cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

USB Flash Firmware Upgrade

The SMB series firmware can be upgraded using the WebGUI, but this leaves the factory default image at the former, lower firmware version, as it only updates the primary firmware image. So when using “Revert to the factory default image and settings“, the old firmware version from the factory default image will be used, and the firmware will have to be upgraded using the WebGUI.

An upgrade from CLI is also possible, even offline (sk143274): Copy the image to the /storage directory (using WinSCP) and run (from Expert mode):

# upgrade_revert_image.sh /storage/%FILENAME% upgrade safe

Or run the following commands online in expert mode (sk141512):

# /opt/fw1/bin/fw check_available_firmware 
# /opt/fw1/bin/fw download_firmware
# /pfrm2.0/bin/cloud_upgrade.sh

Using a USB Flash device, both the SMB series factory default and the primary firmware can be upgraded at once. This installation procedure works after every reboot if the USB medium is attached and readable. Details can be found in sk107592: How perform a fresh/clean install of firmware on 600/700/1100 appliance via USB. Additional advice can be found in sk98549: How to Burn Check Point 600 / 700 / 1100 Appliances version with Disk-On-Key where you read: These instructions should be followed only if recommended by support. So there should be a good reason to do so, like when a Factory Reset does not resolve an issue that appears only on one device (so it is more the step taken before applying for a RMA).

CAUTION: Different USB Flash media may show a different behaviour concerning loading images from USB; for example, USB Flash that installs a new firmware image successfully on 1100 / 600 may fail to install with a SG80. Also, the USB medium must use a FAT32 file system.

Using a USB Flash device is started by a reboot (here from a 600/1100):

** MARVELL BOARD: RD-88F6281A LE

U-Boot 1.1.4 (Aug 11 2010 - 13:38:30) Check Point version: 3.4.27

U-Boot code: 00600000 -> 0067FFF0  BSS: -> 006CFB00

Soc: 88F6281 A1 (DDR2)

CPU running @ 1200Mhz L2 running @ 400Mhz

SysClock = 400Mhz , TClock = 200Mhz

DRAM CAS Latency = 5 tRP = 5 tRAS = 18 tRCD=6

DRAM CS[0] base 0x00000000   size 256MB

DRAM Total size 256MB  16bit width

************ Hit 'Ctrl + C' for boot menu ************

Addresses 8M - 0M are saved for the U-Boot usage.

Mem malloc Initialization (8M - 7M): Done

NAND:512 MB

Flash:  0 kB

CPU : Marvell Feroceon (Rev 1)

Streaming disabled

Write allocate disabled

Module 0 is RGMII

Module 1 is TDM

USB 0: host mode

PEX 0: interface detected no Link.

Net:   egiga0, egiga1 [PRIME]

Reading data from 0xe0000 -- 100% complete.

Verifying CRC for settings area... Done

On the 1200R this looks different:

OCTEON eMMC stage 1 bootloader

Partition: 1, start: 0x0000000000000800, size: 0x0000000000004800

Reading 457576................................................................................................................................................................................................................................ Done.

Loaded OCTBOOT2BIN

Branch to stage 2 at:0xFFFFFFFF81004000

U-Boot 2013.07 (Development build, svnversion: u-boot:exported, exec:) (Build time: Jan 19 2015 - 10:17:06)

Warning: Board descriptor tuple not found in eeprom, using defaults

EVB7000_SFF board revision major:1, minor:0, serial #: unknown

OCTEON CN7010-SCP pass 1.2, Core clock: 1200 MHz, IO clock: 500 MHz, DDR clock: 667 MHz (1334 Mhz DDR)

Base DRAM address used by u-boot: 0x4f804000, size: 0x7fc000

DRAM: 1 GiB

Clearing DRAM...... done

Using default environment

MMC:   Octeon MMC/SD0: 1

reading u-boot-octeon_evb7000_sff.bin

U-Boot 2013.07 (Development build, svnversion: u-boot:exported, exec:) (Build time: Jan 11 2015 - 17:13:00)

Check Point version: 990170212

************ Hit 'Ctrl + C' for boot menu ************

OCTEON CN7010-AAP pass 1.2, Core clock: 1200 MHz, IO clock: 500 MHz, DDR clock: 667 MHz (1334 Mhz DDR)

Base DRAM address used by u-boot: 0x4e000000, size: 0x2000000

DRAM: 1 GiB

Clearing DRAM...... done

Octeon MMC/SD0: 1

Flash: 0 Bytes

PCIe: Port 0 not in PCIe mode, skipping

PCIe: Port 1 not in PCIe mode, skipping

PCIe: Port 2 not in PCIe mode, skipping

PCI console init succeeded, 1 consoles, 1024 bytes each

PCIe: Port 0 not in PCIe mode, skipping

PCIe: Port 1 not in PCIe mode, skipping

PCIe: Port 2 not in PCIe mode, skipping

Type the command 'usb start' to scan for USB storage devices.

mmc1(part 0) is current device

MMC read: dev # 1, address # a80000, count 524288 ... 1024 blocks read: OK

Verifying CRC for settings area... Done

And a 7x0 / 14x0 appliance shows:

Annapurna Labs stage 2: stage2_eth3_ram_loader v1.65.1

Executing next!

