This stable release fixes the following bugs:

• Add the latest dbx fixups for BlackLotus
• Allow fwupd-refresh.timer trigger once per hour
• Fix a crash when converting HFSTS1 values
• Fix the version detection for SteelSeries Bluetooth mode
• Invalidate the XMLb cache when installing new fwupd versions
• Trigger the passive flow for usb4 from dell-dock

This release adds support for the following hardware:

• More Logitech Unifying receivers
• Nordic MCUboot
• nRF52 Desktop Keyboard

This release fixes the following bugs:

• Fix possible crash when getting UEFI report metadata
• Fix 'fwupdmgr install FILE GUID'

This release adds the following features:

• Add pcap converter which allows emulating devices from a Wireshark dump
• Add the ability to dump TPM firmware for future use
• Optionally retain firmware in a backup remote
• Record the ESP type in the firmware report sent to the LVFS

This release fixes the following bugs:

• Accept application/octet-stream for archives when the mime database is missing
• Add the latest dbx version version fixups as Microsoft removed another entry
• Assume DFU appIDLE if GetStatus is not implemented
• Do not require signatures for local or directory remotes
• Do not use pandoc to build the man pages
• Enhance Qubes functionality to use JCat
• Fix a CCGX 'usbfs: process did not claim interface 1 before use' warning
• Fix a compile warning when using a new libqmi version
• Fix a critical warning when parsing an empty kernel cmdline
• Fix a synaptics-cape regression where the firmware pauses for INTR
• Fix the defines for HFSTS6 enforcement policy
• Fix the i2c name properly for ElanTP hardware
• Fix the name of the MTD Intel SPI controller
• Set the release remote when installing archives
• Use the powerd power type information to better set AC levels

This release adds support for the following hardware:

• Framework Audio Card
• Lenovo ThinkPad TBT3-TR Gen 2
• Wacom Intuos BT S Gen 3

This release fixes the following bugs:

• Allow setting the package user agent before the client has connected
• Fix a small memory leak when refreshing metadata

This release adds the following features:

• Add support for replaying USB devices so they can be emulated in CI
• Allow desktop software to inhibit the system to prevent updates
• Allow using requirements with depth=0 and no parent
• Auto-set the CCGX remove-delay now we parse DMC subcomponents
• Detect and warn users with the broken NVMe firmware 3B2QGXA7
• Print errors as JSON objects when using fwupdmgr --json

This release fixes the following bugs:

• Allow installing battery firmware updates even when the power is too low
• Correctly fall back to the compatible vendor when FDT vendor is missing
• Detect CCGX factory mode and set a non-zero version
• Detect fixed Insyde firmware that can actually use Capsule-on-Disk
• Do not make any of the HWIDs setup failures fatal
• Fix a critical warning when parsing an empty kernel cmdline
• Fix a small memory leak when installing TPS6598x firmware
• Fix compiling with -Dbuild=library for Flathub
• Fix fwupdtool firmware-convert to work with image-less formats
• Fix regression in downloading files in fwupdtool
• Fix SMBIOS struct parsing when the tag section ends with NUL
• Indicate HSI attributes that will only be returned for specific CPU vendors
• Only accept application/x-xz compression for the metadata payload
• Only offset the IPMI user ID when using Lenovo XCC
• Prefer the Intel USB4 plugin over the Thunderbolt plugin when required
• Require at least twice the capsule size in the ESP when updating
• Save all the device flags in the pending database correctly
• Set the device percentage and status for the duration of the update
• Show the 4XX download failure in the CLI error output
• Speed up regenerating the MOTD when installing composite devices
• Use an updated shim if provided during for capsule update
• Use strict snap confinement

This release adds support for the following hardware:

• CalDigit Element Hub
• CalDigit TS4 Dock

This release adds the following features:

• Add a PE/COFF firmware parser to allow reading coSWID SBoM data
• Allow dumping CFI SPI chips using devices like CH341a
• Refactor the HWIDs functionality to include FDT data

This release fixes the following bugs:

