The Linux firmware update tool fwupd has released version 2.0.17, featuring post-quantum Dilithium signatures to protect against future quantum threats. This update also adds client-side phased updates and expands hardware support for devices like Framework keyboards and ASUS models. Announced shortly after the Linux Vendor Firmware Service reached 135 million downloads, it highlights fwupd's role in secure device management.
Fwupd, a daemon for seamless firmware updates on Linux devices from desktops to servers, marked a milestone with its 2.0.17 release. Developed to simplify firmware management traditionally dominated by Windows, fwupd integrates with distributions like Debian and Ubuntu, allowing users to check and apply updates via commands such as ‘fwupdmgr get-devices’ and ‘fwupdmgr update’. Some updates apply live, while others require a reboot, with metadata sourced from the Linux Vendor Firmware Service (LVFS).
A key innovation is the adoption of post-quantum Dilithium signatures, based on the NIST-standardized CRYSTALS-Dilithium algorithm. This ensures firmware updates remain verifiable even if quantum computing compromises traditional cryptography, as reported by Phoronix. The release also introduces client-side phased updates, enabling vendors to roll out changes gradually and minimize risks from faulty releases. Lead developer Richard Hughes noted in project documentation that this phased approach “allows for safer deployment across large user bases.”
Hardware support has expanded notably, including compatibility for the Framework Copilot+ keyboard, ASUS models like the CX9406 touch controller, Lexar and Maxio NVMe SSDs via new plugins, and refinements for NVIDIA’s ConnectX series network interface cards. These additions result from community contributions and vendor collaborations, making fwupd essential for diverse enterprise environments.
The update builds on fwupd’s history of bridging Linux with proprietary firmware, supporting hundreds of device models including ThinkPads and custom NVMe drives. It includes improved error handling, UEFI fixes, and enhanced boot-time security by addressing vulnerabilities in capsule handling. With LVFS surpassing 135 million downloads, fwupd continues to democratize secure updates, fostering open-source advancements in hardware integration.