Home / Linux / System76 Launches A Graphical Firmware Manager Compatible With LVFS, All Ubuntu And Debian Distros

System76 Launches A Graphical Firmware Manager Compatible With LVFS, All Ubuntu And Debian Distros

Firmware is kind of a big deal, but the Linux community is somewhat divided on how firmware updates should be obtained and installed. Most major Linux distributions and hardware vendors have embraced the combination of LVFS (Linux Vendor Firmware Service) and the command-line based fwupd tool. System76 has deviated from this path for security reasons, but now the company behind Pop!_OS has introduced its Firmware Manager Project that takes its existing modern GTK-based graphical approach and makes it compatible with all Ubuntu and Debian-based distributions.

The System76 Firmware Manager panel inside GNOME Settings on Pop!_OS 19.04

Jason Evangelho

System76 already has a GTK-based graphical tool for updating firmware, but it’s tied to the Pop Shop application center, and until now only delivers updates for System76 hardware like the Oryx Pro or Thelios desktop.  The latest Pop!_OS system update adds the new Firmware Manager right into GNOME Settings, and it’s pretty slick. But why is System76 doing this?

In the companion forum thread to Phoronix’ coverage of this news, System76 Engineer Michael Aaron Murphy chimed in with an explanation:

“This is about making firmware updates accessible to all end users, regardless of their choice of Linux distribution or desktop environment,” Murphy says. “We don’t really see application centers as being the place for firmware updates on our desktop, and anyone who happens to be on a distribution without one of the supported application centers can only get firmware updates if they manually check for them on a command line. That’s simply not good enough. So here we offer a solution which can exist on its own, separate from any application center, and which can be easily integrated into any other solution, if you’d like to add a firmware update section in your application.”

An example of the Firmware Manager GTK Widget

System76

It’s a logical approach, and as someone focused on usability and elegantly onboarding all new Linux users, I think a graphical interface for updating firmware just makes sense.

In order to benefit the larger Linux ecosystem, System76 has designed the Firmware Manager to be tookit-agnostic, although any frontend interaction will require Rust. The company also notes that its GTK widget can be implemented into any Ubuntu and Debian-based distributions not using GNOME. Critically, it supports both LVFS updates via fwupd as well as system76-firmware. It’s also Wayland-compatible.

You can view the full project notes and source code here.


On a related note, if you’re interested in why System76 uses its own firmware update service, I covered that earlier this year when the Asus “Shadowhammer” malware attack was making the rounds. Here’s the relevant excerpt, detailing the decidedly Blockchain-inspired approach.

Firmware updates are an often overlooked — but easily manipulated — potential attack source. One of my favorite Linux distributions, Pop!_OS, uses the power of blockchain to ensure that the firmware updates being delivered to its users have no possible way of being manipulated. And they take an amazing approach to their server setup.

“Firmware updates are delivered using a build server, which contains the new firmware, and a signing server, which verifies that the new firmware came from inside the company,” writes parent company System76. “The two servers are only connected via a serial cable. The lack of a network between the two means that one server cannot be accessed if entry is achieved through the other server.”

System76 sets up multiple build servers alongside that primary one. For a firmware update to be verified, it must be identical on all servers. “If even one build server contains a compromised firmware update, this update cannot proceed to signing and will not be delivered to our customers,” System76 says.


>> Source Link

Loading...

Check Also

How to back up a local Linux directory to a remote Linux host with rsync

If you need a flexible means of backing up data on a Linux server, rsync …