fwupd is a simple daemon allowing to update some devices firmware, including UEFI BIOS for several machines.
See #Setup for UEFI BIOS upgrade if you intend such an use.
Certain desktop environments front-end solutions have built-in fwupd support:
- GNOME Software — Will check for updates periodically and automatically download firmwares in the background on GNOME. After a firmware has been downloaded a popup will be displayed in Gnome Software to perform the update.
- KDE Discover — Software center used with Plasma. With the release of KDE Plasma 5.14, a new fwupd backend has been implemented in KDE Discover for firmware updates. These firmware updates are shown with other system updates.
To display all devices detected by fwupd:
$ fwupdmgr get-devices
To download the latest metadata from LVFS:
$ fwupdmgr refresh
To list updates available for any devices on the system:
$ fwupdmgr get-updates
To install updates:
$ fwupdmgr update
- Updates that can be applied live will be done immediately.
- Updates that run at bootup will be staged for the next reboot.
- The root user may be required to perform certain device updates.
Setup for UEFI BIOS upgrade
The following requirements should be met:
- Make sure you are booted in UEFI mode, it will not work in legacy boot mode.
- Verify your EFI variables are accessible.
- Mount your EFI system partition (ESP) properly.
espis used to denote the mountpoint in this section.
Copy Fwupd to ESP
The fwupd files are not copied over to the ESP when fwupd is installed or upgraded so we need to do this manually.
cp -a /usr/lib/fwupd/efi/fwupdx64.efi esp/efi/
It might be desirable to automate this using a pacman hook so that on future fwupd installs/updates it will do so automatically:
[Trigger] Operation = Install Operation = Upgrade Type = File Target = usr/lib/fwupd/efi/fwupdx64.efi [Action] When = PostTransaction Exec = /usr/bin/cp -a /usr/lib/fwupd/efi/fwupdx64.efi esp/efi/
You can now
$ fwupd refresh and
$ fwupd update. It will ask to reboot and should now automatically reboot into the firmware updater.
Using your own keys
Alternatively, you have to manually sign the UEFI executable used to perform upgrades, which is located in
The signed UEFI executable is expected in
Using , this can be achieved by running:
# sbsign --key <keyfile> --cert <certfile> /usr/lib/fwupd/efi/fwupdx64.efi
To automatically sign this file when installed or upgraded, a Pacman hook can be used:
[Trigger] Operation = Install Operation = Upgrade Type = File Target = usr/lib/fwupd/efi/fwupdx64.efi [Action] When = PostTransaction Exec = /usr/bin/sbsign --key <keyfile> --cert <certfile> /usr/lib/fwupd/efi/fwupdx64.efi Depends = sbsigntools
Make sure to replace
<certfile> with the corresponding paths of your keys.
Finally, you have to change the line containing
Check out  for more information discussing this.