LVFS Imposes New Restrictions as Vendor Support Lags Behind
The Linux Vendor Firmware Service (LVFS) has begun enforcing strict usage limits on hardware vendors who rely on its infrastructure but fail to contribute financially. As of April 1, 2026, any vendor exceeding 50,000 monthly downloads now sees an overquota warning on their firmware pages.
“We can no longer sustain a free service for everyone when only two companies are paying for it,” said Richard Hughes, the project’s sole full-time developer. “This is about survival.”
Background
LVFS delivers firmware updates to over 20,000 files from 150 vendors. It has shipped more than 140 million updates to Linux users, making it essential for OEMs, ODMs, and BIOS vendors.
Yet the project runs on a threadbare budget. Red Hat funds Hughes; the Linux Foundation covers hosting. There is no dedicated security response team and no backup for Hughes. “Critical vulnerabilities are handled on a best-effort basis,” the project’s sustainability plan states.
Since April 2025, LVFS has rolled out phased restrictions: download graphs, upload tracking, and sponsorship tiers. The April 2026 phase—now live for four weeks—also removes detailed analytics for vendors below the “Startup” sponsorship level ($10,000/year).
What This Means
Without new contributors, LVFS risks service degradation. The project needs either $400,000 to hire two full-time engineers or $30,000 for hosting costs. Currently only Framework Computer and the Open Source Firmware Foundation hold Startup status.
“If every company that depends on LVFS simply used it without giving back, the service will collapse,” Hughes warned. “We’re turning up the heat now to avoid that future.”
Sponsorship Tiers (Effective Immediately)
- Premier: $100,000/year – requires LF Silver Membership
- Startup: $10,000/year (under 99 employees) – requires LF Silver Membership
- Associate: Free – only for registered non-profits, academic institutions, and government entities
No free option remains for commercial hardware vendors. By December 2026, automated upload limits will also kick in for non-sponsors.
Urgent Call to Action
LVFS is pleading with vendors to review the background and step up. “We’re not trying to punish anyone,” Hughes said. “We just need the ecosystem to recognize that this infrastructure isn’t free.”
For details on joining, visit the sponsorship tiers above.