I rarely use the Ubuntu Software application, but when I opened it today I saw that it has a notification saying that my fingerprint scanner firmware can be updated.
However, the apt upgrade and snap refresh commands output that everything is up-to-date. Am I missing a third source of packages on my system?
Thanks to @Ponjar's and @oldfred's comments, it turns out there's another manager that manages device firmware updates called fwupd.
To update device firmware, you can run the following command:
$ fwupdmgr update
Note: None of the fwupdmgr commands mentioned here required root access (i.e. sudo) to run during my trials. Even the command that updates the firmware.
This uses LVFS (Linux Vendor Firmware Service) as its source database for devices' firmware. You can add more sources by configuring them in /etc/fwupd/remotes.d/.
To upgrade the firmware, you can use the fwupdmgr command. The package seems to be pre-installed on Ubuntu 21.10. If it is not for you, you can install it with the following command
sudo apt install fwupd
You can get a list of devices that support firmware updates with fwupdmgr by running the fwupdmgr get-devices command.
$ fwupdmgr get-devices
WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
21A0000CMX
│
├─Prometheus:
│ Device ID: 96a0be68fa5cf5d60d3d2d392797c6844ab64d33
│ Summary: Fingerprint reader
│ Current version: 10.01.3273255
│ Vendor: Synaptics (USB:0x06CB)
│ Install Duration: 2 seconds
│ GUIDs: 09e8bf16-3e69-50f5-bb66-c7a040248352
│ 8088f861-6318-5b1e-9ce4-fbddbedb09ac
│ Device Flags: • Updatable
│ • Supported on remote server
│ • Cryptographic hash verification is available
│
├─UEFI dbx:
│ Device ID: 362301da643102b9f38477387e2193e57abaa590
│ Summary: UEFI Revocation Database
│ Current version: 267
│ Minimum Version: 267
│ Vendor: UEFI:Linux Foundation
│ Install Duration: 1 second
│ GUIDs: 1e9c3d61-4bd9-514e-ad87-0a9b61b9e77d
│ 304a9ede-aff2-58f6-b5e5-0e651b065f1a
│ c6682ade-b5ec-57c4-b687-676351208742
│ f8ba2887-9411-5c36-9cee-88995bb39731
│ Device Flags: • Internal device
│ • Updatable
│ • Needs a reboot after installation
│
└─UMIS RPETJ512MGE2QDQ:
Device ID: 71b677ca0f1bc2c5b804fa1d59e52064ce589293
Summary: NVM Express Solid State Drive
Current version: 1.3Q0630
Vendor: Union Memory (Shenzhen) (NVME:0x1CC4)
GUIDs: c3fe86aa-308e-53bc-aa93-00faaac3ef75
437d6904-49e7-551e-bbe9-1ae691ea1a37
6df6872d-19f7-5035-b85c-7c760034c77d
1d6b808f-3aac-5c20-8496-8a1433de5b80
1cabba58-9014-5a19-b40f-a6aa4b45676f
Device Flags: • Internal device
• Updatable
• System requires external power source
• Needs a reboot after installation
• Device is usable for the duration of the update
You can also get the status of the devices if they have an available firmware update by running fwupdmgr get-updates.
$ fwupdmgr get-updates
WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
Devices with no available firmware updates:
• UEFI dbx
• UMIS RPETJ512MGE2QDQ
21A0000CMX
│
└─Prometheus:
│ Device ID: 96a0be68fa5cf5d60d3d2d392797c6844ab64d33
│ Summary: Fingerprint reader
│ Current version: 10.01.3273255
│ Vendor: Synaptics (USB:0x06CB)
│ Install Duration: 2 seconds
│ GUIDs: 09e8bf16-3e69-50f5-bb66-c7a040248352
│ 8088f861-6318-5b1e-9ce4-fbddbedb09ac
│ Device Flags: • Updatable
│ • Supported on remote server
│ • Cryptographic hash verification is available
│
└─Prometheus Fingerprint Reader:
New version: 10.01.3478575
Remote ID: lvfs
Summary: Firmware for the Synaptics Prometheus Fingerprint Reader device
License: Proprietary
Size: 425.5 kB
Created: 2021-06-09
Urgency: Medium
Vendor: Synaptics
Duration: 2 seconds
Flags: is-upgrade
Description:
New features and enhancements:
• Fix an authentication issue on FOP project.
In my case, the last command lists "UEFI dbx" and "UMIS RPETJ512MGE2QDQ" as up-to-date and the "Prometheus" fingerprint scanner has an available update.
Once you are satisfied, you can run the fwupdmgr update command to install all available updates or manually pass the device ids of the devices you want to be updated to that command fwupdmgr update 71b677ca0f1bc2c5b804fa1d59e52064ce589293.
$ fwupdmgr update
WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
Devices with no available firmware updates:
• UEFI dbx
• UMIS RPETJ512MGE2QDQ
Upgrade available for Prometheus from 10.01.3273255 to 10.01.3478575
Prometheus and all connected devices may not be usable while updating. Continue with update? [Y|n]:
Downloading… [***************************************] Less than one minute remaining…
Decompressing… [***************************************]
Authenticating… [***************************************]
Authenticating… [***************************************]
Updating Prometheus… [***************************************]
Restarting device… [***************************************]
Successfully installed firmware
Once you are done updating the firmware, the next time you run the fwupdmgr get-updates command, it will prompt you if you would like to upload the firmware report.
$ fwupdmgr get-updates
WARNING: UEFI capsule updates not available or enabled in firmware setup
See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
Devices with no available firmware updates:
• UEFI dbx
• UMIS RPETJ512MGE2QDQ
Devices with the latest available firmware version:
• Prometheus
________________________________________________
Devices that have been updated successfully:
• Prometheus (10.01.3273255 → 10.01.3478575)
Uploading firmware reports helps hardware vendors to quickly identify failing and successful updates on real devices.
Upload report now? (Requires internet connection):
0. Do not upload reports at this time, but prompt again for future updates
- Do not upload reports, and never ask to upload reports for future updates
- Upload reports just this one time, but prompt again for future updates
- Upload reports this time and automatically upload reports after completing future updates
2
Target: https://fwupd.org/lvfs/firmware/report
Payload: {
"ReportVersion" : 2,
"MachineId" : "fd438561a796bdbcccfc66169378030058c8a453066843b91fa6b107cd73c267",
"Metadata" : {
"DistroId" : "ubuntu",
"DistroVersion" : "21.10"
},
"Reports" : [
{
"Checksum" : "9e3cc95de4a157318c40135009249bb20fe6af7d",
"UpdateState" : 2,
"Guid" : [
"09e8bf16-3e69-50f5-bb66-c7a040248352"
],
"Plugin" : "synaptics_prometheus",
"VersionOld" : "10.01.3273255",
"VersionNew" : "10.01.3478575",
"Flags" : 37748770,
"Created" : 1645459678,
"Modified" : 1645460476,
"Metadata" : {
"HostSku" : "LENOVO_MT_21A0_BU_Think_FM_ThinkPad P14s Gen 2a",
"RuntimeVersion(org.freedesktop.gusb)" : "0.3.5",
"CompileVersion(com.redhat.fwupdate)" : "12",
"DistroVersion" : "21.10",
"CompileVersion(org.freedesktop.fwupd)" : "1.5.11",
"HostFamily" : "ThinkPad P14s Gen 2a",
"KernelName" : "Linux",
"RuntimeVersion(org.kernel)" : "5.13.0-28-generic",
"CompileVersion(org.freedesktop.gusb)" : "0.3.5",
"RuntimeVersion(com.dell.libsmbios)" : "2.4",
"DistroId" : "ubuntu",
"CpuArchitecture" : "x86_64",
"BootTime" : "1645105544",
"HostVendor" : "LENOVO",
"RuntimeVersion(org.freedesktop.appstream-glib)" : "0.7.14",
"HostProduct" : "21A0000CMX",
"RuntimeVersion(com.redhat.fwupdate)" : "12",
"RuntimeVersion(org.freedesktop.fwupd)" : "1.5.11",
"KernelVersion" : "5.13.0-28-generic"
}
}
]
}
Proceed with upload? [Y|n]:
Idle… [***************************************]
Successfully uploaded 1 report
No updates available for remaining devices
This is an extension of @Dan's answer. Here is some more background, details, and summary info.
This includes updating firmware in things like fingerprint readers, keyboards, UEFI, "system firmware" (including the BIOS, USB controllers, etc.), Samsung 990 PRO M.2 SSDs with old firmware that mistakenly rapidly wears and ruins the drive, etc.
These are the main commands. So, this is the one-liner minimal command to update all firmware on your system:
# (The first time only) install & run fwupdmgr
sudo apt update \
&& sudo apt install fwupd \
&& fwupdmgr refresh --force \
&& fwupdmgr get-updates \
&& fwupdmgr update
(Every subsequent time thereafter) just run fwupdmgr once it's installed
fwupdmgr refresh --force
&& fwupdmgr get-updates
&& fwupdmgr update
From https://en.wikipedia.org/wiki/Fwupd:
fwupdis an open-source daemon for managing the installation of firmware updates on Linux-based systems, developed by GNOME maintainer Richard Hughes.
It connects to the Linux Vendor Firmware Service (LVFS), here: https://fwupd.org/, which states:
The Linux Vendor Firmware Service is a secure portal which allows hardware vendors to upload firmware updates.
This site is used by all major Linux distributions to provide metadata for clients such as
fwupdmgrand GNOME Software.
So, we use fwupdmgr to check for firmware updates (which are available in the LVFS at https://fwupd.org/, and placed there by the manufacturers), and install them if available.
fwupdmgr command summaryI have marked the main commands with <==== to make them stand out.
# Update your apt package manager's list of available packages to install,
# and their versions
sudo apt update
Install the fwupd package
sudo apt install fwupd
Check the help menu for fwupd
fwupdmgr --help
Check the version
fwupdmgr --version
List all devices that support firmware updates, and their current versions
fwupdmgr get-devices
Download the latest metadata from the LVFS (Linux Vendor Firmware Service)
server
fwupdmgr refresh --force # <====
Check for firmware updates
- This lists all devices with no available updates (because they are
already up-to-date) at the top.
- Below that, it lists all devices with available updates, including the
current version first, followed by the new version available.
fwupdmgr get-updates # <====
Perform all firmware updates (as listed by fwupdmgr get-updates)
fwupdmgr update # <====
Alias to the above fwupdmgr update command
fwupdmgr upgrade
These are the main commands. So, this is the one-liner minimal command to update all firmware on your system:
sudo apt update \
&& sudo apt install fwupd \
&& fwupdmgr refresh --force \
&& fwupdmgr get-updates \
&& fwupdmgr update
fwupdmgr refresh@Pablo Bianchi first told me about fwupdmgr refresh in his comment here:
According to Arch wiki and official docs it seems to be
refreshinstead ofget-updates(probably should belist-updates).
To learn about fwupdmgr refresh, see:
fwupdmgr --help | less -RFX and search for "refresh". It states:
refresh [FILE FILE_SIG REMOTE-ID]
Refresh metadata from remote server
If you run fwupdmgr refresh without having run it manually before, it may say something like this:
Firmware metadata last refresh: 4 hours ago. Use
--forceto refresh again.
This seems to indicate that it automatically refreshes the metadata from the server periodically, perhaps once per day, else it would be much more time than 4 hours since the last refresh. So, perhaps you don't really need to manually run this command at all, ever. Nevertheless, it's nice to have this level of control.
So, if you want to force a refresh immediately, run fwupdmgr refresh --force.
Example run and output:
$ fwupdmgr refresh --force
Updating lvfs
Downloading… [***************************************]
Successfully downloaded new metadata: 1 local device supported
Here is an example run of the fwupdmgr update command on my system when it is upgrading my "system firmware" from v1.13.1 to 1.18.0.
Just press Enter to accept the default options when asked a question. The defaults are in capital letters. Ex: in Perform operation? [Y|n]--the default is Y (yes), and in Restart now? [y|N], the default is N (no).
