La fwupd version 2.0.8 is now available as a maintenance update that continues the development of this open-source tool focused on facilitating firmware updates on Linux systems. This new version incorporates several functional improvements, bug fixes, and expanded device support, consolidating its role as an essential tool for system administrators and power users.
Fwupd is primarily used to apply firmware updates to hardware via Linux., and this update comes just two weeks after the release of the version 2.0.7, showing a steady pace of development. Version 2.0.8 introduces support for new features within UEFI environments, improvements to protocol detection, and key tweaks for increased robustness in specific situations.
New UEFI database plugins in Fwupd 2.0.8
One of the most relevant changes in fwupd 2.0.8 is the Addition of two new plugins designed to update the UEFI Signature Database and KEK, essential components for secure booting of systems using UEFI firmware. These add-ons allow for more direct and flexible management of these security databases, giving users greater control over Secure Boot-related updates.
Fwupd 2.0.8 innovates in the handling of attributes and routes
Furthermore, A new HSI attribute has been added to represent an updated UEFI database, which improves the way fwupd interacts with EFI systems. The directory /sys/firmware/efi/efivars has now been included within ReadWritePaths, indicating a deeper and more controlled integration of the EFI system by fwupd. Also noteworthy is the Added support for segment value 0 in the ccgx-dmc image analyzer, allowing new use cases to be handled in specific updates related to these drivers.
Improvements in protocol detection and hardware support
Fwupd 2.0.8 fixes several critical bugs, including one that generated warnings when enumerating the DTH135K0C device, which could lead to confusion or affect automated processes. Additionally, this release can now detect Firehose protocol features even when they're not automatically sent, increasing the tool's reliability in a variety of hardware environments.
Also The way EFI LOADOPT metadata is set has been improved, allowing them to be correctly interpreted as either a path or a ShimHive. This flexibility is key to ensuring compatibility with different boot configurations.
Enhanced compatibility and security settings
Starting with this version, fwupd Prevents any DPAUX IO operation if the BnR DPCD identifier does not match, an important change to prevent compatibility errors. On the other hand, the system is now more meticulous about falling back to older emulation versions in case the current version doesn't work as expected.
Behavior with SMC's Redfish methods has also been adjusted, which are no longer applied when non-Supermicro hardware is detected, thus avoiding false detections or inappropriate update attempts.
Better user experience and console control
Mode --json now ignore any messages or prompts, making them easier to use in scripts and automation workflows where a clean output is expected. Additionally, UEFI capsule updates have been restricted to only being applied to architectures that actually support them, minimizing the risk of running on unsupported platforms.
Finally, the use of the command fwupdtool install in offline mode now correctly sets the version format, something crucial for environments where updates are performed manually and offline.
Installation recommendations
Version 2.0.8 can be downloaded directly from the official project page on GitHub, although most users are advised to install it from the stable repositories of their preferred GNU/Linux distribution. This way, they can ensure compatibility with the rest of their system and obtain support if needed.
For more technical details and to know all the changes included, it is recommended to consult the release notes available on the project portal.
New features focused on UEFI environments, significant fixes for device handling, and improvements for integrators and developers make fwupd 2.0.8 a significant step forward in the 2.0 release cycle. It is designed to provide a more secure, controlled, and versatile environment for applying firmware updates, especially on modern server infrastructures and equipment that rely on Secure Boot.