Keeping your computer secure and running smoothly requires more than just software updates: firmware updates are equally essential.

Hidden Cricket

Updating the firmware may fix bugs, harden security, improve performance, and even add new features. Or screw up something, and then you may have a “bricked” device (hardware that is as useful as a brick), or a regression in the functionality/performance/security. Update at your own risk. It’s usually a good idea to update firmware and software though.

Some vendors offer a way to update the firmware of their products, usually via some proprietary software they provide. To update the firmware of all devices your machine has, you can go over the website of their vendors and follow their documentation, if you can find it and have the right OS. Good luck.

Or use fwupd: a vendor-agnostic tool to discover, download, and update firmware.

The Linux Vendor Firmware Service (LVFS) project provides two software components to update the firmware of devices: a daemon, fwupd, to update the device firmware; and a CLI client, fwupdmgr, to view and apply updates. There are also graphical user interfaces like GNOME Software and KDE Discover to interact with fwupd.

And the killer functionality of this project is that LVFS provides not only the tools but also the firmware for many, but not all, devices. More than 100 vendors provide firmware updates via LVFS and all you need to do is run a command (or press a button) to update all your firmware.

Usage is straightforward, assuming you installed it:

  1. download the latest metadata from LVFS
    $ fwupdmgr refresh --force
Updating lvfs
Downloading…             [***************************************]
Successfully downloaded new metadata: Updates have been published for 4 of 23 local devices
  2. Optionally list the available updates with fwupdmgr get-updates. The output is too long for me to copy-paste here, but worth reviewing.
  3. Update what is available:
    $ fwupdmgr update
Devices with no available firmware updates:
  ELAN067F:00 04F3:3309
  Element Hub
  UEFI Device Firmware
  UMIS RPJTJ512MGE2QDQ
  USB3.0 Hub
╔══════════════════════════════════════════════════════════════════════════════╗
 Upgrade System Firmware from 0.1.15 to 0.1.31?                               ║
╠══════════════════════════════════════════════════════════════════════════════╣
 ThinkPad L14L15 Gen3 AMD System Firmware                                     ║
 • MR01221(N3AET79W) - Updated Realtek UNDI driver to ver.2.043.              ║
 • MR00592(N3XET49W) - add dbx update 23/05                                   ║
 • MR00616(N3XET51W) - Fixed Various vulnerabilities in NetworkPkg IP         ║
 stack implementation.                                                        ║
 • MR00621(N3XET51W) - Add MSFT 2023 kek/db                                   ║
 5 Update Absolute module to v2.8 (154756)                                     • Improve boot time for DASH Enable                                          ║
 • Correct the output values of the CU_WMI_script.ps1                         ║
 • CP20240328_0006 CS22 Wi-Fi6E for CA                                        ║
 21C60010BO must remain plugged into a power source for the duration of the   ║
 update to avoid damage.                                                      ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]: y
Waiting…                 [***************************************]
Successfully installed firmware

And that’s it.