• Add back a legacy eMMC GUID to fix a regression
• Always search for uSWID SBoM data in the image
• Do not allow LZX compressed cabinet archives
• Fallback to the checksum if the metadata artifact is invalid
• Improve FDT parsing compatibility with new OpenBMC images
• Never call grub2-probe without arguments
• Respect user requested paths for the ESP even if they are not volumes
• Speed up ChromeOS startup by a huge amount when using directory remotes
• Verify the Synaptics RMI signature in more cases

This release adds support for the following hardware:

• Quectel RM520
• StarBook Mk VI
• System76 launch_heavy_1

This release adds the following features:

• Add an interactive request for re-inserting the USB cable
• Add SHA384 support for TPM hashes
• Add X-FingerprintReader, X-GraphicsTablet, X-Dock and X-UsbDock categories
• Allow specifying OR parent requirements in metadata

This release fixes the following bugs:

• Add the fwupd version to the HSI result if the chassis is invalid
• Allow getting the ESP when there is a block device with no filesystem
• Allow reinstalling on devices with only-version-upgrade set
• Do not require the TPM event log to have all reconstructions
• Fix a tiny memory leak when parsing signed reports
• Ignore failure to mount the ESP if unsupported
• Never allow using SHA-1 for checksum validation
• Return a more useful error if USB recovery failed
• Skip the fwupdx64.efi BootXXXX entry when measuring system integrity
• Speed up daemon startup using prepared XPath queries
• Suggest to turn on ThunderboltAccess for Lenovo systems
• Use better defaults if the config file is missing

This release adds support for the following hardware:

• More Solidigm NVMe devices
• More Synaptics Cape devices
• More Synaptics Prometheus devices
• Most Texas Instruments USB-4 docks
• Scaler support for Wacom USB devices
• Several new Wistron USB-C docks

This release adds the following features:

• Add BIOS rollback protection support for Dell and Lenovo systems
• Generate OVAL rules for openSCAP evaluation
• Show the signed reports from QA teams in client tools

This release fixes the following bugs:

• Add a X-Gpu category for new hardware support
• Add more ChromeOS metadata to the report attributes
• Ensure the device name is set for Intel USB4 devices
• Fix a critical DFU CSR warning when deploying firmware
• Fix a Synaptics RMI issue when updating non-secure devices
• Match more device properties when using GetDetails
• Move AMD platform rollback protection to level 4
• Use the correct AppStream ID for the Key Manifest failure
• Wait for the Intel GPU to come back after updating

This release adds support for the following hardware:

• Logitech Whiteboard cameras
• More Goodix MoC devices
• Several QSI Docks

This release adds the following features:

• Add a new HSI check for the leaked Lenovo 'Key Manifest' hashes
• Measure system integrity when installing UEFI updates
• Record more host DMI data when submitting a report for dbx failures
• Use xz-compressed metadata to reduce bandwidth used by ~25%

This release fixes the following bugs:

• Add documentation for three existing HSI attributes
• Add re-insert requirement for Analogix devices
• Allow parsing metadata more than 1MB in size
• Do not follow symlinks when searching for ESP devices
• Ensure the config file permission is correct for built-in plugins
• Fix a compile failure when compiling without efiboot
• Fix a regression when using fwuptool install-blob with FMAP firmware
• Only count the Microsoft hashes when getting the dbx version
• Only use the IFD when the system is Intel-based
• Support loading CoSWID when only one role has been set

This release adds support for the following hardware:

• Anker Thunderbolt 4 Mini Hub
• ELAN haptic hardware
• Fingerprint lenfy devices
• Goodix GF3258WNC
• Intel discrete GPUs (experimental)
• More Star Labs laptops
• QSI Godzilla Creek Reference Hub

This release adds the following features:

• Reduce the installed package size by more than 30%
• Translate more interactive messages

This release fixes the following bugs:

• Allow disabling a DFU device when required
• Fix a regression when getting the i2c bus number
• Fix a small memory leak when reloading the parade-lspcon device
• Fix installing the dbx update when using fwupdtool
• Improve writing CoSWID and uSWID metadata
• Only include the last 5 releases in the installed metainfo file
• Only request the BOS descriptor for newer libgusb versions
• Prevent high memory usage when loading corrupt SREC files
• Try harder when trying to find the default ESP volume
• Use a higher compression preset for the UEFI splash images

This release adds support for the following hardware:

• Focaltech touchpads
• FPC fingerprint readers
• Supermicro machines using Redfish

