The popular Linux firmware update tool fwupd has been updated to version 2.1.1, bringing new hardware security checks, expanded platform support, and multiple bug fixes. The release introduces support for AMD Platform Secure Boot, additional firmware verification tools, and broader compatibility with modern devices used on Linux systems.

Fwupd is widely used across the Linux ecosystem to deliver firmware updates through the Linux Vendor Firmware Service, allowing users to safely update BIOS, embedded controllers, peripherals, and other hardware components directly from Linux distributions.

The latest update focuses primarily on security verification improvements, hardware support expansion, and platform compatibility updates.

Support for AMD Platform Secure Boot

One of the most notable additions in fwupd 2.1.1 is support for AMD Platform Secure Boot, a security mechanism designed to verify firmware integrity during the boot process.

Secure Boot technologies ensure that only trusted firmware and software components are executed during system startup. By adding AMD platform support, fwupd now provides improved firmware validation on systems powered by Advanced Micro Devices hardware.

This enhancement strengthens firmware security for Linux systems running on AMD-based platforms.

New Security Check for HP Sure Start

The update also introduces a security verification mechanism for HP Sure Start, a hardware-level protection technology implemented in many HP business systems.

HP Sure Start continuously verifies BIOS integrity and automatically restores the firmware if tampering or corruption is detected.

With fwupd 2.1.1, administrators can now perform additional checks to verify the status of this security feature, helping ensure firmware protection is functioning correctly.

Intel CSME Firmware Verification Plugin

Another important addition is a new plugin designed to verify firmware for Intel Converged Security and Management Engine (CSME).

The plugin uses system data provided by SMBIOS to confirm the status of Intel’s firmware management subsystem.

This verification capability offers administrators an additional way to audit and validate firmware security on systems powered by Intel processors.

Software Bill of Materials Support in uSWID

Fwupd 2.1.1 also adds support for CycloneDX and SPDX formats within uSWID metadata.

These formats are widely used to describe Software Bill of Materials (SBOM) data, which is increasingly important for security auditing and supply chain transparency.

By supporting these standards, fwupd improves the ability to track firmware components and dependencies across systems.

Expanded Platform and Development Features

Several platform-level capabilities have also been enhanced in this release.

AMD GPU UMA carveout control

Fwupd now supports adjusting the UMA carveout size for certain AMD GPUs. This allows system firmware to allocate shared memory between the CPU and GPU more efficiently.

Bluetooth device emulation

Developers can now emulate Bluetooth devices, making it easier to test firmware update behavior without requiring physical hardware.

udev event source support

The update adds support for udev as an event source without requiring systemd.

This change improves compatibility with Linux environments that use alternative init systems or minimal system configurations.

Major Maintenance Changes

Fwupd 2.1.1 also introduces several structural changes aimed at simplifying firmware management.

Key changes include:

• Removal of GPG signing support for firmware and metadata
• Removal of the long-standing blocked firmware concept
• Disabling UEFI plugins on 32-bit x86 systems

These changes help streamline firmware handling while focusing on modern platforms and security practices.

Security Fixes and Bug Improvements

The release includes a significant number of bug fixes and security improvements.

Some of the notable fixes address:

• Invalid USB descriptor handling
• Integer overflow issues during partial stream creation
• Memory leaks during Bluetooth device removal
• Potential out-of-bounds reads affecting multiple device parsers

These fixes improve both system stability and firmware update reliability.

New TPM Diagnostics Tool

Security diagnostics have also been improved with a new command:

tpm-eventlog

This tool helps administrators analyze event log data generated by Trusted Platform Module systems.

By providing clearer insight into TPM logs, the command simplifies troubleshooting and firmware security auditing.

Expanded Hardware Support

Fwupd 2.1.1 significantly expands device compatibility by adding support for several new hardware components.

Newly supported devices include:

• Sunwinon HID devices
• Blestech touchpads
• ELAN Haptic MCU devices
• FocalTouch devices
• Himax touchscreens
• HP Engage One G2 Advanced Hub
• KATAR PRO Wireless Gaming Dongle
• Lenovo keyboards and mouse accessories
• Lenovo Sapphire Folio Keyboard
• Lightware Taurus HC40 and HC60 devices
• Novatek touchscreens
• PixArt touchpads
• Rolling RW101-CAT12 modems

These additions improve firmware update coverage across a wide range of peripherals and hardware platforms.

Final Thoughts

With version 2.1.1, fwupd continues to evolve as one of the most important tools for firmware management on Linux systems.

The update strengthens firmware security through new verification mechanisms, expands support for modern hardware, and improves compatibility with diverse Linux environments.

For users and system administrators alike, fwupd remains a critical component for keeping firmware secure, updated, and properly verified on Linux platforms.