Builds & Projects April 6, 2026

WatchGuard XTM 5 Series – BIOS Backup & Flash Guide

This WatchGuard XTM 5 BIOS unlock guide shows you how to safely back up and flash an unlocked BIOS without bricking your device.

This is not a “quick hack” guide. This is the proper method — with full backups, validation, and recovery safety built in.

⚠️ READ THIS FIRST (IMPORTANT)

  • This process can brick your device if done incorrectly
  • Do not skip steps
  • Do not guess anything
  • If something does not match this guide, STOP

You are doing this at your own risk — but if you follow this exactly, you will dramatically reduce the chances of getting into trouble.

📦 What the WatchGuard XTM 5 BIOS Unlock Fixes

  • Removes locked BIOS menus
  • Allows SATA mode changes (AHCI support)
  • Enables full hardware control
  • Makes the device usable for custom OS installs such as OPNsense or pfSense

In short, the WatchGuard XTM 5 BIOS unlock turns the box from a locked appliance into something you can actually repurpose properly.

⬇️ Download the Unlocked BIOS

Download the unlocked BIOS file here:


WatchGuard XTM 5 Series Unlocked BIOS

🧰 What You Need Before Starting

  • WatchGuard XTM 5 Series device
  • CF card with OPNsense installed
  • Ethernet cable connected to WAN (em0)
  • A PC on the same network
  • WinSCP installed

This method assumes you are booting a temporary environment first, not flashing from a live production install.

🧠 Original BIOS Mod Credit

This unlocked BIOS originates from work within the Netgate community (circa 2013).

Credit goes in part to stephenw10, who was involved in the original XTM5 BIOS work, along with the wider community behind it.

View the original discussion here:

Netgate XTM5 BIOS thread

This file is hosted here to preserve access, as many original sources have disappeared over time.

Step 1 – Boot Into OPNsense from CF Card

Insert the CF card and boot the firewall.

Make sure:

  • The SSD is not being used
  • You are booting from the CF environment only

This keeps the environment clean and removes extra variables while performing the BIOS work.

Step 2 – Assign Interfaces

When prompted:

  • Assign WAN → em0
  • Skip LAN for now

Let WAN obtain an IP via DHCP.

Step 3 – Log Into OPNsense

At the console:

  • User: root
  • Password: opnsense

Then select: 

8

to open the shell.

Step 4 – Find the Firewall IP

Look at the console output and note the WAN IP address.

You will need this for WinSCP in a later step.

Step 5 – Install flashrom Safely

pkg update
pkg install flashrom

Wait for installation to complete before doing anything else.

If you want to read more about the tool itself, the official project is here:
flashrom.org

Do not move on to the actual flash stage until the tool installs successfully and the system remains stable.

Step 6 – Confirm Flash Chip Detection

flashrom -p internal

You should see the flash chip detected.

If you see: 

No EEPROM/flash device found

Stop here and do not continue.

Step 7 – Backup the BIOS (CRITICAL)

flashrom -p internal -r /tmp/bios1.bin
flashrom -p internal -r /tmp/bios2.bin

This creates two separate BIOS backups.

Step 8 – Verify Backups Match

md5 /tmp/bios1.bin
md5 /tmp/bios2.bin

The hashes must match exactly.

If they do not match, stop immediately.

Step 9 – Verify Backup Files Exist

ls -lh /tmp/bios*.bin

You should see both backup files present in /tmp.

Step 10 – Copy Backups to Your PC with WinSCP

Open WinSCP and create a new connection using:

  • File protocol: SCP
  • Host name: your firewall IP
  • Port: 22
  • User: root
  • Password: opnsense

Accept the host key if prompted.

Once connected, browse to: 

/tmp

Download:

  • bios1.bin
  • bios2.bin

Store them somewhere safe — ideally in more than one place.

These files are your recovery safety net if anything goes wrong later.

Step 11 – Upload the Unlocked BIOS

Using WinSCP, upload the BIOS file: 

xtm5_83.rom

to: 

/tmp

Step 12 – Verify the BIOS File

Check that the uploaded file exists: 

ls -lh /tmp/xtm5_83.rom

Expected size:

  • 1,048,576 bytes (1MB)

If the size does not match, stop there. Do not flash a file you have not verified.

Step 13 – Final Checks

  • SSD removed
  • Running from CF only
  • Flash chip detected
  • Two backups created
  • Backups match
  • Backups copied safely to PC
  • ROM file size is correct

If anything in that list is wrong, stop and fix it first.

Step 14 – Flash the BIOS

flashrom -p internal -w /tmp/xtm5_83.rom

Wait for completion and let the write and verification finish fully.

Do not power off during this step.

Step 15 – Reboot

reboot

Step 16 – Confirm the Unlock

On boot, enter BIOS and check:

  • menus are now unlocked
  • SATA mode is editable

If both are true, the WatchGuard XTM 5 BIOS unlock worked.

🧠 Why This Method Matters

Many guides skip validation and jump straight to flashing — that’s how devices get bricked.

  • Confirm detection first
  • Take two backups
  • Verify both match
  • Copy backups off-device
  • Validate ROM file before flashing

That extra caution is what makes this method repeatable instead of risky.

💡 Final Notes

  • Keep your original BIOS backups forever
  • Only flash when necessary
  • This unlock makes these boxes far more useful for homelab work
  • If you plan to swap CPUs later, be aware that additional AML / EIST tuning may still be useful depending on your setup

🚀 Done

You now have a properly unlocked WatchGuard XTM 5 Series device ready for real use.

No more locked menus. No more “view only” nonsense.

Previous Update Repurposed a WatchGuard XTM 5 into an OPNsense Firewall

Leave a Reply

Your email address will not be published. Required fields are marked *