{"id":153,"date":"2026-04-06T13:40:40","date_gmt":"2026-04-06T13:40:40","guid":{"rendered":"https:\/\/kr0311.com\/projects\/?p=153"},"modified":"2026-04-06T18:02:40","modified_gmt":"2026-04-06T18:02:40","slug":"watchguard-xtm5-bios-unlock-guide","status":"publish","type":"post","link":"https:\/\/kr0311.com\/projects\/watchguard-xtm5-bios-unlock-guide\/","title":{"rendered":"WatchGuard XTM 5 Series \u2013 BIOS Backup &amp; Flash Guide"},"content":{"rendered":"<p>\nThis <strong>WatchGuard XTM 5 BIOS unlock guide<\/strong> shows you how to safely back up and flash an unlocked BIOS without bricking your device.\n<\/p>\n<p>\nThis is not a \u201cquick hack\u201d guide. This is the <strong>proper method<\/strong> \u2014 with full backups, validation, and recovery safety built in.\n<\/p>\n<hr>\n<h3>\u26a0\ufe0f READ THIS FIRST (IMPORTANT)<\/h3>\n<ul>\n<li>This process <strong>can brick your device<\/strong> if done incorrectly<\/li>\n<li>Do <strong>not<\/strong> skip steps<\/li>\n<li>Do <strong>not<\/strong> guess anything<\/li>\n<li>If something does not match this guide, <strong>STOP<\/strong><\/li>\n<\/ul>\n<p>\nYou are doing this at your own risk \u2014 but if you follow this exactly, you will dramatically reduce the chances of getting into trouble.\n<\/p>\n<hr>\n<h3>\ud83d\udce6 What the WatchGuard XTM 5 BIOS Unlock Fixes<\/h3>\n<ul>\n<li>Removes locked BIOS menus<\/li>\n<li>Allows SATA mode changes (AHCI support)<\/li>\n<li>Enables full hardware control<\/li>\n<li>Makes the device usable for custom OS installs such as OPNsense or pfSense<\/li>\n<\/ul>\n<p>\nIn short, the <strong>WatchGuard XTM 5 BIOS unlock<\/strong> turns the box from a locked appliance into something you can actually repurpose properly.\n<\/p>\n<hr>\n<h3>\u2b07\ufe0f Download the Unlocked BIOS<\/h3>\n<p>\nDownload the unlocked BIOS file here:\n<\/p>\n<p>\n<a href=\"https:\/\/kr0311.com\/projects\/download\/watchguard-xtm-5-series-unlocked-bios\/\" target=\"_blank\"><br \/>\nWatchGuard XTM 5 Series Unlocked BIOS<br \/>\n<\/a>\n<\/p>\n<hr>\n<h3>\ud83e\uddf0 What You Need Before Starting<\/h3>\n<ul>\n<li>WatchGuard XTM 5 Series device<\/li>\n<li>CF card with OPNsense installed<\/li>\n<li>Ethernet cable connected to WAN (<code>em0<\/code>)<\/li>\n<li>A PC on the same network<\/li>\n<li>WinSCP installed<\/li>\n<\/ul>\n<p>\nThis method assumes you are booting a temporary environment first, not flashing from a live production install.\n<\/p>\n<hr>\n<h3>\ud83e\udde0 Original BIOS Mod Credit<\/h3>\n<p>\nThis unlocked BIOS originates from work within the Netgate community (circa 2013).\n<\/p>\n<p>\nCredit goes in part to <a href=\"https:\/\/forum.netgate.com\/user\/stephenw10\" target=\"_blank\" rel=\"nofollow noopener\">stephenw10<\/a>, who was involved in the original XTM5 BIOS work, along with the wider community behind it.\n<\/p>\n<p>\nView the original discussion here:<br \/>\n<a href=\"https:\/\/forum.netgate.com\/topic\/197131\/can-someone-help-me-with-the-bios-mod-on-really-old-hardware-watchguard-xtm-5\" target=\"_blank\" rel=\"nofollow noopener\"><br \/>\nNetgate XTM5 BIOS thread<br \/>\n<\/a>\n<\/p>\n<p>\nThis file is hosted here to preserve access, as many original sources have disappeared over time.\n<\/p>\n<hr>\n<h2>Step 1 \u2013 Boot Into OPNsense from CF Card<\/h2>\n<p>\nInsert the CF card and boot the firewall.