wikiUpdating Broadcom network card firmware with niccli under OPNsense
OPNsense provides drivers for network cards, among other things, via the included FreeBSD kernel. These are usually updated with the new releases. The article OPNsense Netzwerkkarten-Treiber provides an overview. The firmware of a network card is just as important for proper and high-performance operation. important for a flawless and high-performance operation. This article uses the example of a Broadcom P225p network card to show you how to update the firmware under OPNsense.
Preparation
Download the tool and firmware from Broadcom in advance:
- Copy the tool and the firmware on the server, for example via SCP
- Connect via SSH to server
Flashing firmware
After the preparations have been made and you are connected via SSH to the server, you can now flash the firmware. In the following, you will find the instructions for this.
Switch to download folder
Switch to the download folder of the firmware:
root@OPNsense:~ # cd niccli-233.0.150.0_freebsd/FreeBSD/
Unpack the archive
Unpack the archive in this folder:
root@OPNsense:~/niccli-233.0.150.0_freebsd/FreeBSD # tar xzfv niccli-233.0.150.0-freebsd.tar.gz x niccli-233.0.150.0-freebsd/ x niccli-233.0.150.0-freebsd/cmb_a.bin x niccli-233.0.150.0-freebsd/NICCLI-User Guide.pdf x niccli-233.0.150.0-freebsd/manpage/ x niccli-233.0.150.0-freebsd/th2_a_repave_sbl.signed.crid0001.bin.fastboot x niccli-233.0.150.0-freebsd/niccli.freebsd x niccli-233.0.150.0-freebsd/th_a_0x20000360_sbl.signed.crid0001.bin.fastboot x niccli-233.0.150.0-freebsd/th_a_0x20000360_sbl.signed.crid0000.bin.fastboot x niccli-233.0.150.0-freebsd/securefastboot.bin x niccli-233.0.150.0-freebsd/sr_a.bin x niccli-233.0.150.0-freebsd/Readme.txt x niccli-233.0.150.0-freebsd/manpage/niccli.1
Switch to unpacked folder
Switch to the previously unpacked folder:
root@OPNsense:~/niccli-233.0.150.0_freebsd/FreeBSD # cd niccli-233.0.150.0-freebsd
Displaying of folder content
In the unpacked folder, you will find all required tools and also instructions for niccl.
root@OPNsense:~/niccli-233.0.150.0_freebsd/FreeBSD/niccli-233.0.150.0-freebsd # ls -la total 3302 drwxrwxr-x 3 18896 wheel 12 Feb 28 17:40 . drwxr-xr-x 3 root wheel 5 Jul 16 11:48 .. -rw-r--r-- 1 18896 wheel 355929 Feb 28 17:40 NICCLI-User Guide.pdf -rw-r--r-- 1 18896 wheel 77842 Feb 28 17:40 Readme.txt -rw-r--r-- 1 18896 wheel 350548 Feb 28 17:40 cmb_a.bin drwxrwxr-x 2 18896 wheel 3 Feb 28 17:40 manpage -rwxrwxr-x 1 18896 wheel 1661968 Feb 28 17:40 niccli.freebsd -rw-r--r-- 1 18896 wheel 350200 Feb 28 17:40 securefastboot.bin -rw-r--r-- 1 18896 wheel 388684 Feb 28 17:40 sr_a.bin -rw-r--r-- 1 18896 wheel 1989076 Feb 28 17:40 th2_a_repave_sbl.signed.crid0001.bin.fastboot -rw-r--r-- 1 18896 wheel 1818852 Feb 28 17:40 th_a_0x20000360_sbl.signed.crid0000.bin.fastboot -rw-r--r-- 1 18896 wheel 1818852 Feb 28 17:40 th_a_0x20000360_sbl.signed.crid0001.bin.fastboot
Start niccli
You can start niccli with the ./niccli.freebsd command:
root@OPNsense:~/niccli-233.0.150.0_freebsd/FreeBSD/niccli-233.0.150.0-freebsd # ./niccli.freebsd
-------------------------------------------------------------------------------
NIC CLI v233.0.150.0 - Broadcom Inc. (c) 2025 (Bld-106.52.39.138.16.0)
-------------------------------------------------------------------------------
BoardId(Rev) MAC Address FwVersion PCIAddr Type Mode
1) BCM57416(B1) 7c:c2:55:c0:f4:08 224.0.158.0 0000:C6:00.0 NIC PCI
2) BCM57416(B1) 7c:c2:55:c0:f4:09 224.0.158.0 0000:C6:00.1 NIC PCI
3) BCM57414(B1) 8c:84:74:df:cc:40 227.0.135.0 0000:01:00.0 NIC PCI
4) BCM57414(B1) 8c:84:74:df:cc:41 227.0.135.0 0000:01:00.1 NIC PCI
Enter the target index to connect with :
Important hint: Note the index number; in this case, the additional card is selected, index 3 and 4.
