fwupdtool

Display all devices detected by fwupd

$ fwupdtool get-devices

$ fwupdtool install [path/to/firmware]

$ fwupdtool [[-h|--help]]

fwupdtool [OPTION...] COMMAND [ARG...]

-h, --help
    Print help and exit

--version
    Print version information

-v, --verbose
    Increase verbosity, repeat for more detail

--json
    Output in JSON format for scripting

--force
    Force the requested operation

--allow-older
    Allow installing older firmware versions

--allow-reinstall
    Allow reinstalling existing firmware

--no-reboot
    Do not automatically reboot after update

--one-shot
    Do not daemonize or background

devices
    Get all devices

get-updates
    Get available firmware updates

update
    Download and update firmware

refresh
    Refresh update metadata from LVFS

get-history
    Show firmware update history

security
    Show device security attributes

status
    Show daemon status

remote-list
    List configured remotes

clear-results
    Clear update results

fwupdtool is the advanced command-line tool for interacting with the fwupd firmware update daemon on Linux. It allows querying hardware devices with updatable firmware, fetching metadata from the Linux Vendor Firmware Service (LVFS), downloading update capsules (CAB files), verifying signatures, applying updates, and managing update history.

Designed for scripting and automation, it supports JSON output and offline operations. Common tasks include listing devices, checking for updates, and installing firmware securely with cryptographic verification. It handles diverse hardware like UEFI capsules, embedded controllers, GPUs, and peripherals from vendors such as Dell, Lenovo, and Intel.

Unlike the simpler fwupdmgr, fwupdtool exposes full daemon capabilities, including remote repository management, security attribute checks, and forced operations. Requires the fwupd service running, often triggered via D-Bus. Updates are staged to avoid boot failures, with optional reboots. Integrates with package managers for metadata refreshes.

Requires fwupd daemon active and polkit for privileged actions.
Network needed for LVFS metadata; use offline CABs for air-gapped systems.
Some devices require reboot; updates may fail on unsupported hardware.

Download CAB files manually, then fwupdtool install [--allow-older] file.cab for disconnected environments.
Verify with fwupdtool validate file.cab.

Configure custom remotes: fwupdtool remote-add --remote myremote --url https://example.com.
Disable with remote-disable.

fwupdtool security reports device Taints and attrs like TPM2, SecureBoot. Fixes via security-fixup.

Developed by Richard Hughes (Red Hat/GNOME) from 2015 to standardize Linux firmware updates via LVFS. fwupdtool debuted in fwupd 1.0 (2017); evolved with UEFI support, JSON APIs, and security checks. Superseded by fwupdmgr for end-users in later versions.

fwupdmgr(1), fwupd(8), pkexec(1)