Fwupd 2.0.9 Introduces EFI Certificate Insights

Fwupd 2.0.9 improves firmware security with UEFI dbx updates, certificate insights, and streamlined device parsing.

Fwupd 2.0.9 Introduces EFI Certificate Insights

Less than a month after its previous 2.0.8 release, Fwupd, an open-source utility designed to make updating firmware on Linux-based systems easier and more automatic, rolled out its new 2.0.9 version.

The new release enriches its user guidance by adding documentation on updating the Key Exchange Key and the firmware database. In addition, administrators can now install multiple database certificate updates simultaneously, streamlining workflows that previously required piecemeal operations.

For even greater clarity, the update tool will display which certificate signed a given EFI authenticated variable, demystifying one of UEFI security’s more opaque aspects. To top it off, the team has swapped in readline for user input handling, making prompts more familiar and interactive, and they’ve even made it optional for those who prefer minimal dependencies.

Under the hood, a dozen-plus bug fixes address various stability and correctness issues. For example:

  • A set of devices known to ship with problematic firmware are now automatically blocklisted in the UEFI database (dbx), preventing inadvertent updates.
  • The logic constructing authenticated URIs when using FirmwareBaseURI has been corrected, ensuring that remote firmware sources resolve as intended.
  • Non‑updatable Option ROMs are no longer enumerated, while Redfish “backup partitions” are properly ignored, meaning you won’t see phantom devices in your update scans.
  • More obscure crashes have been exterminated, such as those triggered by certain Wacom firmware types or by parsing malformed uevents.
  • Parsing of the DFU descriptor without libusb is now rock-solid, and some systems’ enumeration of platform keys and KEKs has been patched to avoid failure.

Lastly, the release broadens its architecture coverage by supporting Intel Arc Battlemage GPUs. This addition ensures that users of this cutting‑edge graphics hardware can receive firmware improvements, such as reliability tweaks and performance optimizations, directly through the fwupd ecosystem.

For more details on all novelties, see the changelog.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts