This guide installs EFW 3.2.4 on ALIX or APU2 boxes.

• You need a null-modem cable and a USB to DB9 cable, if your computer does not have a serial connector (current computers do not have a serial connector anymore, but you might find an extension card to add a serial connector)
• A null-modem cable is a DB9 cable with Pin 2 and 3 crossed, see DB9 Pinout
• Check that PuTTY and your cables work by connecting Pin 2 and 3 on your DB9 cable with a paper clip. Start PuTTY with baud rate 115200,8n1, and type some characters
• Boot into the APU2 box to verify that connection to console is working. You might need to press the reset button at the front of the box with a paper clip to enable console output
• Download the Endian Firewall iso file

• Endian Firewall can only boot from a USB stick formatted with ext3/4 or ISO9660 filesystems. The latter is the filesystem used to write CD ROM disks. All of these are not available under Windows, and preparing a USB stick with ext3/4 filesystems is tricky under Linux, so I chose another approach as outlined below.
• Since the APU2 box has no video output, we need to prepare the image to be used with the console. This requires to modify the file /isolinux/isolinux.cfg's APPEND like so (omit the brackets, it indicates the settings for apu or alix boards):

  console=ttyS0,115200n81 (apu2)
  console=ttyS0,38400n81 (alix)

• Since the ISO9660 filesystem we are going to create is a read-only filesystem, we need to patch the iso file prior to writing it to the USB stick. I chose FlexHEX to do this, which comes with a 30-days trial period. Start the program, load the iso file, and search for “initrd=/initrd”. Then replace the following code block with the next code block. For APU2 you need to add 5 spaces at the end, for ALIX 6 spaces, to make the two code blocks equal size. Note that carriage returns are entered with “\n” but occupy one character space only.

    # Automatically created by OE
    ALLOWOPTIONS 1
    SERIAL 0 115200
    DEFAULT boot
    TIMEOUT 10
    PROMPT 1
    LABEL boot
    KERNEL /vmlinuz
    APPEND initrd=/initrd LABEL=boot  root=/dev/ram0   console=tty0

• To be replaced with:

    # Automatically created by OE
    ALLOWOPTIONS 1
    DEFAULT boot
    TIMEOUT 10
    PROMPT 1
    LABEL boot
    KERNEL /vmlinuz
    APPEND initrd=/initrd LABEL=boot  root=/dev/ram0   console=ttyS0,115200n81

• Save the iso file and copy it within a linux OS to the USB stick. If you do not have a linux machine, then download TinyCore Linux from the PCEngines website and copy it with Rufus to a bootable USB stick. Add the iso file to the TinyCore USB stick, boot the APU or ALIX box into TinyCore Linux and copy the iso file to the USB stick with the following command. Be careful with the device number (e.g. sda, sdb, sdc), chosing the wrong device will overwrite everything without further question.

  dd if=/efw.iso of=/dev/sdX bs=1M

• Boot the newly created USB stick, which should give you the install of Endian Firewall through the console of the APU2 or ALIX board.

You can append the following to the boot parameters. Boot into Clonezilla on USB created with Rufus on a Windows machine, then hit TAB and remove the trailing parameters up to “vga=…”. Add the following parameter:

live-getty console=ttyS0,38400n81

• APU2 User Manual
• PCEngines How-To
• Clonezilla FAQ
• Endian Firewall auf Alix Boards / APUs
• Using the New GUID Partition Table in Linux
• Linux Remove All Partitions / Data And Create Empty Disk
• How to mount a hard disk as read-only from the terminal
• Linux Hard Disk Format Command
• Linux Delete / Remove MBR
• 5 specialized Linux distributions for computer repair
• How to erase my hard drive completely [duplicate]
• How to create a bootable Ubuntu USB flash drive from terminal?