proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-05-28 12:52:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
63a407ab34
fwupd/docs/website/users.html
Richard Hughes 60a7210318 Move the LVFS website to the fwupd project
2015-07-20 15:07:24 +01:00

166 lines
6.2 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!-- Copyright (C) 2015 Richard Hughes <richard@hughsie.com>
Licensed under the GNU General Public License Version 2 -->
<html>
<head>
<title>fwupd: Firmware Update Daemon</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="style.css" type="text/css" media="screen"/>
<link rel="shortcut icon" href="favicon.ico"/>
<script src="https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js"></script>
</head>
<body>
<h1 class="banner">fwupd: Firmware<br> Update Daemon</h1>
<h1>Introduction</h1>
<p>
fwupd is a simple daemon to allow session software to update device firmware on
your local machine. It's designed for desktops, but this project is
also usable on phones, tablets and on headless servers.
You can either use a GUI software manager like GNOME Software to view and apply
updates, the command-line tool or the system D-Bus interface directly.
</p>
<h2>Using GNOME Software</h2>
<p>
New versions of GNOME Software will show and auto-download pending updates automatically:
</p>
<a href="img/gnome-software1.png"><img alt="gnome-software updates panel" src="img/gnome-software1-thumb.png"/></a>
<p>
Double clicking on the <code>cab</code> file is also supported:
</p>
<a href="img/gnome-software2.png"><img alt="gnome-software updates panel" src="img/gnome-software2-thumb.png"/></a>
<h2>Using the command line</h2>
<p>
fwupd ships a command line <code>fwupdmgr</code> program.
This allows administrators to get the list of upgradable devices,
schedule offline updates or installing firmware on the live system.
</p>
<pre class="prettyprint">
$ fwupdmgr get-devices
Device: ro__sys_devices_pci0000_00_0000_00_1d_0_usb2_2_1_2_1_4_2_1_4_1_0
DisplayName: USB 3.0 VL812 B2 Hub
Provider: Udev
Guid: 26470009-97a8-4028-867a-bbbac6ee7bf0
Version: 9090
Internal: False
AllowOnline: False
AllowOffline: False
Device: ro__sys_devices_pci0000_00_0000_00_01_0_0000_01_00_0
DisplayName: Barts LE [Radeon HD 6790]
Provider: Udev
Guid: e9b8eebd-b5f8-18d4-9fbd-d7da7711985c
Version: 013.012.000.019.000000
Internal: False
AllowOnline: False
AllowOffline: False
Device: CHug-usb:00:01:04:04
DisplayName: ColorHugALS
Provider: ColorHug
Guid: 84f40464-9272-4ef7-9399-cd95f12da696
Version: 4.0.0
Internal: False
AllowOnline: True
AllowOffline: True
</pre>
<p>
You can see all the command line options using <code>--help</code>:
</p>
<pre class="prettyprint">
$ fwupdmgr --help
Usage:
fwupdmgr [OPTION…]
clear-results Clears the results from the last update
get-details Gets details about a firmware file
get-devices Get all devices that support firmware updates
get-results Gets the results from the last update
get-updates Gets the list of updates for connected hardware
install Install a firmware file on this hardware
update-offline Install the update the next time the computer is rebooted
update-online Install the update now
update-prepared Install prepared updates now
Help Options:
-h, --help Show help options
Application Options:
-v, --verbose Show extra debugging information
-f, --force Force the installation of firmware
</pre>
<h2>Using the D-Bus API</h2>
<p>
If there are supported devices available then the fwupd daemon will be
launched when queried for the first time.
This exports an interface that can be queried from any language with
a D-Bus binding such as C, Python or Java.
</p>
<a href="img/dbus.png"><img alt="d-feet screenshot" src="img/dbus.png"/></a>
<pre class="prettyprint">
$ $ gdbus call --system --dest org.freedesktop.fwupd --object-path / --method org.freedesktop.fwupd.GetDevices
({'ro__sys_devices_pci0000_00_0000_00_1d_0_usb2_2_1_2_1_4_2_1_4_1_0':
{'Vendor': <'VIA'>,
'Guid': <'26470009-97a8-4028-867a-bbbac6ee7bf0'>,
'DisplayName': <'USB 3.0 VL812 B2 Hub'>,
'Provider': <'Udev'>,
'Version': <'9090'>,
'Flags': <uint64 0>},
'ro__sys_devices_pci0000_00_0000_00_01_0_0000_01_00_0':
{'Vendor': <'Advanced Micro Devices, Inc. [AMD/ATI]'>,
'Guid': <'e9b8eebd-b5f8-18d4-9fbd-d7da7711985c'>,
'DisplayName': <'Barts LE [Radeon HD 6790]'>,
'Provider': <'Udev'>,
'RomFilename': <'/sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/rom'>,
'Version': <'013.012.000.019.000000'>,
'Flags': <uint64 0>},
'CHug-usb:00:01:04:04':
{'Guid': <'84f40464-9272-4ef7-9399-cd95f12da696'>,
'DisplayName': <'ColorHugALS'>,
'Provider': <'ColorHug'>,
'Version': <'4.0.0'>,
'Flags': <uint64 6>}},)
</pre>
<h2>Security</h2>
<p>
By default, any users are able to install firmware to removable hardware.
The logic here is that if the hardware can be removed, it can easily be moved to
a device that the user already has root access on, and asking for authentication
would just be security theatre.
</p>
<p>
For non-removable devices, e.g. UEFI firmware, admin users are able to update
trusted firmware without the root password.
By default, we already let admin user and root update glibc and the kernel
without additional authentication, and these would be a much easier target to backdoor.
The firmware updates themselves are signed and have a checksum, and the metadata
describing this checksum is provided by the distribution either as
GPG-signed repository metadata, or installed from a package, which is
expected to also be signed.
</p>
<h2>User Interaction</h2>
<p>
No user interaction should be required when actually applying updates.
Making it prohibited means we can do the upgrade with a fancy graphical
splash screen, without having to worry about locales and input methods.
Updating firmware should be no more dangerous than installing a new kernel
or glibc package.
</p>
<p><a href="index.html">Go back to the main page</a></p>
<p class="footer">
Copyright <a href="mailto:richard@hughsie.com">Richard Hughes 2015</a>
</p>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink