AlmaLinuxRHEL Based

How To Install Fwupd on AlmaLinux 9

r00t

Install Fwupd on AlmaLinux 9

Firmware updates are critical for maintaining system security and performance on Linux distributions. AlmaLinux 9, as a robust enterprise-grade Linux distribution, supports firmware updates through fwupd—a powerful daemon that enables seamless firmware management. This comprehensive guide will walk you through the entire process of installing, configuring, and using fwupd on AlmaLinux 9, ensuring your system’s firmware remains up-to-date and secure.

Table of Contents

Introduction to Fwupd on AlmaLinux 9

Firmware updates play a crucial role in maintaining system security, stability, and performance. Unlike regular software updates that address applications and the operating system, firmware updates target the low-level code that controls hardware components. AlmaLinux 9, being an enterprise-grade distribution derived from RHEL, provides robust support for firmware updates via the fwupd utility.

Fwupd is a specialized daemon designed to allow session software to update device firmware across a wide range of hardware components, including BIOS/UEFI, SSDs, network cards, and various peripheral devices. This tool bridges the gap between hardware vendors and Linux users, simplifying what was once a complex and sometimes risky process.

This guide targets system administrators and Linux users managing AlmaLinux 9 systems who want to implement a reliable firmware update process. By the end, you’ll understand how to install, configure, and effectively use fwupd to keep your hardware components secure and optimized.

Understanding Fwupd and Its Importance

What is Fwupd?

Fwupd is an open-source daemon specifically designed for Linux systems to facilitate firmware updates across various hardware devices. Created to simplify the firmware update process, fwupd provides a standardized interface between the operating system and hardware components, eliminating the need for vendor-specific update tools or booting into alternative operating systems.

The project aims to make firmware updates automatic, safe, and reliable on Linux systems, addressing a long-standing gap in Linux hardware management. As firmware vulnerabilities can potentially expose systems to serious security risks, having a streamlined update mechanism like fwupd is essential for maintaining system integrity.

The Linux Vendor Firmware Service (LVFS)

Fwupd works hand-in-hand with the Linux Vendor Firmware Service (LVFS), a secure web service that enables hardware vendors to upload firmware updates. This partnership creates a seamless ecosystem where:

  • Hardware vendors upload firmware to the LVFS platform
  • The metadata and files are distributed across major Linux distributions
  • Tools like GNOME Software and the fwupdmgr command-line utility access these updates
  • Users can install updates without needing to understand complex firmware details

LVFS provides this service to vendors at no charge, encouraging wider adoption and better firmware support for Linux users. This democratized approach has led many major hardware manufacturers to participate, significantly improving the Linux firmware ecosystem.

Benefits of Using Fwupd

Implementing fwupd on your AlmaLinux 9 system offers several notable advantages:

  • Simplified firmware management: Update firmware for multiple devices through a single interface
  • Enhanced security posture: Quickly apply security patches for firmware vulnerabilities
  • Integration with system tools: Works alongside standard package management tools
  • Vendor-agnostic approach: Supports devices from multiple manufacturers
  • Automated verification: Validates firmware integrity before installation
  • Consistent user experience: Provides uniform update procedures across different hardware

With regular firmware updates, hardware components not only become more secure but often gain performance improvements and additional features that enhance the overall system experience.

Prerequisites for Installing Fwupd on AlmaLinux 9

System Requirements

Before proceeding with the installation of fwupd on AlmaLinux 9, ensure your system meets these baseline requirements:

  • A compatible system running AlmaLinux 9 (x86_64, aarch64, ppc64le, or s390x architecture)
  • Sufficient storage space for firmware packages
  • Active internet connection for downloading updates
  • Up-to-date system packages
  • Compatible hardware that supports firmware updates

While fwupd supports a wide range of devices, the exact hardware compatibility depends on vendor participation with the LVFS program. Most modern hardware from major manufacturers is supported.

User Permissions

Firmware updates modify critical system components and require appropriate permissions:

  • Root or sudo access is mandatory for installation and configuration
  • Administrative privileges are needed to start and manage system services
  • User must have appropriate permissions to access firmware files

When handling firmware updates, always use the principle of least privilege but recognize that firmware operations inherently require elevated access due to their system-critical nature.

Pre-installation Preparation

To ensure a smooth installation process, follow these preparation steps:

  1. Update your system packages to the latest versions: 
    sudo dnf update
  2. Verify your system architecture for compatibility: 
    uname -m
  3. Back up any critical data before proceeding with firmware-related operations: 
    # Example backup of system configuration files
sudo tar -czf system-config-backup.tar.gz /etc
  4. Close any resource-intensive applications to ensure the update process has adequate system resources available.

