Do you use Linux Vendor Firmware Service?

CaffeineAddict

Well-Known Member
Joined
Jan 21, 2024
Messages
1,428
Reaction score
981
Credits
11,701
My firewall dropped a connection that I accidentally spotted while monitoring logs, I don't recall which port it was, it doesn't matter but did investigate to figure what that was, and it turned it was initiated by the fwupd.service.

fwupd is a service which will periodically check for firmware updates from a web location that is not from your distro repository.
In KDE the service is enabled by default and can be disabled in KDE discover, the lvfs option (Linux Vendor Software Service):

discover.png


If you're not KDE user you can check for existence of the services and timer units with the following command:

Bash:
sudo systemctl list-units fwupd* --all

NOTE: disabling lvfs in discover (will disable fwupd.service) but will not disable other service responsible for updates called fwupd-refresh.service and it will also not disable timer unit which does the update check periodically:

Or you can manually run:
Bash:
sudo systemctl status fwupd.service
sudo systemctl status fwupd-refresh.service
sudo systemctl status fwupd-refresh.timer

I flash my bios manually and don't want anyone to download and update my BIOS behind the scene as this could result in me turning off the computer in the middle of process or there could be power outage and similar.
Also I don't like the idea of using some service online to update firmware automatically so I disabled all those services.

More info about this service can be found here:
 
Last edited:


My firewall dropped a connection that I accidentally spotted while monitoring logs, I don't recall which port it was, it doesn't matter but did investigate to figure what that was, and it turned it was initiated by the fwupd.service.

fwupd is a service which will periodically check for firmware updates from a web location that is not from your distro repository.
In KDE the service is enabled by default and can be disabled in KDE discover, the lvfs option (Linux Vendor Software Service):

View attachment 21744

If you're not KDE user you can check for existence of the services and timer units with the following command:

Bash:
sudo systemctl list-units fwupd* --all

NOTE: disabling lvfs in discover (will disable fwupd.service) but will not disable other service responsible for updates called fwupd-refresh.service and it will also not disable timer unit which does the update check periodically:

Or you can manually run:
Bash:
sudo systemctl status fwupd.service
sudo systemctl status fwupd-refresh.service
sudo systemctl status fwupd-refresh.timer

I flash my bios manually and don't want anyone to download and update my BIOS behind the scene as this could result in me turning off the computer in the middle of process or there could be power outage and similar.
Also I don't like the idea of using some service online to update firmware automatically so I disabled all those services.

More info about this service can be found here:
Implementing rdp mfa is crucial for securing remote access to your network. It adds an essential layer of protection by requiring a second form of authentication, significantly reducing the risk of unauthorized access. This extra security measure is a must for any organization prioritizing data protection and network security.
Yes, I use the Linux Vendor Firmware Service (LVFS) to ensure my system's hardware is running the latest firmware. It's a convenient way to get firmware updates directly from manufacturers, especially for devices like laptops and peripherals. The service integrates seamlessly with Linux distributions through fwupd, making the update process simple and reliable. LVFS helps improve hardware stability, security, and performance on Linux systems without needing to rely on proprietary tools or dual-booting into another OS for updates.
 
Last edited:
I was wondering what's the benefit of this?
If you install newer kernel then you also get newer firmware, so why downloading manually?
You can also update firmware from package repo that applies to your kernel.

But I'm more worried about updating BIOS, updating BIOS is something which for my taste can be done only by me by booting into BIOS and executing BIOS firmware.

Updating BIOS while OS is running just sounds so silly, there is possibility of system crash and then what?
But if you install BIOS from within BIOS the only bad thing that can happen is power fault, so it's safer.
 

Members online


Top