Fwupd 2.1.1 Released With AMD Platform Secure Boot Support

The widely used Linux firmware management utility fwupd has been updated to version 2.1.1, introducing several security improvements and expanded hardware support.

AMD Platform Secure Boot Support

One of the major additions in this release is support for AMD Platform Secure Boot, enhancing firmware security capabilities for systems based on AMD hardware.

The update also introduces a new security validation feature for HP Sure Start, a hardware-based protection technology available on many HP computers. This mechanism continuously checks the integrity of the BIOS and can automatically restore it if unauthorized modifications are detected.

Improved Intel Firmware Verification

The new version includes a plugin that verifies firmware related to Intel Converged Security and Management Engine (CSME) using SMBIOS data. This additional verification layer helps confirm the integrity and status of the system’s security management firmware.

The release also adds support for the CycloneDX and SPDX standards within the uSWID subsystem, improving software identification and supply-chain transparency.

Expanded Platform Capabilities

Several platform-level features have been expanded in fwupd 2.1.1. The update now allows administrators to modify the UMA carveout size for AMD GPUs, which can affect how system memory is allocated for graphics operations.

Another new feature is the ability to emulate Bluetooth devices, which can help developers test firmware-related behaviors without requiring physical hardware.

Additionally, systems can now use udev as an event source even when systemd is not present, improving compatibility with Linux environments that rely on alternative init systems.

Changes to Maintenance and Legacy Features

Some older features have been removed or adjusted in this update. Support for GPG-based signing of metadata and firmware has been discontinued, and the concept of blocked firmware has been eliminated from the system.

Furthermore, UEFI-related plugins are now disabled on 32-bit x86 architectures, reflecting the decreasing relevance of these legacy platforms.

Bug Fixes and Security Improvements

The release also includes numerous bug fixes addressing stability and security concerns. These fixes resolve issues such as:

Incorrect handling of certain USB descriptors
Potential integer overflow scenarios during partial stream processing
Memory leaks related to Bluetooth device removal
Possible out-of-bounds memory reads affecting several device parsers

New TPM Diagnostic Tool

Finally, fwupd 2.1.1 introduces a new diagnostic command called tpm-eventlog. This tool helps system administrators analyze and interpret output from Trusted Platform Module (TPM) event logs, making it easier to troubleshoot security-related firmware events.

Finally, Fwupd 2.1.1 further expands hardware compatibility. Newly supported devices include: