Fwupd 2.1.5 has been released as the latest update to the Linux firmware update daemon. The highlight in this release is support for updating the Windows-specific UEFI Certificate Authority on dual-boot systems.
This enhances firmware and UEFI update handling on machines running both Linux and Windows, where trust and boot-chain components require careful management.
The release now also installs DB updates on malfunctioning hardware when new firmware is available. In UEFI Secure Boot, DB is the signature database that determines which binaries are trusted during boot. This change allows fwupd to apply necessary updates even when the current firmware state would otherwise prevent a standard update.
Hardware support has been expanded to include Elan touchscreens, which are common in laptops and touch-enabled devices.
On the bug-fix side, Fwupd 2.1.5 resolves a msgpack regression affecting firmware updates for certain Huddly cameras. It also sets a more accurate maximum firmware size for these updates, reducing the risk of update failures caused by incorrect size assumptions.
The netlink socket buffer has been expanded to prevent packet loss during event floods. Since netlink handles communication between the Linux kernel and userspace, this change improves fwupd’s reliability in detecting hardware state changes.
Regarding security, the release uses a cryptographically secure random number generator for idle and inhibit IDs, checks array indexes in runtime-generated code, parses Dell dock marketing names more safely, and sets firmware size limits for Intel GSC auxiliary and option ROM types.
More details are available on the project’s GitHub changelog.
“dual-boot systems” are not necessarily involving Windows, like it assumes in this article (and in many circles, I’m not blaming the author in any way)..
I’m triple booting Linux distros for example, and have no Windows anywhere.
Instead of dual boot systems, it should be pinned more precisely as a cross Windows-Linux system, or any best describing form.