Firmware (BIOS) update in Linux Mint - fwupd daemon, LVFS, (Dell)

[Akelbee]

This post addresses two related topics:

A. How to update BIOS/firmware on a PC running under Mint? Based on the further description below of the situation I have discovered, I wonder:
i) how I could/should go further to update firmware in my Dell XPS laptop? In particular I need help to interpret the information on an Error message that can be found on the Wiki page specified below. (The central information is found in the paragraphs in red text.)
(This leads me also to wonder:
ii) in general how you all take care of FW updating under Linux Mint?)
B. Could Mint possibly support the fwupd daemon in a more user friendly way? (See final paragraphs in blue text.)

(From a previous search here on the forums I found next to nothing on this topic. To provide info to others who may run into similar problems and to give the best possible background for somebody to assist, I have described quite detailed what I've encountered and found out so far. Perhaps some of this info could eventually be transformed to something more general on firmware updates under Linux Mint?)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
A.

Background/problem:
----------------------------
I've come to realize that running Update Manager, when warned about new updates, and thereby keeping Mint operating system ship shape, doesn't take care of all necessary maintenance of my pc. There's also a need to update the internal software of the hardware platform - of the pc. That's the firmware - as found in BIOS, the Basic In Out System that establishes contact between the hardware and the operating system (Linux). The firmware, which sits in a special chip, will usually be updated several times by the manufacturer i.a. for security reasons, similar to the operating system. However, it may be a challenge for Linux users to install firmware updates as pc manufacturers in most cases only supply an arrangement for firmware updating based on Windows procedures. (One way of remedying the update problem, is therefore to have the pc temporarily running Windows in one way or other, just for firmware updating ...) The result may be like my situation where the pc runs its original three year old firmware, and none of the twelve updates published in subsequent years are installed. To be honest, I was not even aware of the updates' existence -- but I think now that maybe a recurring problem with disk files under different versions of Mint and different SSDs may be related to FW.

However, some pc manufacturers, in particular those who offer Linux pre-installed on a pc, may enter into arrangements to aid Linux users with firmware updates. There is a project called LVFS (Linux Vendor Firmware Service) which runs a secure portal, fwupd.org, that allows hardware vendors to upload redistributable, signed firmware to the LVFS site packaged up in an industry-standard .cab archive along with a Linux-specific metadata file. At https://fwupd.org/lvfs/devices/ one can check which pc's and other devices that are supported by their manufacturers to perform firmware updates under Linux.

There exist a corresponding fwupd daemon (https://github.com/fwupd/fwupd) that allows session software to update device firmware on the local machine by fetching secure update files from LVFS and install the updates.

The description of fwupd on the LVFS-site informs us that "fwupd is a simple daemon to allow session software to update device firmware on your local machine. It's designed for desktops, but also usable on phones and headless servers. You can either use a GUI software manager like GNOME Software to view and apply updates, the command-line tool or the system D-Bus interface directly. Updating firmware on Linux is now automatic, safe and reliable."

Dell and Linux firmware updates
-------------------------------------------
Probably I'm somewhat fortunate in this respect in that my own laptop is of the Dell XPS type. The Dell XPS laptop is also offered from Dell with Ubuntu pre-installed, (I have an original Windows laptop, though). On Dell's site I found Knowledge Base article no 000131486 "Updating Dell BIOS in a Linux or Ubuntu environment" (https://www.dell.com/support/kbdoc/en-u ... nt?lang=en ). The article includes i.a. references to the fwupd daemon and the LVFS project (Linux Vendor Firmware Service). However, its reference to modern UEFI updates via LVFS and fwupd - which are applickable to pc's from 2015 onwards -- is, not surprisingly, made to ubuntu based pc's, but as Mint is based on ubuntu, things could be worse.

Dell (together with i.a. Lenovo) is contributing a lot to the LVFS project and support LVFS based firmware updates under Linux for the following groups of Dell PCs: XPS, Inspiron, Latitude, Vostro, and Fixed Workstations, OptiPlex, Precision.