Taking these precautions minimizes the risk of issues during the fwupd installation process.

Installation Methods Overview

DNF vs YUM Package Managers

AlmaLinux 9 supports both DNF (Dandified YUM) and YUM package managers for installing software packages, including fwupd. While both can accomplish the installation, understanding their differences helps in choosing the appropriate method for your environment:

DNF is the newer, more advanced package manager and the recommended choice for AlmaLinux 9. It offers:

  • Improved dependency resolution
  • Better performance and memory usage
  • Enhanced error reporting
  • More consistent behavior with plugins

YUM remains available primarily for backward compatibility with scripts and workflows from earlier RHEL-compatible systems.

For most modern deployments, DNF is the preferred package manager. However, both methods will successfully install fwupd on your AlmaLinux 9 system.

Repository Considerations

The installation process relies on repositories that contain the fwupd packages. AlmaLinux 9 includes the necessary repositories by default, but it’s good practice to verify they’re enabled:

  • The AppStream repository contains the fwupd packages
  • The BaseOS repository provides core dependencies

Using official repositories is strongly recommended for security and compatibility reasons. Third-party repositories may offer newer versions but could introduce stability issues or security concerns.

Installing Fwupd Using DNF Package Manager

The DNF package manager provides a straightforward approach to installing fwupd on AlmaLinux 9. Follow these detailed steps to ensure a proper installation.

Updating Package Database

Before installing any package, refresh your DNF cache to ensure you have access to the latest available packages:

sudo dnf makecache --refresh

This command connects to enabled repositories, downloads metadata about available packages, and stores it locally for faster access. The --refresh flag forces DNF to download fresh metadata even if the current cache is recent.

Installation Process

With the package database updated, proceed to install fwupd using the following command:

sudo dnf -y install fwupd

The command breakdown:

  • sudo: Executes the command with elevated privileges
  • dnf: Invokes the package manager
  • -y: Automatically answers “yes” to confirmation prompts
  • install fwupd: Specifies the package to install

During installation, DNF resolves dependencies, downloads necessary packages, and installs them on your system. The process typically completes within a few minutes, depending on your internet connection speed and system performance.

Verification Steps

After installation completes, verify that fwupd was installed correctly:

  1. Check the installed version: 
    fwupdmgr --version
  2. Verify package integrity: 
    sudo dnf verify fwupd
  3. Ensure all dependencies were properly installed: 
    sudo dnf repoquery --requires --resolve fwupd

If all commands execute without errors, fwupd has been successfully installed on your AlmaLinux 9 system.

Installing Fwupd Using YUM Package Manager

For environments where YUM is preferred or required, you can install fwupd using the YUM package manager. This approach achieves the same result as DNF but uses the legacy package management interface.

Updating Package Database

Start by refreshing your YUM package database to ensure you’re working with current information:

sudo yum makecache --refresh

This command updates the local metadata cache with information about available packages from enabled repositories. The process may take a few moments depending on the number of configured repositories and your internet connection.

Installation Process

With the updated package information, install fwupd using YUM:

sudo yum -y install fwupd

The command components:

  • sudo: Runs the command with administrative privileges
  • yum: Invokes the legacy package manager
  • -y: Automatically confirms installation prompts
  • install fwupd: Specifies the package to install

YUM will calculate dependencies, download the necessary packages, and install fwupd on your system. The output provides details about the installation process, including package versions and sizes.

Package Verification

After installation, verify that fwupd was installed correctly:

  1. Check the installed version: 
    fwupdmgr --version
  2. List all installed files from the fwupd package: 
    sudo yum -q list fwupd
  3. Verify the package’s integrity: 
    sudo rpm -V fwupd

These verification steps ensure that fwupd is properly installed and ready for configuration.

Setting Up and Starting Fwupd Service

Starting the Fwupd Service

After installation, you need to start the fwupd service to enable firmware update functionality:

sudo systemctl start fwupd.service

This command initializes the fwupd daemon, which runs in the background and manages firmware update operations. The service needs to be running for any firmware update commands to work properly.

Enabling Automatic Startup

To ensure fwupd starts automatically whenever your system boots, enable the service:

sudo systemctl enable fwupd.service

Enabling the service creates the appropriate symbolic links to start fwupd during system initialization. This configuration ensures firmware update capabilities are always available without manual intervention after system reboots.