Annapurna Labs stage 2: stage2.5_loader v1.65.1

SPD I2C Address:00000057

Executing next!

-----------------------------------------------------

Stage 3 version: 1.65.1

Commit ID: e88c9c4

CVOS commit ID: d32367c

HAL commit ID: 8b8f7b5

Build date: May 20 2015 19:57:35

-----------------------------------------------------

EEPROM Revision ID = 37

Device ID = a312

Device Info: AL31200-1700

Loading DT to 00100000 (18909 bytes)...

Board config ID: alpine_db (S1-L71)

Loading application to 00100000 (458192 bytes)...

Executing application...

U-Boot 2015.01-alpine_db_s1-1.65.1-HAL (Jan 14 2016 - 16:51:23)  Check Point version: 64

I2C:   ready

DRAM:  1 GiB

power_init_board: EEPROM per device information - using defaults!

Board config ID: alpine_db (S1-L71)

NAND:  1024 MiB

  00:00.0     - 1c36:0002 - Network controller

  00:01.0     - 1c36:0001 - Network controller

  00:02.0     - 1c36:0002 - Network controller

  00:03.0     - 1c36:0001 - Network controller

  00:04.0     - 1c36:0011 - Cryptographic device

  00:05.0     - 1c36:0021 - Base system peripheral

PCIE_0: Link up. Speed 2.5GT/s Width x1

  01:00.0     - 168c:003c - Network controller

pci_init_board_external: PCIE_1 no link found

PCIE_2: Link up. Speed 5GT/s Width x1

  02:00.0     - 1912:0015 - Serial bus controller

In:    serial

Out:   serial

Err:   serial

Net:   reg=26 data=36928

reg=26 data=36928

al_eth0, al_eth1 [PRIME], al_eth2, al_eth3

Trying to read nand: 262144 bytes from offset 3145728

Read nand: 262144 bytes from nand

blob magic: a5a51234

blob crc: 359ef56a

Verifying CRC for settings area... Done

************ Hit 'Ctrl + C' for boot menu ************

 2  1      

Saving Environment to NAND...

Erasing NAND...

Erasing at 0x280000 -- 100% complete.

Writing to NAND... OK

Saving Environment to NAND...

Erasing redundant NAND...

Erasing at 0x2c0000 -- 100% complete.

Writing to redundant NAND... OK

Saving Environment to NAND...

Erasing NAND...

Erasing at 0x280000 -- 100% complete.

Writing to NAND... OK

bootargs=boardFlavor=alpine_db_s1 quiet console=ttyS0,115200 noExtPorts= maxcpus=2 cp_net_config=3,(00:1C:7F:73:0A:59)(00:1C:7F:73:0A:5A)(00:1C:7F:73:0A:5B) pci=pcie_bus_perf

device 0 offset 0x380000, size 0x3fc80000

do_nand: set partition base address to=380000

NAND read: device 0 offset 0x380000, size 0x1000000

 16777216 bytes read: OK

## Booting kernel from Legacy Image at 08001000 ...

   Image Name:   Linux-3.10.20-al-5.0-pr2

   Created:      2018-05-10  11:39:02 UTC

   Image Type:   ARM Linux Kernel Image (uncompressed)

   Data Size:    8658144 Bytes = 8.3 MiB

   Load Address: 00008000

   Entry Point:  00008000

   Verifying Checksum ... OK

## Flattened Device Tree blob at 03b2d008

   Booting using the fdt blob at 0x3b2d008

   Loading Kernel Image ... OK

   reserving fdt memory region: addr=0 size=100000

   Loading Device Tree to 03b11000, end 03b189dc ... OK

Starting kernel ...

Uncompressing Linux... done, booting the kernel.

INIT: version 2.88 booting

Booting [1mCheck Point RD-6281-A[0m User Space...

.================

INIT: Entering runlevel: 3

............................................................crond[1854]: crond 1.8.1 started, log level 8

........................

System Started...

Now the appliances looks at the USB devices:

/sys/devices/soc.0/fd840000.pcie-external2/pci0002:00/0002:00:00.0/0002:01:00.0/usb1/1-1/1-1:1.0/host0/target0:0:0/0:0:0:0/block/sda/sda1

If a valid file is found, it is read in, verified and installed after reboot:

Verifying image : /mnt/usb1/fw1_sx_dep_R77_990172392_20.img

Installing image : /mnt/usb1/fw1_sx_dep_R77_990172392_20.img

Upgrade log : /mnt/usb1/usb_image_upgrade_00-1C-7F-73-0A-59.log

Restoring to factory default settings

**************************************************************

WARNING:   RESET TO FACTORY DEFAULTS PROCESS STARTED:

WARNING:   PLEASE DO NOT PULL OUT THE POWER CABLE

**************************************************************

INIT:

INIT: Sending processes the TERM signal

Restarting system.

First the firmware flash is erased, then both the default and primary firmware are stored and verified:

device 0 offset 0x380000, size 0x3fc80000

do_nand: set partition base address to=380000

NAND erase: device 0 offset 0x380000, size 0xd800000

Erasing at 0x380000 --   0% complete.