A search on fwupd.org/lvfs/devices/ for my Dell XPS 13 9365 gave the following result: https://fwupd.org/lvfs/search?csrf_toke ... l+xps+9365 - telling me that there are updates available in the LVFS system for "XPS 13 9365 System Update" and "Thunderbolt NVM for Xps 9365 Device Update".

(The ordinary list of Dell driver updates for my pc is here: https://www.dell.com/support/home/no-no ... op/drivers, which includes links to all eleven BIOS-versions since the first one found on my pc.)

fwupd/LVFS and Mint
--------------------------------
The general problem is that Mint (out of the box) doesn't help users to utilize the fwupd/LVFS system and maintain the pc's firmware. The fwupd daemon comes installed with Mint, though. (More on this further below.)

The description for fwupd in Mint's Software Manager (mintinstall) repeats some of the quoted info from the LVFS site and tells us to see https://github.com/fwupd/fwupd for details. On said github-page one finds i.a. instructions how to run the fwupd daemon from the terminal, and there is also a link to the LVFS/fwupd.org site for further end user instruction, which eventually leads to https://fwupd.org/lvfs/docs/users. The github-page informs us that:

"GNOME Software is the graphical frontend available. When compiled with firmware support, it will check for updates periodically and automatically download firmware in the background. After the firmware has been downloaded a popup will be displayed in GNOME Software to perform the update.

KDE Discover is the software center, generally bundled with KDE Plasma. With the release of KDE Plasma 5.14, a new fwupd backend has been implemented in KDE Discover for firmware updates. These firmware updates are shown with other system updates."

This information is expanded somewhat on said https://fwupd.org/lvfs/docs/users page, but I cannot really find much instructive material for us end users.

Searching for fwupd in Software Manager currently informs us that with basic Mint Cinnamon installation the following is already installed:
- fwupd version 1.3.11-1~focal1 ("Firmware update daemon")
- fwupd-signed 1.27.1ubuntu2+1.3.11-~focal1 ("Linux Firmware Updater EFI signed binary")
(Current version of fwupd available from github or LVFS/fwupd is 1.5.8. )

From the search in Software Manager we can further see that it's possible also to install:
- fwupd-tests 1.3.11-1~focal1 ("Test suite for firmware update daemon")
- Gnome-firmware 3.34.0-2 ("GTK front end for fwupd")
- Plasma-discover-backend-fwupd 5.18.5-0ubuntu0.1 ("Discover software management suite - fwupd backend")
- fwupd (Flathub) (org.freedesktop.fwupd version 1.5.3.)

On the fwupd-signed page in Software Manager we are informed that it "provides functionality to update system firmware. It has been initially designed to update firmware using UEFI capsule updates, but is designed to be extensible to other firmware update standards. This package contains a version of the fwupd binary signed with Canonical's UEFI signing key."

The fwupd-tests page in SM informs us of some of the general fwupd info, and adds "This package provides a set of installed tests that can be run to validate the daemon in a continuous integration system", and links to the same github.com/fwupd/fwupd page.

The Gnome-firmware page of SM informs us that:
"This application can.
- Upgrade, Downgrade& Reinstall firmware on devices supported by fwupd.
- Unlock locked fwupd devices
- Verify firmware on supported devices
- Display all releases for a fwupd device."
The Read Me file on the github page it links to, https://gitlab.gnome.org/hughsie/gnome-firmware-updater, shows a couple of screen shots, but no further info of use for end user seem to be in sight. Current version available 3.36.0.

The Plasma-discover-backend-fwupd page of SM informs us that "Discover is a graphical software manager for the Plasma workspace. It helps users easily and quickly find application an other software they might want to install. This package contains a backend for the firmware update daemon." The link further to https://invent.kde.org/plasma/discover leads, as far as I can see, to no Wiki or other information that can help an end user like me with little background knowledge.

