I recently bought myself a 2nd hand Lenovo & have Manjaro with full-disk encryption. I’m reading up on using “fwupd” but I cannot work out how to do it with an encrypted system. If anyone has done this before or has any guidance, I’d really appreciate it.
I fail to see the benefit of the second option. It’s just updating the firmware from Linux, so why not just use your installed manjaro? The issue is a secure boot OS that is tied to bios, and only way to make that work is to do the install from inside the secure boot OS, and if you have two such installed, one of them will need manual intervention.
Having FDE enabled may hinder even to update your firmware. Some vendors offer USB sticks and update functions within your UEFI, others rely on tools like fwupd, but that might need some sort of access to your disk to get the firmware into RAM before flashing. Finding out how that all works may take longer than having a LiveCD around for just doing what you want to do: updating your firmware.
The possible issue here is if OP has windows and manjaro with FDE and windows fails after upgrade via manjaro. Only way to prevent this is to upgrade via windows, or provide encryption key to windows after upgrading via manjaro.
If he does not have FDE windows, then running fwupd should take care of the problem directly. No matter if manjaro install is FDE or not.
Thanks @philm for the suggestions. I booted via Live USB & ran fwupdmgr get-devices, refresh & update. It then asked me to reboot & it updated the BIOS. When back in the system, I checked for needed firmware updates & it all looks up-to-date. I’m not sure how it worked but it seems fine to me. Thanks all…