Display details of the network card
You can also view more detailed versions of the network cards.
root@OPNsense:~/niccli-233.0.150.0_freebsd/FreeBSD/niccli-233.0.150.0-freebsd # ./niccli.freebsd -i 3 show ------------------------------------------------------------------------------- NIC CLI v233.0.150.0 - Broadcom Inc. (c) 2025 (Bld-106.52.39.138.16.0) ------------------------------------------------------------------------------- NIC State : Down Device Type : WHITNEY+ PCI Vendor ID : 0x14E4 PCI Device ID : 0x16D7 PCI Revision ID : 0x1 PCI Subsys Vendor ID : 0x14E4 PCI Subsys Device ID : 0x1402 Device Interface Name : bnxt2 MAC Address : 8C:84:74:DF:CC:40 Base MAC Address : 8C:84:74:DF:CC:40 Serial Number : A4142251200053FG Part Number : BCM957414A4142CC PCI Address : 0000:01:00.0 Chip Number : BCM57414 Chip Name : WHITNEY+ Description : Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter Firmware Name : CHIMP_FW Firmware Version : 227.0.135.0 RoCE Firmware Version : 227.0.135.0 HWRM Interface Spec : 1.10.2 Kong mailbox channel : Disabled Active Package Version : 227.1.115.0 Package Version on NVM : 227.1.115.0 Active NVM config version : 216.0.4 NVM config version : 216.0.4 Reboot Required : No HCRM Profile ID : 1 HCRM Profile Version : 1.0.8 Firmware Reset Counter : 0 Error Recovery Counter : 0 Crash Dump Timestamp : 01/01/1970 00:13:39 UTC Secure Boot : Enabled Secure Firmware Update : Enabled Device Temperature : 60 Celsius PHY Temperature : 59 Celsius Optical Module Temperature : Not Available Device Health : Good
Perform firmware update
Now, the firmware of an additional card is flashed, in this case of a Broadcom P225p. State the correct path for the downloaded firmware file.
root@OPNsense:~/niccli-233.0.150.0_freebsd/FreeBSD/niccli-233.0.150.0-freebsd # ./niccli.freebsd -i 3 install /root/BCM957414A4142CC.pkg
-------------------------------------------------------------------------------
NIC CLI v233.0.150.0 - Broadcom Inc. (c) 2025 (Bld-106.52.39.138.16.0)
-------------------------------------------------------------------------------
WARNING : Don't perform power cycle or reboot the system while firmware update
is in progress as the device may become inoperable.
Active Package Version - 227.1.115.0 : Package Version on NVM - 227.1.115.0
NetXtreme-E Controller at PCI Domain 0000:01:00:0
Device 0000:01:00:0 : Installing package file /root/BCM957414A4142CC.pkg
Device 0000:01:00:0 : will be updated to package version 233.1.135.7
Do you want to continue (y/n)?y
Firmware update in progress
The firmware update is now performed.
[...] NetXtreme-E Controller at PCI Domain 0000:01:00:0 Device 0000:01:00:0 : Installing package file /root/BCM957414A4142CC.pkg Device 0000:01:00:0 : will be updated to package version 233.1.135.7 Do you want to continue (y/n)?y Firmware Update is in progress. Please wait ... #####
Firmware update successfully performed
The network card firmware has now been successfully updated. Restart the system to apply the firmware.
[...] NetXtreme-E Controller at PCI Domain 0000:01:00:0 Device 0000:01:00:0 : Installing package file /root/BCM957414A4142CC.pkg Device 0000:01:00:0 : will be updated to package version 233.1.135.7 Do you want to continue (y/n)?y Firmware Update is in progress. Please wait ... ################## Firmware update is completed. A system reboot is needed for firmware update to take effect. FW package update SUCCESS!
Verification of the firmware
After the restart, you can verify the version status. In this case, the firmware version has now been successfully updated from 227.0.135.0 to 233.0.151.0.
root@OPNsense:~/niccli-233.0.150.0_freebsd/FreeBSD/niccli-233.0.150.0-freebsd # ./niccli.freebsd -i 3 show ------------------------------------------------------------------------------- NIC CLI v233.0.150.0 - Broadcom Inc. (c) 2025 (Bld-106.52.39.138.16.0) ------------------------------------------------------------------------------- NIC State : Down Device Type : WHITNEY+ PCI Vendor ID : 0x14E4 PCI Device ID : 0x16D7 PCI Revision ID : 0x1 PCI Subsys Vendor ID : 0x14E4 PCI Subsys Device ID : 0x1402 Device Interface Name : bnxt2 MAC Address : 8C:84:74:DF:CC:40 Base MAC Address : 8C:84:74:DF:CC:40 Serial Number : A4142251200053FG Part Number : BCM957414A4142CC PCI Address : 0000:01:00.0 Chip Number : BCM57414 Chip Name : WHITNEY+ Description : Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter Firmware Name : CHIMP_FW Firmware Version : 233.0.151.0 RoCE Firmware Version : 233.0.151.0 HWRM Interface Spec : 1.10.3 Kong mailbox channel : Disabled Active Package Version : 233.1.135.7 Package Version on NVM : 233.1.135.7 Active NVM config version : 216.0.4 NVM config version : 216.0.4 Reboot Required : No HCRM Profile ID : 1 HCRM Profile Version : 1.0.8 Firmware Reset Counter : 1 Error Recovery Counter : 0 Crash Dump Timestamp : 01/01/1970 00:13:39 UTC Secure Boot : Enabled Secure Firmware Update : Enabled Device Temperature : 60 Celsius PHY Temperature : 58 Celsius Optical Module Temperature : Not Available Device Health : Good
 |
Author: Thomas Niedermeier Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