Installing and running Gnome-firmware and how it turned out
----------------------------------------------------------------------------------------
The stuff above is the information I have found on the issue of updating firmware under Linux on my Dell XPS pc -- so what then do do?

I thought that going for a GUI front-end to the fwupd daemon, rather than try to run it in a terminal window, might be easier. Contrary to the advice not to mix programs between different desktops, thinking the Gnome-firmware update might not be to far away from Mint Cinnamon, and since it anyhow was offered through Mint Software Manager, I installed Gnome-firmware from Mint Software Manager and it came up nicely as "Firmware" in the Administration menu. I then ran it.

It started good by presenting the following list of firmware updates available from LVFS for the following items/devices in my pc:
- Thunderbolt (chip set?) Controller from Intel
- Samsung 970 EVO Plus SSD
- System firmware
- TPM 1.2
- Touchpad

Starting with the "Thunderbolt Controller", things seemed to work smoothly when I gave command for installation, and I got the impression that the update went as planned. (Hadn't had any focus on Thunderbolt before this, so I didn't make a note of the version numbers before and after, so I cannot verify this update. If I now click Verify button I get the error message "Failed to verify device - failed to read firmware: not supported". Clicking on "Show Releases", though, I'm informed that v. 23.00 is available, the same as the installed Starting with the "Thunderbolt Controller", things seemed to work smoothly when I gave command for installation, and I got the impression that the update went as planned. (Hadn't had any focus on Thunderbolt before this, so I didn't make a note of the version numbers before and after, so I cannot verify this update. If I now click Verify button I get the error message "Failed to verify device - failed to read firmware: not supported". Clicking on "Show Releases", though, I'm informed that v. 23.00 is available, the same as the installed version, and I'm offered a button for "Reinstall".)

The Samsung NVMe SSD goes nowhere, as both "Verify" and "Show Releases button are greyed out. Not too strange perhaps. Searching for "Samsung SSD 970 Evo Plus" in LVFS informs me that "Vendor is considering adding firmware to the LVFS in the future", and the Samsung SSD in my pc is not the original Samsung SSD supplied with the pc.

Then on to "System Firmware" - BIOS: This comes up with the immediate warning: "Update Error - TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM ... nstruction". If I click Verify, I get the message "Verification succeeded - System Firmware checksums matched", and if I click "Show Releases" I'm presented with a list of the five .cab updates that can be seen at LVFS( https://fwupd.org/lvfs/devices/com.dell ... a.firmware ). More on this below.

Clicking on "TPM 1.2" ("Alternate mode for platform TPM device") I'm also warned "Update Error - mode switch disabled due to TPM ownership". "Verify" and "Show Releases" buttons are greyed out, but a new button "Unlock" is available. Clicking Unlock leads to error message "Failed to unlock device - failed to unlock using uefi: ERROR: TPM 1.2 has no flashes left". (This error message is treated and a remedy provided on https://github.com/fwupd/fwupd/wiki/Del ... ashes-left .)

Clicking "Touchpad" also gives greyed out "Verify" and "Show Releases", but that driver is probably taken care of by the Linux kernel (?) anyhow.

What to do now for System Firmware update, then?
--------------------------------------------------------------------------
As for the System Firmware, I've read github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction, but I have too little background knwoledge to feel sure what this really is about - and to what extent this really is a problem that should prevent me from trying to perform the updates. When I click Show Releases in Gnome Firmware, and click any of the five updates presented, the "Install Upgrade" button seems to be functional (not greyed out). I could of course just click it and see what happens, but as I have the impression that a failed firmware update could possibly brick the pc, I would like to have that error message sorted out before I try - and hope that anybody can help me understand what I need to do (or not). Software Manager

One thing that I immediately see from https://github.com/fwupd/fwupd/wiki/TPM ... nstruction", that puzzles me, is the information that some known bugs have been fixed in specified versions, and for the 1.3.x series this happened in version 1.3.12, and we are informed that "If you are having problems and are running an earlier version than this, please update to a newer version before reporting an issue." For "Packaged install" further down, though, we are informed that "Fwupd 1.3.x: Please be sure you are running fwupd 1.3.11 or later" - from the above one should think it should rather have been 1.3.12 or later (?). In any case, and as already mentioned, Mint 20.1C installs only version 1.3.11 of fwupd.

