Fwupd 2.0.17 strengthens firmware updates on Linux

  • Extended support: ASUS CX9406, Framework Copilot, Lexar and Maxio NVMe, Huddly C1 and more
  • New features: phased client deployments and post-quantum signatures
  • Reliability and security improvements in UEFI, MTD, Logitech, and Dell docks
  • Available in stable repositories and with release notes on GitHub
Pablinux

5 minutes

Fwupd 2.0.17

The Linux community premieres Fwupd 2.0.17The latest revision of the firmware update service that works hand in hand with LVFS comes just days after the platform celebrated surpassing 135 million downloads. This release focuses on expand compatibility, polish errors and strengthen end-to-end security.

Among the most notable changes are the phased deployments on the client side and support for post-quantum signatures, along with practical improvements such as cache cleaning, new diagnostic utilities, and coverage for more devices, from SSD NVMe even peripherals. All of this is being done quietly, with the aim of making firmware updates in Linux more predictable and secure.

Key new features of Fwupd 2.0.17

This cycle introduces features geared towards both administrators and advanced users, with special attention to controlled deployments and future cryptographic protection through Dilithium.

  • Phased deployments to the client to distribute updates in stages.
  • Support of post-quantum signatures (CRYSTALS-Dilithium) to verify metadata and artifacts.
  • Generating NVMe GUIDs from serial number.
  • Compatibility with very old versions of UDisks.
  • Option for empty the cache directory and new command fwupdtpmevlog to dump the raw event log.
  • Rewriting of fwupdmgr manpage to make it more useful.
  • Analysis of VSS and FTW variable stores from EFI volumes.
  • fwupdtool Improves extraction in deeply nested images.
  • Incorporation of offline hashes for MS 20250902 dbx and Framework-specific KEK/db.
  • Update BIOS IFD region via parent MTD and analyze FMAP SBOM area as uSWID when appropriate.

In addition to these functions, the project continues to refine UEFI and MTD workflows to minimize issues in real-world scenarios, something especially relevant in European business environments.

Expanded hardware compatibility

The list of compatible devices continues to grow to include more types of peripherals and storage, making it easier to more devices receive firmware without leaving Linux.

  • ASUS CX9406 (touch controller).
  • Copilot Framework Keyboard.
  • Genesys GL352530 and GL352360.
  • Huddly C1.
  • NVMe SSD of Lexar y Maxio.
  • Primax Ryder 2 Mouse.

This selection covers both workstations and laptops, as well as common peripherals in Europe, reflecting the collaboration between manufacturers and the ecosystem. LVFS/fwupd.

Behavioral changes and reliability improvements

The team has incorporated adjustments that reduce false positives, unnecessary reinstalls, and race conditions, refining the day-to-day upgrade experience. less friction.

  • Avoid displaying reinstallation prompts on composite devices and correctly associate historical components.
  • It does not allow updating PK or KEK when the system has a trial key installed.
  • The installed tests no longer require AC power.
  • It prevents reinstalling with the ONLY_VERSION_UPGRADE option.
  • It does not explore EFI volumes when building MTD BIOS devices; it ensures that REGION is always defined on MTD IFD children.
  • Relax USI dock DMC child checks for new firmware.
  • Validate that the SCSI instance IDs are ASCII and Ignores Intel GPU MTD devices.
  • Increased delay when updating the status of Logitech peripherals and cleaning up obsolete events to improve Rallybar reliability.
  • A single devlink device per PCI card.
  • Reverting to the deprecated flashrom API as the new API is unusable.
  • Ignore errors when writing the last page of the Dell dock firmware.

These changes aim for stability in complex topologies (docks, PCI cards, USB peripherals) and a more predictable experience in fleets.

Bugs fixed in Fwupd 2.0.17

This version addresses a range of issues identified in the previous cycle and in scenarios reported by users and manufacturers, with specific fixes for popular hardware.

  • Critical warning when analyzing invalid Jabra firmware.
  • Blocked when analyzing Ilitek.
  • Inotify race condition when updating metadata.
  • Pending activation issue on Dell docking stations.
  • Possible crash when creating arrays of aligned blocks.
  • MTD emulation recording on PCI-backed devices.
  • Device order when the parent requires installation first.
  • FLMSTR arrangement when reading IFD partitions.
  • Writing Intel GPU OptionROM data and code.
  • Thunderbolt driver ending before activating retimers.

With these corrections, the maintenance of critical firmware is tangibly improved, reducing incidents and downtime.

Availability and how to update in Linux

The recommendation for most users is to install fwupd from the stable repositories of your distribution (Debian, Ubuntu, Fedora, etc.). Release notes and source code are available on the project page on GitHub.

To check for and apply updates from the terminal, commands such as the following can be used: fwupdmgr get-devices, fwupdmgr refresh y fwupdmgr updateIn organizations, the phased deployments at the client They help reduce risks by gradually rolling out new versions.

This release represents a further step in the maturity of firmware maintenance in Linux, combining enhanced security (Dilithium), a broader hardware catalog, and operational improvements that make life easier for users and IT teams.