\n<\/p>\n<p>\nMake sure:\n<\/p>\n<ul>\n<li>The SSD is <strong>not<\/strong> being used<\/li>\n<li>You are booting from the CF environment only<\/li>\n<\/ul>\n<p>\nThis keeps the environment clean and removes extra variables while performing the BIOS work.\n<\/p>\n<hr>\n<h2>Step 2 \u2013 Assign Interfaces<\/h2>\n<p>\nWhen prompted:\n<\/p>\n<ul>\n<li>Assign <strong>WAN \u2192 em0<\/strong><\/li>\n<li>Skip LAN for now<\/li>\n<\/ul>\n<p>\nLet WAN obtain an IP via DHCP.\n<\/p>\n<hr>\n<h2>Step 3 \u2013 Log Into OPNsense<\/h2>\n<p>At the console:<\/p>\n<ul>\n<li>User: <code>root<\/code><\/li>\n<li>Password: <code>opnsense<\/code><\/li>\n<\/ul>\n<p>\nThen select:\n<\/p>\n<pre><code>8<\/code><\/pre>\n<p>\nto open the shell.\n<\/p>\n<hr>\n<h2>Step 4 \u2013 Find the Firewall IP<\/h2>\n<p>\nLook at the console output and note the WAN IP address.\n<\/p>\n<p>\nYou will need this for WinSCP in a later step.\n<\/p>\n<hr>\n<h2>Step 5 \u2013 Install flashrom Safely<\/h2>\n<pre><code>pkg update\npkg install flashrom<\/code><\/pre>\n<p>\nWait for installation to complete before doing anything else.\n<\/p>\n<p>\nIf you want to read more about the tool itself, the official project is here:<br \/>\n<a href=\"https:\/\/flashrom.org\" target=\"_blank\" rel=\"nofollow noopener\">flashrom.org<\/a>\n<\/p>\n<p>\nDo not move on to the actual flash stage until the tool installs successfully and the system remains stable.\n<\/p>\n<hr>\n<h2>Step 6 \u2013 Confirm Flash Chip Detection<\/h2>\n<pre><code>flashrom -p internal<\/code><\/pre>\n<p>\nYou should see the flash chip detected.\n<\/p>\n<p>\nIf you see:\n<\/p>\n<pre><code>No EEPROM\/flash device found<\/code><\/pre>\n<p>\n<strong>Stop here<\/strong> and do not continue.\n<\/p>\n<hr>\n<h2>Step 7 \u2013 Backup the BIOS (CRITICAL)<\/h2>\n<pre><code>flashrom -p internal -r \/tmp\/bios1.bin\nflashrom -p internal -r \/tmp\/bios2.bin<\/code><\/pre>\n<p>\nThis creates two separate BIOS backups.\n<\/p>\n<hr>\n<h2>Step 8 \u2013 Verify Backups Match<\/h2>\n<pre><code>md5 \/tmp\/bios1.bin\nmd5 \/tmp\/bios2.bin<\/code><\/pre>\n<p>\nThe hashes must match exactly.\n<\/p>\n<p>\nIf they do not match, <strong>stop immediately<\/strong>.\n<\/p>\n<hr>\n<h2>Step 9 \u2013 Verify Backup Files Exist<\/h2>\n<pre><code>ls -lh \/tmp\/bios*.bin<\/code><\/pre>\n<p>\nYou should see both backup files present in <code>\/tmp<\/code>.\n<\/p>\n<hr>\n<h2>Step 10 \u2013 Copy Backups to Your PC with WinSCP<\/h2>\n<p>\nOpen <strong>WinSCP<\/strong> and create a new connection using:\n<\/p>\n<ul>\n<li><strong>File protocol:<\/strong> SCP<\/li>\n<li><strong>Host name:<\/strong> your firewall IP<\/li>\n<li><strong>Port:<\/strong> 22<\/li>\n<li><strong>User:<\/strong> root<\/li>\n<li><strong>Password:<\/strong> opnsense<\/li>\n<\/ul>\n<p>\nAccept the host key if prompted.\n<\/p>\n<p>\nOnce connected, browse to:\n<\/p>\n<pre><code>\/tmp<\/code><\/pre>\n<p>\nDownload:\n<\/p>\n<ul>\n<li><code>bios1.bin<\/code><\/li>\n<li><code>bios2.bin<\/code><\/li>\n<\/ul>\n<p>\nStore them somewhere safe \u2014 ideally in more than one place.\n<\/p>\n<p>\nThese files are your recovery safety net if anything goes wrong later.\n<\/p>\n<hr>\n<h2>Step 11 \u2013 Upload the Unlocked BIOS<\/h2>\n<p>\nUsing WinSCP, upload the BIOS file:\n<\/p>\n<pre><code>xtm5_83.rom<\/code><\/pre>\n<p>\nto:\n<\/p>\n<pre><code>\/tmp<\/code><\/pre>\n<hr>\n<h2>Step 12 \u2013 Verify the BIOS File<\/h2>\n<p>\nCheck that the uploaded file exists:\n<\/p>\n<pre><code>ls -lh \/tmp\/xtm5_83.rom<\/code><\/pre>\n<p>\nExpected size:\n<\/p>\n<ul>\n<li><strong>1,048,576 bytes (1MB)<\/strong><\/li>\n<\/ul>\n<p>\nIf the size does not match, stop there. Do not flash a file you have not verified.