I've found that this same TPM-PCR0 error message is also discussed elsewhere, see https://github.com/fwupd/fwupd/discussions/3062, and PCR0 (which I have no clue about what is) is discussed here: https://github.com/fwupd/fwupd/discussions/2548 -- which could perhaps also shed some light on what the issues are. Could the fact my pc was originally delivered from Dell not with Linux/ubuntu, but rather with Windows, or that the original SSD has been substituted, be part of issues?

(I also find no information around on Dell or LVFS whether I will have to install the BIOS updates one by one, or if I can go straight for the last version. I guess since all versions are presented in the update list, it's necessary to perform updates incrementally.)

So the specific help I'm asking for is for somebody who has more knowledge to read https://github.com/fwupd/fwupd/wiki/TPM ... nstruction and tell me if there is a danger of bricking or other serious trouble if I go ahead trying to update firmware with fwupd v. 1.3.11 that Mint provides?

Or should I rather, e.g.:
- create a ubuntu Live USB stick and try to update firmware from there
- install the fwupd (Flathub) available in Mint's Software Manager which installs 1.5.3 version, and try to update firmware with that?
Can the Flathub 1.5.3 version be run under Gnome Firmware without doing anything special, or will it have to be run in a terminal window? Will I have to un-install the original 1.3.11 version of fwupd before I install the newer flathub version?
(There seems also to be a snap available somewhere with latest and bugfree fwupd v 1.5.8.)

I'll be very grateful if anybody can lead me further here.

- And now I've really started wondering what do Linux (Mint) users normally know -- not every Mint user is a techie geek -- about FW updates, and how do they perform them, if at all, (and in particular if they have pc's not supported under LVFS).

B.

I tend to think that making firmware updates easy to deploy ought to be the best way to keep users' hardware secure.

I therefore wonder whether there's any chance that Mint will improve on the availability of a GUI front-end to fwupd and/or the general handling of firmware updates?

One could imagine that Update Manager in the future could do one or more of the following: Samsung NVMe SSD
- Inform about the general need to update FW and whether the pc is supported by LVFS - i.e. automatically checking this with LVFS.
- If pc is supported by LVFS, install an appropriate GUI front end.
- If pc is supported by LVFS and new updates are available, inform the user about it and prompt hem to perform the update.
- If pc is supported by LVFS and new updates are available, trigger the GUI.
- Integrate the LVFS/fwupd stuff into Update Manager, so that LVFS firmware updates are made within the framework of operating Update manager.

If the pc is supported by LVFS, one could also think that the Mint install process installed one of the GUIs to fwupd, so that the firmware update function at least becomes more visible to the user by displaying it on the Administration menu.

What could possibly be done with pc's that are not supported by LVFS, my knowledge is too little to have ideas about - as my knowledge regrettably is also too little to contribute with any coding to realize my ideas (which probably many others have already thought about).

[stevengarland]

I have been trying for some time to update my dell xps 9700 bios to 1.7.2. None of the directions work. This is frustrating as I did update to the previous bio, not without difficulty, by downloading the bios to a usb, staring the dell bios using F12, finding the usb and waiting. It finally flashed. No such luck with 1.7.2. fwupd does nothing.

[stevengarland]

Dell has now greatly changed the update situation with Linux bios changes. Click F12 as you restart and you will be able to flash the bios in a normal manner.

Oct 2021

[BjoernH]

Hey, I just updated my BIOS running Linux Mint 20.2 on my Dell XPS 13 (2017).