$ fwupdmgr update # <====
Devices with no available firmware updates:
• VEN 04F3:00 04F3:311C
• Fingerprint Sensor
• PC801 NVMe SK hynix 1TB
• SSD 970 EVO Plus 2TB
• TPM 2.0
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI dbx
╔══════════════════════════════════════════════════════════════════════════════╗
║ Upgrade System Firmware from 1.13.1 to 1.18.0? ║
╠══════════════════════════════════════════════════════════════════════════════╣
║ This stable release fixes the following issues: ║
║ ║
║ • This release contains security updates as disclosed in the Dell ║
║ Security Advisories. ║
║ • Fixed the issue where the Wake on Approach feature does not work when ║
║ the system enters Modern Standby mode. This issue occurs after updating the ║
║ BIOS. ║
║ • Fixed the issue where the system audio is distorted when you play ║
║ videos. ║
║ ║
║ Precision 5570 must remain plugged into a power source for the duration of ║
║ the update to avoid damage. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Perform operation? [Y|n]:
Downloading… [***************************************]
Downloading… [***************************************]
Decompressing… [***************************************]
Decompressing… [***************************************]
Authenticating… [***************************************]
Authenticating… [***************************************]
Restarting device… [***************************************]
Writing… [***************************************]
Scheduling… [***************************************]
Decompressing… [***************************************]
Restarting device… [***************************************]
Waiting… [***************************************]
Successfully installed firmware
Do not turn off your computer or remove the AC adapter while the update is in progress.
An update requires a reboot to complete. Restart now? [y|N]:
At this point, you should reboot the system. Either choose y above, or run reboot, or use the GUI menus to reboot. When the computer gets to the BIOS flash screen, it will automatically begin applying the firmware updates, as shown here:
Once you finish rebooting, run fwupdmgr get-updates one more time and choose "Yes" to upload a report to the manufacturer to help them improve their firmware ugprade process. You'll see this request: Upload report now? (Requires internet connection) [Y|n]. Here is the full run and output after the reboot:
$ fwupdmgr get-updates
Devices with no available firmware updates:
• PC801 NVMe SK hynix 1TB
• SSD 970 EVO Plus 2TB
• TPM 2.0
• UEFI Device Firmware
• UEFI Device Firmware
• VEN 04F3:00 04F3:311C
• Fingerprint Sensor
• UEFI dbx
Devices not currently updatable:
• System Firmware — Cannot install update when not on AC power
________________________________________________
Devices that have been updated successfully:
• System Firmware (1.13.1 → 1.18.0)
Uploading firmware reports helps hardware vendors to quickly identify failing and successful updates on real devices.
Upload report now? (Requires internet connection) [Y|n]:
If you run fwupdmgr update now (or even before the reboot above, for that matter), you'll see that everything is up-to-date. Here is an example run of fwupdmgr update again on my system after performing the above upgrade via fwupdmgr update. All firmware now either has no updates available, or is already up-to-date:
$ fwupdmgr update
Devices with no available firmware updates:
• VEN 04F3:00 04F3:311C
• Fingerprint Sensor
• PC801 NVMe SK hynix 1TB
• SSD 970 EVO Plus 2TB
• TPM 2.0
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI dbx
Devices with the latest available firmware version:
• System Firmware
And, if you run fwupdmgr get-updates again now, you'll see No updates available at the very bottom of its output, as shown here:
$ fwupdmgr get-updates
Devices with no available firmware updates:
• VEN 04F3:00 04F3:311C
• Fingerprint Sensor
• PC801 NVMe SK hynix 1TB
• SSD 970 EVO Plus 2TB
• TPM 2.0
• UEFI Device Firmware
• UEFI Device Firmware
• UEFI dbx
Devices with the latest available firmware version:
• System Firmware
No updates available
fwupdmgr connects to, and to which manufacturers upload firmware updates to be used by fwupdmgrless viewer/pager): fwupdmgr --help | less -RFXNote that if you're trying to upgrade Samsung SSD firmware on Windows, using the Samsung Magician Software GUI is recommended instead. It runs on Windows, MacOS, and Android, but unfortunately doesn't run on Linux. You can download it here: https://semiconductor.samsung.com/us/consumer-storage/support/tools/. It will upgrade the buggy firmware on the Samsung M.2 980 Pro / 990 Pro, etc. SSDs.
For Linux, try the fwupdmgr update command above instead. I tried fwupdmgr with the SSD in an external Sabrent USB 3.2 enclosure, and unfortunately it was unable to detect the Samsung 980 Pro SSD that way. I'll try it again next with the SSD inside the laptop, running fwupdmgr get-updates and fwupdmgr update from an Ubuntu Live USB, to see if that works.
The trick is to try to update the firmware without first using the drive, so as to not damage it, so I need a way to update its firmware with nothing on the drive yet, and with the drive internally installed into the target laptop so it can be detected properly, but while running Linux, for instance, from an external Live USB or something since the internal SSD will be empty.
