Howdy,
So, I did some browsing across this forum and some research in other places, and I realized that for a long time, it never occurred to me that the firmware running on my storage devices such as my portable HDDs, SSDs, and USB flash drives might be updatable. I immediately checked fwupd on my Linux systems, and for external drives, it doesn’t show anything.
Is there perhaps a guide or something of the like that could help me out with this? My portable storage drives range from Samsung to Sandisk to Crucial, and there isn’t much info for updating them on Linux.
You usually can’t update the drive firmware on Linux. The proprietary software necessary to do this usually only comes for Windows and, if you’re lucky, macOS.
I see. Would it be worth the risk to boot into a live Windows USB and update the firmware for each of my devices? I don’t know what the risk is of my personal data being compromised. Though, all my drives are encrypted on the software level.
Any thoughts on my reply? Anyways appreciate you being the only person that at least took the time to answer my post.
some vendors have bootable images specifically for updating firmware of a given drive
if they don’t and support linux just use ubuntu live, if they only support windows, a pe image like hirens bootcd can often get the job done
please do not attempt to update firmware of any devices connected via non-first party enclosures, that can lead to brick
more generally, I do strongly recommend updating firmware of drives if possible, they can have valuable fixes/improvements
also please always backup the contents before doing such updates
@SkewedZeppelin once you mentioned the following “If you do use secure boot, be sure to use fwupd to actually install an updated key database. This will disable know bad/leaked keys.”
Does this means that if one updates the firmware via the Windows live option in a hypothetical situation that you are handling a laptop that don’t have fwupd updates from the vendor, that it won’t handle the key database in the secure boot where the fwupd would do?
No, the fwupd secure boot database update is an entirely separate operation. This is offered independently and separately from any motherboard or disk firmware updates.
So, just to confirm to make sure that I got it right. Since this a separate operation are we saying that doing the firmware update via Windows would also handle the update of the key database as well?
Motherboard UEFI firmware updates should take care of the Secure Boot database update, assuming your motherboard vendor is doing their due diligence.
If your motherboard’s Secure Boot dbx version is lower than fwupd’s, fwupd will offer to update the Secure Boot dbx, regardless of whether your manufacturer publishes motherboard firmware to LVFS (the fwupd servers).
Disk firmware (the topic of this thread) is completely separate from motherboard firmware.
2 Likes