I only ran in the terminal

Code: Select all

sudo apt install fwupd
fwupdmgr get-updates
fwupdmgr update 

It went flawless. I have upgraded from 2.15.1 to 2.17
I found this information under this link:
https://www.speich.net/articles/en/2019 ... inux-mint/

[mohdforever]

This post addresses two related topics:

A. How to update BIOS/firmware on a PC running under Mint? Based on the further description below of the situation I have discovered, I wonder:
i) how I could/should go further to update firmware in my Dell XPS laptop? In particular I need help to interpret the information on an Error message that can be found on the Wiki page specified below. (The central information is found in the paragraphs in red text.)
(This leads me also to wonder:
ii) in general how you all take care of FW updating under Linux Mint?)
B. Could Mint possibly support the fwupd daemon in a more user friendly way? (See final paragraphs in blue text.)

(From a previous search here on the forums I found next to nothing on this topic. To provide info to others who may run into similar problems and to give the best possible background for somebody to assist, I have described quite detailed what I've encountered and found out so far. Perhaps some of this info could eventually be transformed to something more general on firmware updates under Linux Mint?)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
A.

Background/problem:
----------------------------
I've come to realize that running Update Manager, when warned about new updates, and thereby keeping Mint operating system ship shape, doesn't take care of all necessary maintenance of my pc. There's also a need to update the internal software of the hardware platform - of the pc. That's the firmware - as found in BIOS, the Basic In Out System that establishes contact between the hardware and the operating system (Linux). The firmware, which sits in a special chip, will usually be updated several times by the manufacturer i.a. for security reasons, similar to the operating system. However, it may be a challenge for Linux users to install firmware updates as pc manufacturers in most cases only supply an arrangement for firmware updating based on Windows procedures. (One way of remedying the update problem, is therefore to have the pc temporarily running Windows in one way or other, just for firmware updating ...) The result may be like my situation where the pc runs its original three year old firmware, and none of the twelve updates published in subsequent years are installed. To be honest, I was not even aware of the updates' existence -- but I think now that maybe a recurring problem with disk files under different versions of Mint and different SSDs may be related to FW.

However, some pc manufacturers, in particular those who offer Linux pre-installed on a pc, may enter into arrangements to aid Linux users with firmware updates. There is a project called LVFS (Linux Vendor Firmware Service) which runs a secure portal, fwupd.org, that allows hardware vendors to upload redistributable, signed firmware to the LVFS site packaged up in an industry-standard .cab archive along with a Linux-specific metadata file. At https://fwupd.org/lvfs/devices/ one can check which pc's and other devices that are supported by their manufacturers to perform firmware updates under Linux.

There exist a corresponding fwupd daemon (https://github.com/fwupd/fwupd) that allows session software to update device firmware on the local machine by fetching secure update files from LVFS and install the updates.

The description of fwupd on the LVFS-site informs us that "fwupd is a simple daemon to allow session software to update device firmware on your local machine. It's designed for desktops, but also usable on phones and headless servers. You can either use a GUI software manager like GNOME Software to view and apply updates, the command-line tool or the system D-Bus interface directly. Updating firmware on Linux is now automatic, safe and reliable."

Dell and Linux firmware updates
-------------------------------------------
Probably I'm somewhat fortunate in this respect in that my own laptop is of the Dell XPS type. The Dell XPS laptop is also offered from Dell with Ubuntu pre-installed, (I have an original Windows laptop, though). On Dell's site I found Knowledge Base article no 000131486 "Updating Dell BIOS in a Linux or Ubuntu environment" (https://www.dell.com/support/kbdoc/en-u ... nt?lang=en ). The article includes i.a. references to the fwupd daemon and the LVFS project (Linux Vendor Firmware Service). However, its reference to modern UEFI updates via LVFS and fwupd - which are applickable to pc's from 2015 onwards -- is, not surprisingly, made to ubuntu based pc's, but as Mint is based on ubuntu, things could be worse.

