Fwupd 2.0.16 Arrives to strengthen a key project in the Linux ecosystem: updating firmware safely and painlessly. If you're looking for what's new and how to take advantage of it in your daily work, here's a complete guide, with context from previous releases and practical examples.
This version introduces a new integrated search engine in the command line utilities, FreeBSD-specific improvements, and continued hardware support that had been accelerating in recent weeksWe also reviewed useful features of the project itself, such as LVFS, update streams, P2P metadata publishing, and control options in corporate environments.
Specific new features in Fwupd 2.0.16
The headline of this installment is the arrival of a search function in the console utilities. You can now locate available firmware versions on configured remotes, leveraging the metadata collected from LVFS without having to navigate through endless lists.
This search is available in both fwupdmgr and fwupdtool. A practical example would be to locate fixes associated with a Specific CVE with a single command: fwupdmgr search CVE-2022-21894. Similarly, you can filter by device, vendor, or relevant identifiers.
In addition to the search engine, there is an audit-oriented enhancement: the command fwupdtool history It allows you to view the history of installations performed, which is very useful for support teams or users who want to review what has been applied and when.
In terms of compatibility, this version expands support hardware with new families of devices, including the Logitech Bolt and AMD SB-RMI components. This growth in coverage keeps the 2.0.x series on track, which has been adding more parts in recent weeks.
For FreeBSD users, fwupd 2.0.16 adds "more fixes" to address manage correctly firmware updates on that system, strengthening the stability of the process in scenarios outside of Linux.
The release came just a couple of days after 2.0.15, which had already introduced new hardware support and various improvements.
Fwupd 2.0.16 introduces local network optimization with Passim
If you have Passim installed and enabled, fwupd can republish the metadata file downloaded to serve it at address 0.0.0.0:27500. This way, other computers on the same network can benefit, reducing bandwidth consumption towards external remotes.
This redistribution is announced by mDNS or LLMNR, and is ideal for offices or labs with multiple Linux clients. Before deploying it in production, consider the security and network segmentation implications specific to your environment.
If you don't want this feature, you can easily disable it: set P2pPolicy=none en /etc/fwupd/daemon.conf, uninstall the passim package or mask the service with systemctl mask passim.service.
Controlling updates in companies: approvals
For corporate environments, fwupd allows you to filter which firmwares are authorized by approved updates. Just activate the option ApprovalRequired=true in the remote configuration file, such as lvfs.conf.
Once active, you can define the list of approved updates in fwupd.conf, using a comma-separated list of container checksums that correspond to the metadata entries. This ensures that only updates validated by your organization are offered.
Furthermore, it is possible expand that list with the command fwupdmgr set-approved-firmware followed by the relevant identifier, or via the D-Bus interface if you prefer to integrate it into your management tools.
Graphical integration, static analysis and packaging
Although fwupdmgr is the console client; there are graphical frontends listed in its man page. On GNOME desktops, integration with GNOME Software greatly simplifies the process for users who prefer to avoid the terminal.
The project makes use of static analysis tools such as Coverity and PVS-Studio to strengthen code quality. This continuous monitoring helps detect regressions and problematic patterns before they reach end users.
If you maintain a downstream package of fwupd, pay attention to the option systemd_unit_user Meson: should be used with care to avoid privilege escalation routes. The default value, with DynamicUser=true, is safe and recommended in most scenarios.
Good practices and deployment considerations
The best way to keep the update flow stable is to use the official repositories of your distribution. Maintainers validate integrations, dependencies, and compatibility with the rest of the system components.
For fleets or laboratories, combine the system of approvals with Passim whenever convenient. This minimizes risks and saves bandwidth, but remember to document changes and keep records with fwupdtool history when you need audits.
On machines with UEFI and capsules, evaluate if it suits you avoid Capsule-on-Disk when there are specific boot or partitioning requirements. This flexibility was introduced in the 2.0.14 series and facilitates complex integrations.
If you work with TPM devices, please note that updated the mapping manufacturers, which improves identification consistency. And if you manage Lexar NVMe workstations, the correct version numbering helps avoid confusion.
For RHEL-based infrastructures, have build support for RHEL 9 and 10 simplifies the internal packaging and testing cycle, aligning fwupd with the corporate standards for that platform.
Those who manage specific modems and update streams can take advantage of the automatic firehose for QCDM and added permissiveness in loader file names, reducing manual adjustments and possible orchestration errors.
In terms of security, disable the check of the signing time During firmware verification, it reduces false negatives; likewise, not adding an UNKNOWN supplier when the company lacks that information prevents inventory and reporting noise.
Fwupd 2.0.16 is now available
The new 2.0.16 search fits very well in flows where you review CVE, vendors or models specific. It's a time-saving and visibility-enhancing enhancement, especially useful when managing computers with a variety of peripherals.
For FreeBSD, the fixes included in 2.0.16 improve the update management and make the outcome more predictable, a good sign for those working in mixed environments or migrating between platforms.
In the end, the 2.0.x cycle demonstrates a constant focus on compatibility, quality and controlWith 2.0.16, the FreeBSD search engine and hardening builds upon the solid foundation already introduced in 2.0.14 and 2.0.15 in terms of features, plugins, and general polish.
It's clear that this release boosts everyday use of fwupd with more practical tools, expanding hardware support, and options designed for real-world networks, from home to enterprise. With the integrated search engine, installation history and LVFS integration, fwupd 2.0.16 is solidified as the most convenient way to keep your firmware up to date on Linux and FreeBSD.