\n<\/p>\n<hr>\n<h2>Step 13 \u2013 Final Checks<\/h2>\n<ul>\n<li>SSD removed<\/li>\n<li>Running from CF only<\/li>\n<li>Flash chip detected<\/li>\n<li>Two backups created<\/li>\n<li>Backups match<\/li>\n<li>Backups copied safely to PC<\/li>\n<li>ROM file size is correct<\/li>\n<\/ul>\n<p>\nIf anything in that list is wrong, stop and fix it first.\n<\/p>\n<hr>\n<h2>Step 14 \u2013 Flash the BIOS<\/h2>\n<pre><code>flashrom -p internal -w \/tmp\/xtm5_83.rom<\/code><\/pre>\n<p>\nWait for completion and let the write and verification finish fully.\n<\/p>\n<p>\n<strong>Do not power off during this step.<\/strong>\n<\/p>\n<hr>\n<h2>Step 15 \u2013 Reboot<\/h2>\n<pre><code>reboot<\/code><\/pre>\n<hr>\n<h2>Step 16 \u2013 Confirm the Unlock<\/h2>\n<p>\nOn boot, enter BIOS and check:\n<\/p>\n<ul>\n<li>menus are now unlocked<\/li>\n<li>SATA mode is editable<\/li>\n<\/ul>\n<p>\nIf both are true, the <strong>WatchGuard XTM 5 BIOS unlock<\/strong> worked.\n<\/p>\n<hr>\n<h2>\ud83e\udde0 Why This Method Matters<\/h2>\n<p>\nMany guides skip validation and jump straight to flashing \u2014 that\u2019s how devices get bricked.\n<\/p>\n<ul>\n<li>Confirm detection first<\/li>\n<li>Take two backups<\/li>\n<li>Verify both match<\/li>\n<li>Copy backups off-device<\/li>\n<li>Validate ROM file before flashing<\/li>\n<\/ul>\n<p>\nThat extra caution is what makes this method repeatable instead of risky.\n<\/p>\n<hr>\n<h2>\ud83d\udca1 Final Notes<\/h2>\n<ul>\n<li>Keep your original BIOS backups forever<\/li>\n<li>Only flash when necessary<\/li>\n<li>This unlock makes these boxes far more useful for homelab work<\/li>\n<li>If you plan to swap CPUs later, be aware that additional AML \/ EIST tuning may still be useful depending on your setup<\/li>\n<\/ul>\n<hr>\n<h2>\ud83d\ude80 Done<\/h2>\n<p>\nYou now have a properly unlocked WatchGuard XTM 5 Series device ready for real use.\n<\/p>\n<p>\nNo more locked menus. No more \u201cview only\u201d nonsense.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Step-by-step WatchGuard XTM 5 BIOS unlock guide showing how to back up the original BIOS, connect with WinSCP, and safely flash the unlocked ROM.<\/p>\n","protected":false},"author":1,"featured_media":146,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[119,116,70,64,117,107,63,108,118,110],"class_list":["post-153","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-builds-projects","tag-bios-flashing","tag-flashrom","tag-homelab-firewall","tag-opnsense","tag-pfsense","tag-watchguard-bios-unlock","tag-watchguard-xtm-5","tag-watchguard-xtm5","tag-winscp","tag-xtm5-bios-flash"],"_links":{"self":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/comments?post=153"}],"version-history":[{"count":5,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/153\/revisions"}],"predecessor-version":[{"id":164,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/153\/revisions\/164"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/media\/146"}],"wp:attachment":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/media?parent=153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/categories?post=153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/tags?post=153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}