Two weeks after its previous 2.0.10 release, Fwupd, an open-source utility designed to make updating firmware on Linux-based systems easier and more automatic, rolled out its new 2.0.11 version.
One of the standout additions in fwupd 2.0.11 is the new check-reboot-needed command. This feature is designed for integration into automation scripts, allowing system administrators or update tools to programmatically determine whether a reboot is required after applying firmware updates.
Consequently, installers and management frameworks can more accurately orchestrate post-update procedures without ad hoc checks. Additionally, the release now reads the SELinux state within the report-failure metadata.
Moreover, developers have addressed numerous bugs, focusing on edge cases uncovered in real-world deployments. For example, the README file now includes notes on security-relevant build flags, underscoring the project’s commitment to guiding packagers and downstream maintainers toward secure configurations.
In hardware-specific fixes, support has been added for the Dell dock ownership command—thus ensuring that Dell docking stations operate properly under fwupd’s management. Similarly, the subsystem VID:PID combinations are now interpreted when provided by ModemManager, improving compatibility with certain cellular modem devices.
Furthermore, a handful of quirks have been refined: the rts54hub block size can now be altered based on a quirk entry, and Legion HID2 devices can be downgraded without the need for the --force flag. When upgrading those same Legion devices, fwupd will now clear existing configuration settings to prevent conflicts.
Additionally, in the area of update querying, users can specify multiple DEVICE-IDs with the get-updates command, thereby streamlining batch operations for environments with multiple devices.
The streaming cache mechanism has also been improved to upload reports after parsing cabinet files correctly. Regarding security, fwupd will no longer permit updates to the DBX (Database for authenticated UEFI updates) on AiStone X5KK4NAG devices, preventing potentially problematic firmware installations.
To ensure consistency and clarity, fwupd has also stopped using translated low-level error messages in failure reports; this change helps maintain a uniform diagnostic format across internationalized environments.
When dealing with UEFI certificates, the software now falls back to using an activation date should an X.509 certificate lack a suitable subject, which mitigates failures in certificate parsing. Additionally, newer Synaptics VMM9 devices now receive a brief delay after disabling RC (Run/Clock) to ensure proper initialization.
Several certificate-handling modifications have also been implemented: certain sanity checks are disregarded when parsing Platform Key (PK), Key Exchange Key (KEK), and ‘db’ certificates, and the correct VendorID is now extracted from the ModemManager device ID.
To tighten event handling, fwupd processes all pending event sources while awaiting device replug, which fixes stalled workflows on some systems. Plus, the software now leverages UEFI’s PK report attributes when interacting with other UEFI plugins.
Lastly, fwupd 2.0.11 also expands its roster of supported hardware: this release adds compatibility for the Lenovo Thunderbolt 5 Smart Dock. For more details, see the changelog.