This release adds the following features:

• Add a new android-boot plugin to update specific block devices
• Add new plugin to display SMU firmware version on AMD APU/CPU
• Add support for platform capability descriptors so devices can set quirks
• Move the generic Intel Goshen Ridge code out to a new plugin

This release fixes the following bugs:

• Allow specifying the ESP when applying the dbx update
• Always check the BDP partitions when getting all the possible ESPs
• Correctly update Wacom AES devices
• Disable changing sleep mode on Ryzen 6000 systems
• Do not show the 'may not be usable while updating' message for DBX updates
• Expose Pine64 PinePhone Pro MTD as Tow-Boot
• Fix a critical warning when issuing Secure Boot modem AT commands
• Fix a fuzzing crash when parsing malicious FDT data
• Fix aligning up addresses greater than 4GB
• Fix a possible crash when dumping VBE firmware
• Fix a possible critical warning when parsing cabinet archives
• Fix a regression when parsing pixart-rf firmware
• Fix a small memory leak when parsing UF2 files
• Fix checking for invalid depth requirements
• Fix parsing the coSWID firmware ID when encoded as a UUID
• Fix parsing uSWID uncompressed metadata
• Fix uploading to DFU-CSR devices
• Limit the archive size to 25% of the RAM, or 4G
• Load coSWID metadata from a uSWID MTD block device
• Never save the Redfish auto-generated password to a user-readable file
• Only create users using IPMI when we know it's going to work
• Write all the CCGX metadata block as intended

This release adds support for the following hardware:

• Corsair SABRE RGB PRO Gaming mouse
• More Sonix CAM devices
• More Intel Goshen Ridge USB-4 docks

This release fixes the following bugs:

• Always check the BDP partitions when getting all the possible ESPs
• Correctly detect CET IBT
• Do not show HSI events where we changed the spec result value
• Fix aligning up addresses greater than 4GB
• Fix applying the latest DBX update on machines with 20200729.x64 installed
• Fix checking for invalid depth requirements
• Fix getting the new version number of the USI docking hardware
• Fix HSI prefix for invalid chassis
• Never save the Redfish auto-generated password to a user-readable file
• Only create users using IPMI when we've tested the hardware
• Only fail the kernel tainted HSI test for specific taint reasons
• Only show changed events in the fwupdmgr security output
• Recognize CSME version 16 and update vulnerable versions from CSMEVDT data
• Write all the CCGX metadata block as intended

Version 1.8.4

Released: 2022-08-30

This release adds the following features:

• Add a translated title and long description for HSI security attributes
• Add support for loading a machine-default BIOS settings policy
• Add support for reading and writing BIOS settings
• Allow loading BIOS settings for host emulation
• Prompt users to fix some BIOS configuration issues

This release fixes the following bugs:

• Actually show provided AppStream security issues
• Add Quectel secure boot status AT commands
• Correctly detect CET IBT
• Do not assert when running with no plugins
• Do not require UEFI capsule updates for checking TPM PCR0
• Do not show HSI events where we changed the spec result value
• Fix applying the latest DBX update
• Include vfat in the list of possible BDP partition types
• Install all devices with the same composite id in fwupdtool
• Only fail the kernel HSI test for specific taint reasons
• Only show changed events in fwupdmgr security
• Update vulnerable CMSE versions from CSMEVDT data

This release adds support for the following hardware:

• Elan non-HID touchpads
• Google Prism
• LabTop Mk III
• ThinkPad Thunderbolt 4 Dock
• ThinkPad Universal Smart Dock

This release fixes the following bugs:

• Do not generate a capsule header for the FMP GUID
• Do not use CoD even when advertized on non-aarch64 platforms
• Fix a critical warning when parsing an invalid PHAT record
• Fix a regression for devices using the Atmel FLIP Bootloader
• Fix parsing SMBIOS data
• Set the device ID on the FwupdRequest
• Use the correct protocol member when converting to JSON
• Wait for the system76-launch device to re-enumerate if unlocked and reset

This release adds support for the following hardware:

• More pixart-rf hardware
• System76 launch_2
• Two new Startech devices

This release adds the following features:

• Add resolution flags to each security attribute failures for the user
• Allow loading in emulated host profiles for debugging
• Check if Intel TME has been disabled by the firmware or platform
• Wait for the system to acquiesce after doing each update

