Dell VEP/VMWare Edge/Velo Cloud SD-WAN/VeraCloud VEP1400/VEP1400-X firewall units
- Thread starter j_h_o
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
)@oneplane I have both the 610 (VEP1400) and 640(VEP1400-X). How did you manage to flash the dell diagnostics on the 640? I've tried on the 640 but now i just get the following screen and I think something went wrong.
I've used the following files from dell: Bios and diagnostics
I've used rufus to flash the memory pen with the diagnostics ISO and then tried to install the diagnostics on the EMMC module.
It would be much appreaciated if you could help can point me to a guide on how to get the Dell diagnostics installed and how to run the bios update.
Thank you in advance.
I've used the following files from dell: Bios and diagnostics
I've used rufus to flash the memory pen with the diagnostics ISO and then tried to install the diagnostics on the EMMC module.
It would be much appreaciated if you could help can point me to a guide on how to get the Dell diagnostics installed and how to run the bios update.
Thank you in advance.
Last edited:
This is the EFI shell, it's what is left as the default boot option when all other options aren't available. Looking at the drives it seems that FS0 should work (EMMC AFAICT). If DiagOS didn't get a efibootmanager entry (it should have) you can generally do it manually:
fs0:/
dir
(look for EFI or BOOT)
cd efi (or boot)
dir (yes again)
There should be a grub.efi, boot.efi, grubx64.efi or something like it, which you can launch (grubx64.efi [ENTER]) and that should then start the normal boot process.
The EFI boot manager entry can be fixed from within DiagOS, but let's make sure you at least get to there you need to go.
@mirochulovesnetwork which header/s did you use on the 610 to dump the images? I have a working 610 that is unmodified and I will be able to pull the CPLD and PIC images once i have a CH341A. A pinot would be very useful.
i've desoldered the flashs and attached directly some cables to the pins, here is the schematics of the flash
i attached it to the ch341a like this:
FLASH --> CH341A
CS -- > CS
DO -- > MISO
WP -- > N/A
GND -- > GND
DI -- > MOSI/MOIS (on some boards is misspelled)
CLK -- > CLK
HOLD -- > N/C
VCC -- > VCC
I suggest you to do the 3.3v mod on your ch341a because on some boards (black ones) it always gives 5v data lines at the flash and you could fry it.
Here is the tutorial i've used, is pretty easy if you have basic soldering skills
PS make sure to dump the 2 flash!
It looks like I had a issue and it didn't install the diagnostics. I've reflashed the usb drive with rufus in dd mode and turned off compatability mode in the bios and it then installed and I managed to update the bios, CPLD and PIC.
or I think so anyway:
*edit - Success... no more rebooting every 5 min... I will intall PFsense tomorrow... I will follow up with progress
Last edited:
The 620 is a vep1400x. I used the ./vep1400x_ufw_2.2 command and it upgraded everything automatically.
@mirochulovesnetwork
My CH341A is on the way from Ali express so I will be able to grab a bios image off the unchanged dell edge 610 once its arrived... its due sometime next month
My CH341A is on the way from Ali express so I will be able to grab a bios image off the unchanged dell edge 610 once its arrived... its due sometime next month
Sorry to hear that. Didn't think about removing the link.
I have searched for a BIOS update for that specific model in both, Dell's website and VMWare's, but no luck so far.
I suspect that 610 models were sold exclusively by other vendors, like VMWare, so Dell will not have any downloads related to it.
Also, after searching for it through VMWare/VeloCloud docs, seems that upgrades had to be made from the OS itself.
If I understand it correctly the I2Cwrite as its not persistant during upgrades of PFsense like the bios upgrade on the edge 640 and I will be deploying at a remote location. Therefore its of concirn and it needs to be a robust solution.
I did however notice that if you boot the 610 into the UEFI shell that the watchdog is not kicking in as I was in it for over an hour with no restarts... It also looks like you can have a look through the bios using the SMBIOSVIEW command.