Dell (together with i.a. Lenovo) is contributing a lot to the LVFS project and support LVFS based firmware updates under Linux for the following groups of Dell PCs: XPS, Inspiron, Latitude, Vostro, and Fixed Workstations, OptiPlex, Precision.

A search on fwupd.org/lvfs/devices/ for my Dell XPS 13 9365 gave the following result: https://fwupd.org/lvfs/search?csrf_toke ... l+xps+9365 - telling me that there are updates available in the LVFS system for "XPS 13 9365 System Update" and "Thunderbolt NVM for Xps 9365 Device Update".

(The ordinary list of Dell driver updates for my pc is here: https://www.dell.com/support/home/no-no ... op/drivers, which includes links to all eleven BIOS-versions since the first one found on my pc.)

fwupd/LVFS and Mint
--------------------------------
The general problem is that Mint (out of the box) doesn't help users to utilize the fwupd/LVFS system and maintain the pc's firmware. The fwupd daemon comes installed with Mint, though. (More on this further below.)

The description for fwupd in Mint's Software Manager (mintinstall) repeats some of the quoted info from the LVFS site and tells us to see https://github.com/fwupd/fwupd for details. On said github-page one finds i.a. instructions how to run the fwupd daemon from the terminal, and there is also a link to the LVFS/fwupd.org site for further end user instruction, which eventually leads to https://fwupd.org/lvfs/docs/users. The github-page informs us that:

"GNOME Software is the graphical frontend available. When compiled with firmware support, it will check for updates periodically and automatically download firmware in the background. After the firmware has been downloaded a popup will be displayed in GNOME Software to perform the update.

KDE Discover is the software center, generally bundled with KDE Plasma. With the release of KDE Plasma 5.14, a new fwupd backend has been implemented in KDE Discover for firmware updates. These firmware updates are shown with other system updates."

This information is expanded somewhat on said https://fwupd.org/lvfs/docs/users page, but I cannot really find much instructive material for us end users.

Searching for fwupd in Software Manager currently informs us that with basic Mint Cinnamon installation the following is already installed:
- fwupd version 1.3.11-1~focal1 ("Firmware update daemon")
- fwupd-signed 1.27.1ubuntu2+1.3.11-~focal1 ("Linux Firmware Updater EFI signed binary")
(Current version of fwupd available from github or LVFS/fwupd is 1.5.8. )

From the search in Software Manager we can further see that it's possible also to install:
- fwupd-tests 1.3.11-1~focal1 ("Test suite for firmware update daemon")
- Gnome-firmware 3.34.0-2 ("GTK front end for fwupd")
- Plasma-discover-backend-fwupd 5.18.5-0ubuntu0.1 ("Discover software management suite - fwupd backend")
- fwupd (Flathub) (org.freedesktop.fwupd version 1.5.3.)

On the fwupd-signed page in Software Manager we are informed that it "provides functionality to update system firmware. It has been initially designed to update firmware using UEFI capsule updates, but is designed to be extensible to other firmware update standards. This package contains a version of the fwupd binary signed with Canonical's UEFI signing key."

The fwupd-tests page in SM informs us of some of the general fwupd info, and adds "This package provides a set of installed tests that can be run to validate the daemon in a continuous integration system", and links to the same github.com/fwupd/fwupd page.

The Gnome-firmware page of SM informs us that:
"This application can.
- Upgrade, Downgrade& Reinstall firmware on devices supported by fwupd.
- Unlock locked fwupd devices
- Verify firmware on supported devices
- Display all releases for a fwupd device."
The Read Me file on the github page it links to, https://gitlab.gnome.org/hughsie/gnome-firmware-updater, shows a couple of screen shots, but no further info of use for end user seem to be in sight. Current version available 3.36.0.

