIOS_USB_IMAGE.img.bz2 b/source/hardware/files/A20_0009_BIOS_USB_IMAGE.img.bz2 deleted file mode 100644 index caa0a820..00000000 Binary files a/source/hardware/files/A20_0009_BIOS_USB_IMAGE.img.bz2 and /dev/null differ diff --git a/source/hardware/files/A20_0013_BIOS_USB_IMAGE.img.bz2 b/source/hardware/files/A20_0013_BIOS_USB_IMAGE.img.bz2 deleted file mode 100644 index 26a079d2..00000000 Binary files a/source/hardware/files/A20_0013_BIOS_USB_IMAGE.img.bz2 and /dev/null differ diff --git a/source/hardware/files/A20_010a_BIOS_USB_IMG.img.bz2 b/source/hardware/files/A20_010a_BIOS_USB_IMG.img.bz2 deleted file mode 100644 index 032a63a1..00000000 Binary files a/source/hardware/files/A20_010a_BIOS_USB_IMG.img.bz2 and /dev/null differ diff --git a/source/hardware/files/A20_bios.tar.gz b/source/hardware/files/A20_bios.tar.gz new file mode 100644 index 00000000..07c7837d Binary files /dev/null and b/source/hardware/files/A20_bios.tar.gz differ diff --git a/source/hardware/files/BIOS_update_sources.zip b/source/hardware/files/BIOS_update_sources.zip new file mode 100644 index 00000000..8be44e9e Binary files /dev/null and b/source/hardware/files/BIOS_update_sources.zip differ diff --git a/source/hardware/files/NetBoard_A10_0022_USB_installer.zip b/source/hardware/files/NetBoard_A10_0022_USB_installer.zip deleted file mode 100644 index 8bf640d1..00000000 Binary files a/source/hardware/files/NetBoard_A10_0022_USB_installer.zip and /dev/null differ diff --git a/source/hardware/files/NetBoard_A10_0024_USB_installer.zip b/source/hardware/files/NetBoard_A10_0024_USB_installer.zip deleted file mode 100644 index 4ead4c65..00000000 Binary files a/source/hardware/files/NetBoard_A10_0024_USB_installer.zip and /dev/null differ diff --git a/source/hardware/files/NetBoard_A10_0028_USB_installer.zip b/source/hardware/files/NetBoard_A10_0028_USB_installer.zip deleted file mode 100644 index 047393d4..00000000 Binary files a/source/hardware/files/NetBoard_A10_0028_USB_installer.zip and /dev/null differ diff --git a/source/hardware/files/NetBoard_A10_0030_USB_installer.zip b/source/hardware/files/NetBoard_A10_0030_USB_installer.zip deleted file mode 100644 index bf05e546..00000000 Binary files a/source/hardware/files/NetBoard_A10_0030_USB_installer.zip and /dev/null differ diff --git a/source/hardware/files/NetBoard_A20_0009_USB_installer.zip b/source/hardware/files/NetBoard_A20_0009_USB_installer.zip deleted file mode 100644 index 759c07e1..00000000 Binary files a/source/hardware/files/NetBoard_A20_0009_USB_installer.zip and /dev/null differ diff --git a/source/hardware/files/NetBoard_A20_0013_USB_installer.zip b/source/hardware/files/NetBoard_A20_0013_USB_installer.zip deleted file mode 100644 index 3740e9d6..00000000 Binary files a/source/hardware/files/NetBoard_A20_0013_USB_installer.zip and /dev/null differ diff --git a/source/hardware/files/NetBoard_A20_010a_USB_installer.zip b/source/hardware/files/NetBoard_A20_010a_USB_installer.zip deleted file mode 100644 index e316680d..00000000 Binary files a/source/hardware/files/NetBoard_A20_010a_USB_installer.zip and /dev/null differ