This might be a noob question but is it possible to deactivate the watchdog by booting into the UEFI shell and modifying the bios that way... similar to how some people reactivate under voltage function again on a locked down laptop bios?
Also are you able to update the bios from the UEFI shell on a EDGE 610?
Last edited:
Yes, the watchdog is controlled by a UEFI variable as well, I haven't looked for it yet, but UEFITool would be able to help you find it. It does require a firmware backup image or firmware upgrade image. DiagOS and the UFW package can get a UEFI image. Reading the SPI chip directly also works.
As for i2cwrite during upgrades: the write command only needs to be done once in the first 5 minutes of a boot, so as long as it is added directly after mounting the disk (so an early boot command) it will always be on time.
I will have to wait for the CH341A to arrive and make a bios dump on the Edge 610... as I could not find the bios anywhere for the Edge 610 at all.
So I had a dig through @mirochulovesnetwork edge 610 bios upload and I've manage to extract (Full on noob here so I'm winging it here) but I did find something interesting:
So asuming that this is the watchdog disable option...the question would be... how do you turn it off without gui access eg through the built in shell?
Any advice would be appreaciated
So asuming that this is the watchdog disable option...the question would be... how do you turn it off without gui access eg through the built in shell?
Any advice would be appreaciated
So the WatchDogTimerDXE is essentially a Firmware Driver, this in itself it not what you need, but does show that there is EFI control over the WatchDog.
What you need is the EFIVars, which you are also on the right track for. It goes something like this:
- Discover which EFI Var corresponds to the watchdog
- Use an UEFI shell with a var writer to edit it on the device
- Reboot into the OS and see if it stuck
I'll see if I can find the 'how-to' version for those steps, I think it was even posted on the forum here.
Edit: This is the closest I got in a few minutes: ~jlin: blog: 2020-06-01 :: Hacking UEFI Variables
What you need is the EFIVars, which you are also on the right track for. It goes something like this:
- Discover which EFI Var corresponds to the watchdog
- Use an UEFI shell with a var writer to edit it on the device
- Reboot into the OS and see if it stuck
I'll see if I can find the 'how-to' version for those steps, I think it was even posted on the forum here.
Edit: This is the closest I got in a few minutes: ~jlin: blog: 2020-06-01 :: Hacking UEFI Variables
So that DXE is the 'default' EDK2 WatchdogTimer that comes standard with UEFI 2.0 (edk2/MdeModulePkg/Universal/WatchdogTimerDxe at master · tianocore/edk2) so that is a prime candidate. I don't know if this is also what Dell users, because come to think of it, the timer was reset over I2C and not using an UEFI Protocol... so perhaps the PIC in the VEP is used for watchdog functions and the UEFI DXE is embedded but not used at all.
On the other hand, the UEFI spec does state that the WDT has to be set to 5 minutes when initiating an UEFI boot, so the time does match 100%...
(via u-boot/efi_watchdog.c at c2ea87883ef309570c8903e6de4b8b78685d73d0 · ni/u-boot )
If the UEFI WDT is the only one running, the only thing needed isn't an EFI Var, but an EFI Protocol signal. Sometimes the EFI loader or BTX does that (just like GRUB).
On the other hand, the UEFI spec does state that the WDT has to be set to 5 minutes when initiating an UEFI boot, so the time does match 100%...
Code:
* The UEFI standard requires that the watchdog timer is set to five
* minutes when invoking an EFI boot option.
*If the UEFI WDT is the only one running, the only thing needed isn't an EFI Var, but an EFI Protocol signal. Sometimes the EFI loader or BTX does that (just like GRUB).
I've tried the extracting the watchdog information using the IFRextractor but it doesn't find any information on the bios dumps from mirochulovesnetwork uploaded from his bricked edge 610. I am waiting for my CH341A to arrive and I will pull the unedited bios off my 610 and retry as the grub bootloader on the edge 610 is password protected so I cant even dig into that to see if they disable the watchdog in there