fwupd, LVFS, Firmware Updates, and Your Linux System

Though the security and performance benefits of regular software updates are well-understood by most users, many IT departments and home users have traditionally treated the application of firmware updates as a reactive measure instead of a best practice. Unfortunately, this failure to maintain BIOS/UEFI firmware can result in compatibility issues when new hardware components are added to a system. Furthermore, recent hardware-focused security vulnerabilities such as Spectre and Meltdown have underscored the importance of ensuring that firmware is up to date.

fwupd is a daemon developed and maintained by Richard Hughes (of GNOME project fame) for the purpose of managing the installation of UEFI firmware updates on Linux-based systems. This is helpful for a user base that has traditionally struggled with updates delivered by hardware manufacturers as Windows or Mac OS-only executables.

fwupd was installed by default on my Mint 19.1 system and has been available to Ubuntu users since 16.04 LTS. Users of Red Hat-based Linux distributions need not despair – I found the software could also be installed in CentOS 7 using the yum utility.

Usage is no more complicated than updating software on the command line. fwupdmgr get-updates lists updates available for any connected devices on the system, while fwupdmgr update installs these updates.

This process applies not only to the base system firmware, but to connected peripherals as well. For example, Dell offers support for firmware updates pertaining to their line of docking stations, while Jabra and Logitech offer updates for their wireless devices.

Though many system manufacturers include some ability to flash the system’s firmware at boot time, fwupd can install some updates immediately without rebooting. If an update cannot be performed immediately, it is staged and will be installed the next time the system restarts.

Many popular Desktop Environments offer front-ends to further simplify the update process. GNOME supports fwupd through its GNOME Software Manager, while KDE includes support through their Discover utility.

To assist users running fwupd, the LVFS (Linux Vendor Firmware Service) project serves Linux-friendly firmware update packages and allows vendors to upload these packages free-of-charge. Vendors lending their support to the LVFS project include Dell, HP, Intel, Lenovo, Logitech, and NEC.

While fwupd and LVFS’ device and manufacturer support already looks promising, further buy-in from hardware vendors will be critical to the project’s success in the years to come. Several major motherboard manufacturers such as ASRock and SuperMicro are still in the process of testing fwupd and LVFS, while other companies such as Apple have offered outright resistance to firmware updates in Linux in order to reinforce their push of the Mac OS on their product line. These manufacturers’ financial interests would seem to steer them toward a service of this sort, as the still-growing market of desktop Linux users will likely be more inclined to purchase hardware from vendors allowing them to enjoy the advantages of current firmware.