Checking Service Status

Verify that the fwupd service is running properly with the status command:

systemctl status fwupd.service

A properly functioning service will show output similar to:

● fwupd.service - Firmware update daemon
   Loaded: loaded (/usr/lib/systemd/system/fwupd.service; static; vendor preset: disabled)
   Active: active (running) since [date and time]; [time elapsed]
   Docs: https://fwupd.org/
 Main PID: [process ID] (fwupd)
   Tasks: 5
   CGroup: /system.slice/fwupd.service
           └─[process ID] /usr/libexec/fwupd/fwupd

The “active (running)” status confirms that the service is operating correctly.

Service Configuration Options

Fwupd’s default configuration typically works well for most systems, but you may need to adjust settings for specific environments:

  • Configuration files are located in /etc/fwupd/
  • The main configuration file is daemon.conf
  • Plugin-specific configurations may be present in the remotes.d directory

Common configuration adjustments include:

  • Update frequency settings
  • Firmware source configurations
  • Security policies for firmware validation

Make configuration changes carefully, as improper settings may affect firmware update reliability.

Basic Fwupd Commands and Usage

Listing Available Updates

To check for available firmware updates on your AlmaLinux 9 system:

fwupdmgr get-updates

This command queries the Linux Vendor Firmware Service (LVFS) for updates applicable to your detected hardware. The output lists devices with available updates, including version information and release notes when available.

If no updates are found, the command will indicate that all devices are up to date.

Getting Device Information

To see a comprehensive list of devices that fwupd can detect on your system:

fwupdmgr get-devices

This command provides detailed information about each recognized device, including:

  • Device name and manufacturer
  • Firmware version currently installed
  • Update capability status
  • Device ID and instance ID
  • Additional hardware-specific details

For more verbose output, add the --verbose flag:

fwupdmgr get-devices --verbose

Downloading Firmware Updates

When updates are available, download them without installing:

fwupdmgr refresh

This command fetches metadata and firmware packages from configured sources like LVFS. The system will download the necessary files and store them locally, preparing them for installation.

The download process includes:

  1. Fetching metadata from firmware repositories
  2. Authenticating downloaded content
  3. Validating file integrity
  4. Preparing updates for installation

Installing Firmware Updates

To install downloaded firmware updates:

fwupdmgr update

This command:

  1. Verifies downloaded firmware packages
  2. Checks hardware compatibility
  3. Applies updates to eligible devices
  4. Reports on update status

Some firmware updates may require a system restart to complete the installation process. The tool will notify you if this is necessary.

Verifying Successful Updates

After updating, verify that the firmware was successfully updated:

fwupdmgr get-devices

Compare the reported firmware versions with the previous values to confirm the update completed successfully. For most devices, you should see newer version numbers reflecting the applied updates.

Advanced Fwupd Usage on AlmaLinux 9

Working with Specific Hardware

Fwupd supports a variety of hardware components, each with unique update procedures:

UEFI/BIOS Updates:

fwupdmgr get-devices | grep -A 10 "UEFI"

This command identifies UEFI-related devices and their update status. UEFI updates often require special handling, including potential system restarts.

Storage Device Updates:
For SSD firmware updates, check device status with:

fwupdmgr get-devices | grep -A 10 "NVMe\|SSD"

GPU Firmware Updates:
The latest fwupd versions provide support for modern GPUs, including Intel Arc ‘Battlemage’ GPUs. These updates can improve performance and fix compatibility issues.

Command-line Options and Parameters

Fwupd offers various advanced parameters for specific use cases:

Offline Update Installation:

fwupdmgr install --offline /path/to/firmware.cab

This queues an update to be applied during the next system boot, which is safer for critical system components.

Force Installation:

fwupdmgr install --force /path/to/firmware.cab

The --force flag bypasses certain compatibility checks, but should be used with caution as it may lead to device malfunction.

Automated Update Scheduling:
Create a cron job for regular update checks:

echo "0 2 * * 0 root fwupdmgr refresh && fwupdmgr update -y" | sudo tee /etc/cron.d/fwupd-weekly

This example schedules weekly updates at 2:00 AM every Sunday.

Integration with Desktop Environments

While AlmaLinux is often used in server environments, desktop installations can benefit from GUI integration:

  • GNOME Software includes fwupd integration, showing firmware updates alongside regular software updates
  • KDE Plasma offers similar functionality through its Discover application
  • Notification systems can alert users when firmware updates are available

For headless servers, scheduled checks and email notifications can be configured using standard Linux tools like cron and mail.

Security Considerations

Understanding Firmware Update Security

Firmware updates modify critical system components and require stringent security measures:

  • Digital signatures verify update authenticity
  • Cryptographic hashing ensures file integrity
  • Secure download channels protect against man-in-the-middle attacks

Fwupd implements these security measures automatically, validating each update against trusted keys before installation.

