fwupd (简体中文)
fwupd 是帮助你在 Linux 下更新固件的小工具,支持但不限于 UEFI/BIOS 固件。
安装
更新 UEFI/BIOS 固件请查看 #更新 UEFI/BIOS 固件
使用
获得可用设备列表
$ fwupdmgr get-devices
刷新可用更新元数据
$ fwupdmgr refresh
检查哪些设备有可用更新
$ fwupdmgr get-updates
安装可用更新
$ fwupdmgr update
更新 UEFI/BIOS 固件
- 确保你使用 UEFI 模式启动系统;
- 检查 你的 EFI 变量可以获取;
- 挂载你的 EFI system partition (ESP) properly.
esp
分区已经挂载。
安全启动
在 Secure Boot 开启的系统下,fwupd 使用 shim 来引导 fwupd EFI 文件。 使用前请确保正确安装 shim
Using your own keys
Alternatively, you have to manually sign the UEFI executable used to perform upgrades, which is located in /usr/lib/fwupd/efi/fwupdx64.efi
.
The signed UEFI executable is expected in /usr/lib/fwupd/efi/fwupdx64.efi.signed
.
Using sbsigntools, this can be achieved by running:
# sbsign --key <keyfile> --cert <certfile> /usr/lib/fwupd/efi/fwupdx64.efi
To automatically sign this file when installed or upgraded, a Pacman hook can be used:
/etc/pacman.d/hooks/sign-fwupd-secureboot.hook
[Trigger] Operation = Install Operation = Upgrade Type = File Target = usr/lib/fwupd/efi/fwupdx64.efi [Action] When = PostTransaction Exec = /usr/bin/sbsign --key <keyfile> --cert <certfile> /usr/lib/fwupd/efi/fwupdx64.efi Depends = sbsigntools
Make sure to replace <keyfile>
and <certfile>
with the corresponding paths of your keys.
Finally, you have to change the line containing RequireShimForSecureBoot
in /etc/fwupd/uefi.conf
to RequireShimForSecureBoot=false
.