Fwupd 2.1.1 Released With AMD Platform Secure Boot Support

The Linux firmware update utility fwupd has been updated to version 2.1.1, adding support for AMD Platform Secure Boot. This release also introduces a new security check for HP Sure Start, a hardware-based firmware protection feature used on many HP systems to verify BIOS integrity and automatically recover from tampering.

Fwupd 2.1.1 also introduces a new plugin to verify Intel CSME firmware using SMBIOS data, providing an additional mechanism to confirm the state of Intel’s Converged Security and Management Engine firmware. In addition, the release adds CycloneDX and SPDX support to uSWID.

Several platform-level capabilities have been expanded. The update adds support for adjusting AMD GPU UMA carveout size, as well as emulation support for Bluetooth devices, which can assist developers in testing firmware behavior. Systems can now also use udev as an event source without requiring systemd, improving compatibility in environments where systemd is not present.

On the maintenance side, support for GPG signing of metadata and firmware has been dropped, and the long-standing concept of blocked firmware has been removed. Additionally, UEFI plugins are now disabled on 32-bit x86 systems.

A large number of fixes are included in the release. These address issues such as invalid USB descriptor handling, integer overflows during partial stream construction, memory leaks in Bluetooth device removal, and potential out-of-bounds reads affecting several device parsers.

Additionally, security diagnostics have been improved with a new tpm-eventlog command, which helps administrators interpret TPM event log output.

Finally, Fwupd 2.1.1 further expands hardware compatibility. Newly supported devices include: