How to update firmware with full disk encryption system?

Hi there.

I recently bought myself a 2nd hand Lenovo & have Manjaro with full-disk encryption. I’m reading up on using “fwupd” but I cannot work out how to do it with an encrypted system. If anyone has done this before or has any guidance, I’d really appreciate it.

Thanks a lot.


Maybe this will help: Full Disk Encryption Detected · fwupd/fwupd Wiki · GitHub

Having FDE enabled might be a gamble. You can also bypass your encrypted OS and use a live ISO: Updating Firmware With A Linux Live CD: A Quick And Easy Solution – Systran Box

Thanks @philm - I will look into both of these links. The 2nd option looks like it might be a bit easier. Much appreciated, R

I fail to see the benefit of the second option. It’s just updating the firmware from Linux, so why not just use your installed manjaro? The issue is a secure boot OS that is tied to bios, and only way to make that work is to do the install from inside the secure boot OS, and if you have two such installed, one of them will need manual intervention.

Do you have any error message?

Having FDE enabled may hinder even to update your firmware. Some vendors offer USB sticks and update functions within your UEFI, others rely on tools like fwupd, but that might need some sort of access to your disk to get the firmware into RAM before flashing. Finding out how that all works may take longer than having a LiveCD around for just doing what you want to do: updating your firmware.

Am i misunderstanding something? If you run fwupd from your installed system, it has access to everything, much more so than some install environment started from USB.

It depends what it will update. If it wants to update the firmware of your SSD, it can’t be currently mounted.

sure, but that has nothing to do with FDE

The possible issue here is if OP has windows and manjaro with FDE and windows fails after upgrade via manjaro. Only way to prevent this is to upgrade via windows, or provide encryption key to windows after upgrading via manjaro.

If he does not have FDE windows, then running fwupd should take care of the problem directly. No matter if manjaro install is FDE or not.

Thanks @philm for the suggestions. I booted via Live USB & ran fwupdmgr get-devices, refresh & update. It then asked me to reboot & it updated the BIOS. When back in the system, I checked for needed firmware updates & it all looks up-to-date. I’m not sure how it worked but it seems fine to me. Thanks all…

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.