Erasing at 0x580000 --   1% complete.

Erasing at 0x7c0000 --   2% complete.

Erasing at 0x9c0000 --   3% complete.

Erasing at 0xc00000 --   4% complete.

****** lines have been left out here ******

Erasing at 0xdb40000 -- 100% complete.

OK

device 0 offset 0xdb80000, size 0x32480000

do_nand: set partition base address to=db80000

NAND erase: device 0 offset 0xdb80000, size 0xd800000

Erasing at 0xdb80000 --   0% complete.

Erasing at 0xdd80000 --   1% complete.

Erasing at 0xdfc0000 --   2% complete.

Erasing at 0xe1c0000 --   3% complete.

****** lines have been left out here ******

Erasing at 0x1b340000 -- 100% complete.

OK

Saving Environment to NAND...

Erasing NAND...

Erasing at 0x280000 -- 100% complete.

Writing to NAND... OK

Saving Environment to NAND...

Erasing redundant NAND...

Erasing at 0x2c0000 -- 100% complete.

Writing to redundant NAND... OK

device 0 offset 0x2c980000, size 0x13680000

do_nand: set partition base address to=2c980000

NAND erase: device 0 offset 0x2c980000, size 0x13680000

Erasing at 0x2c980000 --   0% complete.

Erasing at 0x2cc80000 --   1% complete.

Erasing at 0x2cf80000 --   2% complete.

Erasing at 0x2d2c0000 --   3% complete.

****** lines have been left out here ******

Erasing at 0x3fcc0000 --  99% complete.

Erasing at 0x3ffc0000 -- 100% complete.

OK

device 0 offset 0x1b380000, size 0x24c80000

do_nand: set partition base address to=1b380000

NAND read: device 0 offset 0x1b380000, size 0x8ec0000

 149684224 bytes read: OK

device 0 offset 0x380000, size 0x3fc80000

do_nand: set partition base address to=380000

NAND write: device 0 offset 0x380000, size 0x8ec0000

NAND write bytes left: 149684224

NAND write bytes left: 141295616

NAND write bytes left: 132907008

NAND write bytes left: 124518400

NAND write bytes left: 116129792

NAND write bytes left: 107741184

NAND write bytes left: 99352576

NAND write bytes left: 90963968

NAND write bytes left: 82575360

NAND write bytes left: 74186752

NAND write bytes left: 65798144

NAND write bytes left: 57409536

NAND write bytes left: 49020928

NAND write bytes left: 40632320

NAND write bytes left: 32243712

NAND write bytes left: 23855104

NAND write bytes left: 15466496

 149684224 bytes written: OK

Saving Environment to NAND...

Erasing NAND...

Erasing at 0x280000 -- 100% complete.

Writing to NAND... OK

bootargs=boardFlavor=alpine_db_s1 quiet console=ttyS0,115200 noExtPorts= maxcpus=2 cp_net_config=3,(00:1C:7F:73:0A:59)(00:1C:7F:73:0A:5A)(00:1C:7F:73:0A:5B) pci=pcie_bus_perf

device 0 offset 0x380000, size 0x3fc80000

do_nand: set partition base address to=380000

NAND read: device 0 offset 0x380000, size 0x1000000

 16777216 bytes read: OK

## Booting kernel from Legacy Image at 08001000 ...

   Image Name:   Linux-3.10.20-al-5.0-pr2

   Created:      2018-05-10  11:39:02 UTC

   Image Type:   ARM Linux Kernel Image (uncompressed)

   Data Size:    8658144 Bytes = 8.3 MiB

   Load Address: 00008000

   Entry Point:  00008000

   Verifying Checksum ... OK

## Flattened Device Tree blob at 03b2d008

   Booting using the fdt blob at 0x3b2d008

   Loading Kernel Image ... OK

   reserving fdt memory region: addr=0 size=100000

   Loading Device Tree to 03b11000, end 03b189dc ... OK

Starting kernel ...

Uncompressing Linux... done, booting the kernel.

INIT: version 2.88 booting

Booting [1mCheck Point RD-6281-A[0m User Space...

.================

INIT: Entering runlevel: 3

.............

------------- This is a first boot ---------------

........................................................................

------------- First boot done ---------------

 

System Started...

Now the unit has booted from the new primary firmware image and the FirstTimeWizard can be run for configuration. If a backup from the same firmware version is available, we can restore the backup. Otherwise, we can install another firmware version using WebGUI to be able to restore the backup. When importing backup, the MAC address, firewall type and license are imported as well. GUI will show all that information imported. This is a "cosmectic" issue that can safely be ignored. The model logo will revert to the right model logo within 24 hours. If you run ifconfig, the correct MAC address is shown. Another possibility is to use autoconf.clish files for configuration as explained in following 3rd part: USB First Time Config using autoconf.clish files.

 

Firmware files have model-specific names: fw1_dep_R77_990170830_20.img (600 / 1100), fw1_ind_dep_R77_990170830_20.img (1200R) and for 700 / 1400 devices fw1_sx_dep_R77_990170830_20.img.