Known Vulnerabilities

Like all software, fwupd occasionally has security issues that require attention:

  • AlmaLinux security advisories (like ALSA-2023:2487) may include fwupd-related fixes
  • Password handling vulnerabilities have been identified and patched in past versions
  • Keeping fwupd itself updated is essential for security

Review the AlmaLinux security advisories regularly and subscribe to security announcements to stay informed about potential issues.

Best Practices for Secure Updates

Follow these practices to enhance firmware update security:

  1. Only use official repositories for fwupd installation
  2. Verify update sources before applying firmware changes
  3. Implement a testing process for critical infrastructure
  4. Maintain system backups before major firmware updates
  5. Follow the principle of least privilege for firmware management
  6. Document all firmware changes in system logs
  7. Establish recovery procedures for failed updates

These practices minimize risks associated with firmware updates while ensuring systems benefit from security improvements.

Troubleshooting Common Issues

Installation Problems

When encountering issues during fwupd installation, try these solutions:

Repository Access Issues:

sudo dnf clean all
sudo dnf makecache

This refreshes repository data and clears cached information that might be causing problems.

Dependency Conflicts:

sudo dnf update --best --allowerasing

This resolves package conflicts by allowing the removal of conflicting packages.

Package Authentication Errors:

sudo dnf --disablepgpcheck install fwupd

Use this only temporarily if GPG key issues prevent installation, then address the underlying key problem.

Update Failure Scenarios

Firmware updates may fail for various reasons:

Network Connectivity Issues:

ping cdn.fwupd.org

Verify connectivity to fwupd servers. Network issues often cause update failures.

Checksum Verification Failures:
These may occur when downloads are corrupted. Try again with:

fwupdmgr refresh --force

Failed UEFI Updates:
For UEFI updates that fail during reboot, check your boot configuration:

efibootmgr -v

Look for boot entries related to firmware updates and verify they point to the correct locations.

Hardware Compatibility Issues

Not all hardware supports firmware updates through fwupd:

  1. Check device compatibility with: 
    fwupdmgr get-devices
  2. For unsupported devices, visit the manufacturer’s website for alternative update methods
  3. Consult the LVFS website to see if your device vendor participates in the program

Network-Related Problems

Network configuration can impact firmware updates:

Proxy Configuration:
Add proxy settings to /etc/environment:

http_proxy=http://proxy.example.com:8080
https_proxy=http://proxy.example.com:8080

Firewall Adjustments:
Allow fwupd to access firmware servers:

sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Offline Update Options:
For systems without internet access, download firmware on another system:

fwupdmgr download

Then transfer and install using:

fwupdmgr install /path/to/downloaded/firmware.cab

Uninstalling Fwupd

Complete Removal Process

If you need to remove fwupd from your AlmaLinux 9 system:

sudo dnf remove fwupd

This command removes the fwupd package and its associated binaries. However, configuration files and data might remain on the system.

Cleaning Up Configuration Files

To remove residual configuration files:

sudo dnf remove fwupd --remove-leaves
sudo rm -rf /var/lib/fwupd
sudo rm -rf /etc/fwupd

These commands remove fwupd files not managed by the package system, ensuring a complete cleanup.

Considerations Before Uninstalling

Before removing fwupd, consider:

  • Without fwupd, firmware updates will need to be performed manually
  • Some devices may become vulnerable to security issues if firmware isn’t regularly updated
  • Alternative update methods might require booting into different operating systems
  • Reinstalling fwupd later may require reconfiguration

Document your reasons for removal and establish alternative firmware update procedures before uninstalling.

Testing Fwupd Installation

Using Fwupd-tests Package

For thorough testing of your fwupd installation:

sudo dnf install fwupd-tests

This package includes test utilities that verify fwupd functionality across various scenarios. After installation, run tests to ensure proper operation.

Functionality Testing

Verify basic functionality with these tests:

  1. Check daemon operation: 
    systemctl is-active fwupd.service
  2. Test device recognition: 
    fwupdmgr get-devices
  3. Verify metadata refresh: 
    fwupdmgr refresh
  4. Test update detection: 
    fwupdmgr get-updates

These tests validate the core functionality of your fwupd installation.

Performance Considerations

Monitor system impact during firmware operations:

  • CPU usage during update operations
  • Memory consumption by the fwupd daemon
  • Network bandwidth during metadata and firmware downloads
  • Storage requirements for downloaded updates

For server environments, schedule resource-intensive operations during maintenance windows to minimize performance impact.

Congratulations! You have successfully installed Fwupd. Thanks for using this tutorial for installing Fwupd on AlmaLinux 9 system. For additional help or useful information, we recommend you check the official Fwupd website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button