Hardware Vendors

This service should only be used to distribute files that are flashed onto non-volatile memory. There is no charge to vendors for the hosting or distribution of content.

Do I have to contribute any code?

No, unless you're using a custom update protocol that fwupd does not already support. In this case you can either write a new plugin with a free license, or provide specifications to the fwupd developers. Most hardware can be updated using the existing UEFI UpdateCapsule or DFU code in fwupd.

Upload Firmware

Once you have requested an account on the LVFS and have legal permission to redistribute the firmware, you can log in and upload files using the admin console. Files can be uploaded privately for testing and optionally embargoed until a specific date.

All firmware is uploaded as a cabinet archive, which matches the Microsoft Update requirements. Along with the firmware binary, the LVFS expects the archive to contain at least one .metainfo.xml file that describes the target device and firmware. You can create a cabinet archives using makecab.exe on Windows and gcab on Linux.

It is recommended you name the archive with the vendor, device and version number, e.g. hughski-colorhug-als-1.2.3.cab and is suggested that the files inside the cab file have the same basename, for example:

cabinet archive example
Files inside a typical archive
Why does the LVFS project sign the archive?

The upload process repacks the uploaded archive into a new cabinet file and signs the firmware image using a detached GPG or PKCS#7 signature so client tools can be sure the firmware actually originated from the LVFS. Any existing Windows Update signatures are also copied into the new archive although are not used on Linux. The signed archive is prefixed with the hash of the uploaded file to avoid clashes with other uploaded files and to make the download location non-predictable.

Can I restrict downloads from embargoed and sanctioned countries?

The LVFS administrator can configure the policy for all firmware owned by the vendor to be blocked from download in embargoed or otherwise sanctioned countries.

The blocked ISO 3166 country codes can also be specified in the firmware itself, using the LVFS::BannedCountryCodes metadata key.

By Richard Hughes © 2015-2019

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter