Send in your ideas. Deadline October 1, 2024
Source code :
More info available :
Theme fund: NGI0 Discovery
Start: 2020-10
End: 2020-10
More projects like this
Operating Systems


Automatic Firmware updates for BSD operating systems

Security holes in the equipment we run are discovered all the time, and firmware is continuously upgraded as a result. But how do users discover what they need to upgrade to protect themselves? The goal of the "fwupd/LFVS integration in the BSD distributions" is to reuse the effort done by the fwupd/LVFS project and make it available in the BSD-based systems as well. The fwupd is available on Linux-based systems since 2015. It is an open-source daemon for managing the installation of firmware updates from LVFS. The LVFS (Linux Vendor Firmware Service) is a secure portal which allows hardware vendors to upload firmware updates. Over the years, some major hardware vendors (e.g. Dell, HP, Intel, Lenovo) have been uploading their firmware images to the LVFS so they can be later installed on the Linux-based systems. The integration of the fwupd in the BSD-based systems would allow reusing the well-established infrastructure so more users can take advantage of it.

Why does this actually matter to end users?

Most users rely on antivirus programs to keep their system and important data safe and private. Visited sites, downloaded files, email coming in and out, everything should pass through a digital border control that keeps malware and spyware out. Perform a complete system scan every other month and most users will be reassured: I am safe.

The truth is that there is more than one way into your system and not every backdoor is properly protected. Attackers can also target the most fundamental software on your device, which is also known as firmware. A common example is the BIOS or Basic Input/Output System that every computer has to boot up and load the operating system. Accessing the BIOS and installing malicious software on such a fundamental level gives attackers far-reaching control over a system (which is why it is used for ransomware) and the user usually does not even realize it. And updating their BIOS probably is not something they do (if they are even aware of it at all). That is unfortunate, because a number of hardware vendors do put out updates for their firmware that you can update your computer with.

To make firmware updating more commonplace, you should simply get a notification that you need to get the latest update. That is what this project aims to do for a widely used firmware update effort for Linux-based operating systems. This way users outside of the more experienced small clique of hardware geeks can also be sure their device is trustworthy, from the software they actually run to the programs that start everything up and keep their system going. As Linux-based systems are used everywhere and sometimes perform vital functions to local and wider area networks, a straightforward project like this can actually contribute to a more resilient and reliable global internet.

Security should not be a black box. Instead, users should be able to choose from plug & play solutions that work together nicely and cover most if not all exits in their systems. Or they should have a one-stop-shop solution, a big green button they can press for total security.

Run by 3mdeb Embedded Systems Consulting

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.