The Plasma-discover-backend-fwupd page of SM informs us that "Discover is a graphical software manager for the Plasma workspace. It helps users easily and quickly find application an other software they might want to install. This package contains a backend for the firmware update daemon." The link further to https://invent.kde.org/plasma/discover leads, as far as I can see, to no Wiki or other information that can help an end user like me with little background knowledge.

Installing and running Gnome-firmware and how it turned out
----------------------------------------------------------------------------------------
The stuff above is the information I have found on the issue of updating firmware under Linux on my Dell XPS pc -- so what then do do?

I thought that going for a GUI front-end to the fwupd daemon, rather than try to run it in a terminal window, might be easier. Contrary to the advice not to mix programs between different desktops, thinking the Gnome-firmware update might not be to far away from Mint Cinnamon, and since it anyhow was offered through Mint Software Manager, I installed Gnome-firmware from Mint Software Manager and it came up nicely as "Firmware" in the Administration menu. I then ran it.

It started good by presenting the following list of firmware updates available from LVFS for the following items/devices in my pc:
- Thunderbolt (chip set?) Controller from Intel
- Samsung 970 EVO Plus SSD
- System firmware
- TPM 1.2
- Touchpad

Starting with the "Thunderbolt Controller", things seemed to work smoothly when I gave command for installation, and I got the impression that the update went as planned. (Hadn't had any focus on Thunderbolt before this, so I didn't make a note of the version numbers before and after, so I cannot verify this update. If I now click Verify button I get the error message "Failed to verify device - failed to read firmware: not supported". Clicking on "Show Releases", though, I'm informed that v. 23.00 is available, the same as the installed Starting with the "Thunderbolt Controller", things seemed to work smoothly when I gave command for installation, and I got the impression that the update went as planned. (Hadn't had any focus on Thunderbolt before this, so I didn't make a note of the version numbers before and after, so I cannot verify this update. If I now click Verify button I get the error message "Failed to verify device - failed to read firmware: not supported". Clicking on "Show Releases", though, I'm informed that v. 23.00 is available, the same as the installed version, and I'm offered a button for "Reinstall".)

The Samsung NVMe SSD goes nowhere, as both "Verify" and "Show Releases button are greyed out. Not too strange perhaps. Searching for "Samsung SSD 970 Evo Plus" in LVFS informs me that "Vendor is considering adding firmware to the LVFS in the future", and the Samsung SSD in my pc is not the original Samsung SSD supplied with the pc.

Then on to "System Firmware" - BIOS: This comes up with the immediate warning: "Update Error - TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM ... nstruction". If I click Verify, I get the message "Verification succeeded - System Firmware checksums matched", and if I click "Show Releases" I'm presented with a list of the five .cab updates that can be seen at LVFS( https://fwupd.org/lvfs/devices/com.dell ... a.firmware ). More on this below.

Clicking on "TPM 1.2" ("Alternate mode for platform TPM device") I'm also warned "Update Error - mode switch disabled due to TPM ownership". "Verify" and "Show Releases" buttons are greyed out, but a new button "Unlock" is available. Clicking Unlock leads to error message "Failed to unlock device - failed to unlock using uefi: ERROR: TPM 1.2 has no flashes left". (This error message is treated and a remedy provided on https://github.com/fwupd/fwupd/wiki/Del ... ashes-left .)

Clicking "Touchpad" also gives greyed out "Verify" and "Show Releases", but that driver is probably taken care of by the Linux kernel (?) anyhow.