This release fixes the following bugs:

• Do not use CoD even when advertized on non-aarch64 platforms
• Fix a crash when updating the Logitech Bolt radio device
• Fix a critical warning when parsing an invalid PHAT record
• Fix a critical warning when parsing invalid FDT firmware
• Fix fwupdmgr security when plugins are added to the blocklist
• Fix parsing SMBIOS data to correct the device hardware IDs
• Fix uploading signed reports by sending the correct checksum
• Use the correct protocol attribute name when exporting to JSON

This release adds support for the following hardware:

• Additional Startech devices
• Additional Elan fingerprint readers

This release adds the following features:

• Add startup profiling which allowed us to speed up daemon startup considerably
• Add support for OptionROM, CPD and FPT firmware formats for future hardware
• Add the HostVendor to the D-Bus interface
• Break some internal ABI and add a conversion helper for out-of-tree plugins
• Optionally build the quirk files into the daemon binary to reduce installed size

This release fixes the following bugs:

• Allow front-end clients to read the percentage property
• Allow more quirk entries to add multiple items
• Allow to force install Genesys firmware even if the public-key does not
  match
• Allow UFS disks to define the signed status in metadata
• Autoconnect the Redfish network device when rebooting the BMC
• Copy the instance ID strings when incorporating devices
• Do not generate a capsule header for the FMP GUID
• Ensure more firmware formats can round-trip to and from XML
• Fix a regression for devices using the Atmel FLIP Bootloader
• Fix running fwupdtool security with a user-specified plugin allowlist
• Handle ENOTTY with the correct error code for ioctl calls
• Increase the self tests coverage substantially
• Modernize the AMT plugin and split out common MEI functionality
• Only move the logitech-bulkcontroller progressbar forwards when writing
• Set the device ID on the FwupdRequest to allow better UX
• Show the get-details output when the device requirements fail
• Simply quirk matching for i2c devices to speed up daemon startup
• Support SHA256 fastboot hashes if specified
• Use force-detach to bypass the DFU streaming check for camera devices
• Use the SCSI target to correctly set the physical ID
• Wait for the System76 launch device to re-enumerate if already unlocked

This release adds support for the following hardware:

• Corsair HARPOON RGB Wireless mouse
• U-Boot devices writing simple FIT images
• Genesys M27fd AIM101
• More PixArt wireless devices
• More Steelseries HID, Sonic and Fizz devices
• System76 launch_2

This release fixes the following bugs:

• Add the bootloader VID/PID used for the first batch of ColorHug devices
• Also check for os-release in SYSCONFDIR
• Export the version lowest raw value correctly
• Fix a Wacom timeout when parsing very corrupt firmware
• Fix Genesys device enumeration failure by not claiming the interface
• Hardcode the Redfish filedata name to firmware.bin
• Install D-Bus introspection data even if introspection is disabled
• Only set the flashrom BIOS size if not already quirked
• Read the SynapticsMST firmware size in a more safe way
• Restart the BMC after installing BCM updates

This release adds support for the following hardware:

• More pixart-rf devices
• More SPIT pccam devices
• Some FlatFrog devices

This release adds the following features:

• Add archive writing support for devices with composite firmware
• Add a way to read device composite firmware in fwupdtool
• Allow clients to opt-in to showing updates with user-solvable problems
• Allow the device to pause polling when writing firmware
• Export the system and device battery levels on the D-Bus interface
• Log errors and warnings to the win32 eventlog when required
• Add X-UsbReceiver as an update category with icon usb-receiver

This release fixes the following bugs:

• Accurately return the last-set status to client tools
• Allow dumping flashrom firmware using fwupdtool
• Allow specifying a non-file D-Bus transport
• Allow to request post actions from fwupdtool
• Always be arch-explicit when installing OS deps
• Be more resilient when restarting the Redfish BMC
• Do not mark all Redfish updates as UPDATABLE
• Do not use 'dongle' to describe USB receiver hardware
• Download in-process when using fwupdtool
• Fix a critical warning on failed modem update
• Fix regression when probing PS175 devices
• Hardcode the Redfish filedata name to firmware.bin
• Set the Bluetooth version if REV has been set
• Switch the Windows installer from NSIS to MSI
• Use StartServiceCtrlDispatcherA for the daemon on Windows
• Use the native certificate store on Windows