What to do now for System Firmware update, then?
--------------------------------------------------------------------------
As for the System Firmware, I've read github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction, but I have too little background knwoledge to feel sure what this really is about - and to what extent this really is a problem that should prevent me from trying to perform the updates. When I click Show Releases in Gnome Firmware, and click any of the five updates presented, the "Install Upgrade" button seems to be functional (not greyed out). I could of course just click it and see what happens, but as I have the impression that a failed firmware update could possibly brick the pc, I would like to have that error message sorted out before I try - and hope that anybody can help me understand what I need to do (or not). Software Manager

One thing that I immediately see from https://github.com/fwupd/fwupd/wiki/TPM ... nstruction", that puzzles me, is the information that some known bugs have been fixed in specified versions, and for the 1.3.x series this happened in version 1.3.12, and we are informed that "If you are having problems and are running an earlier version than this, please update to a newer version before reporting an issue." For "Packaged install" further down, though, we are informed that "Fwupd 1.3.x: Please be sure you are running fwupd 1.3.11 or later" - from the above one should think it should rather have been 1.3.12 or later (?). In any case, and as already mentioned, Mint 20.1C installs only version 1.3.11 of fwupd.

I've found that this same TPM-PCR0 error message is also discussed elsewhere, see https://github.com/fwupd/fwupd/discussions/3062, and PCR0 (which I have no clue about what is) is discussed here: https://github.com/fwupd/fwupd/discussions/2548 -- which could perhaps also shed some light on what the issues are. Could the fact my pc was originally delivered from Dell not with Linux/ubuntu, but rather with Windows, or that the original SSD has been substituted, be part of issues?

(I also find no information around on Dell or LVFS whether I will have to install the BIOS updates one by one, or if I can go straight for the last version. I guess since all versions are presented in the update list, it's necessary to perform updates incrementally.)

So the specific help I'm asking for is for somebody who has more knowledge to read https://github.com/fwupd/fwupd/wiki/TPM ... nstruction and tell me if there is a danger of bricking or other serious trouble if I go ahead trying to update firmware with fwupd v. 1.3.11 that Mint provides?

Or should I rather, e.g.:
- create a ubuntu Live USB stick and try to update firmware from there
- install the fwupd (Flathub) available in Mint's Software Manager which installs 1.5.3 version, and try to update firmware with that?
Can the Flathub 1.5.3 version be run under Gnome Firmware without doing anything special, or will it have to be run in a terminal window? Will I have to un-install the original 1.3.11 version of fwupd before I install the newer flathub version?
(There seems also to be a snap available somewhere with latest and bugfree fwupd v 1.5.8.)

I'll be very grateful if anybody can lead me further here.

- And now I've really started wondering what do Linux (Mint) users normally know -- not every Mint user is a techie geek -- about FW updates, and how do they perform them, if at all, (and in particular if they have pc's not supported under LVFS).

B.

I tend to think that making firmware updates easy to deploy ought to be the best way to keep users' hardware secure.

I therefore wonder whether there's any chance that Mint will improve on the availability of a GUI front-end to fwupd and/or the general handling of firmware updates?

One could imagine that Update Manager in the future could do one or more of the following: Samsung NVMe SSD
- Inform about the general need to update FW and whether the pc is supported by LVFS - i.e. automatically checking this with LVFS.
- If pc is supported by LVFS, install an appropriate GUI front end.
- If pc is supported by LVFS and new updates are available, inform the user about it and prompt hem to perform the update.
- If pc is supported by LVFS and new updates are available, trigger the GUI.
- Integrate the LVFS/fwupd stuff into Update Manager, so that LVFS firmware updates are made within the framework of operating Update manager.

If the pc is supported by LVFS, one could also think that the Mint install process installed one of the GUIs to fwupd, so that the firmware update function at least becomes more visible to the user by displaying it on the Administration menu.

What could possibly be done with pc's that are not supported by LVFS, my knowledge is too little to have ideas about - as my knowledge regrettably is also too little to contribute with any coding to realize my ideas (which probably many others have already thought about).

I think,,, all what you need is in gnome-firmware app with flatpak version from flathub.org

https://flathub.org/apps/details/org.gnome.Firmware

[Cosmo.]

Why must a reader scroll down for 5 screens to find behind an especially boring and senseless fullquote only 1 line of text and a link? One can only hope, that this one-liner is more competent than the style of quoting.