This release adds support for the following hardware:

• Corsair KATAR PRO XT, SABRE PRO and KATAR PRO Wireless
• HP Thunderbolt Dock G4
• Lenovo ThinkPad Universal USB-C Dock
• More PixArt wireless devices
• More SunplusIT USB cameras
• Some UFS devices
• Steelseries Aerox 3 Wireless and Rival 3 Wireless

This release adds the following features:

• Add a new attribute for CPUs supported by HSI
• Add coSWID and uSWID parsers to libfwupdplugin for initial SBoM support
• Add new HSI attributes for the AMD PSP and various other system protections
• Add the runtime fwupd-efi version as a firmware requirement
• Allow 'fwupdmgr install' to install a specified firmware version
• Allow overriding the detected machine type for debugging and development
• Restart the BMC after installing BCM updates
• Show the device serial number and instance IDs by default
• Support dumping the MTD image to a firmware blob
• Take a device inhibit when updating a device
• Use the CFI manufacturer ID to set the vendor
• Use the correct icon automatically for more hardware

This release fixes the following bugs:

• Add signed-payload metadata for more devices
• Allow Capsule-on-Disk to work in more cases
• Allow quirking the detected flashrom flash size
• Check for os-release on FWUPD_SYSCONFDIR
• Check the alignment when parsing raw firmware
• Check the update protocol exists when checking requirements
• Convert the build system to use meson tristate features
• Correctly probe USB-2 hubs with more than 7 ports
• Do not add the Windows compatibility ID to capsule devices
• Do not allow the DBX update for specific motherboards
• Do not expect KernelCmdline on Windows
• Do not export USB4 host controllers as updatable if they don't have unique GUIDs
• Do not fallback to audio-card and use a more suitable icon for USB hubs
• Do not hardcode the libexecdir to /usr/libexec
• Do not leak child processes when canceling
• Do not show unconnected or unreachable devices in the client tools
• Do not throw away the TPM eventlog when uploading to the LVFS
• Do not use /var/run for the socket
• Export the version_lowest_raw value correctly
• Fix build for MacOS and add to the CI matrix
• Fix eventlog replay for Intel TXT machines
• Fix several small memory leaks
• Fix writing large mtd images than 10kb
• Ignore MTD devices that report EPERM on open
• Mark the ME region device locked if it is read only
• Never send the DeviceChanged signal with old data
• Only show the CLI time remaining for predictable status phases
• Respect the NO_COLOR env variable
• Return the correct error when there is no GPIO device to open
• Support the new UPower PENDING device states

This release adds support for the following hardware:

• CH341A SPI programmer
• Corsair Sabre RGB PRO and Slipstream USB receiver
• Genesys GL3521 and GL3590 hubs
• Google Servo Dock
• Logitech M550, M650 and K650
• More ELAN fingerprint readers
• More integrated Wacom panels
• More NovaCustom machines
• More StaLabs StarLite machines
• More Tuxedo laptops
• Quectel EM05
• FlatFrog devices
• System76 launch_lite_1

This release adds the following features:

• Add CCGX trigger code to support future hardware
• Add signed and unsigned payload metadata to more devices
• Allow overriding the detected machine type
• Allow quirking the flashrom flash size
• Do not allow the DBX update for broken firmware versions

This release fixes the following bugs:

• Do not add the backup BMC device as it shares the same GUIDs
• Do not hardcode the libexecdir to /usr/libexec
• Do not leak child processes when canceling
• Do not throw away the TPM eventlog when uploading reports to the LVFS
• Don't export USB4 host controllers if they do not have unique GUIDs
• Fix build for MacOS
• Fix the TPM eventlog replay for Intel TXT machines
• Fix writing large MTD images
• Never send the DeviceChanged signal with invalid data
• Return the correct error when there is no GPIO device to open
• Show the update message and update image in front end tools
• Support the new PENDING upower device states

This release adds support for the following hardware:

• Logitech M550, M650 and K650
• More Elan fingerprint readers
• More Star Labs StarLite laptops
• More Wacom panels found on Lenovo laptops