The .metainfo.xml file describes the device and firmware and is extra metadata added to the firmware archive by the OEM or ODM. The file is XML format, and uses a subset of the AppStream component specification.

An example metainfo.xml file looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright 2018 Richard Hughes <> -->
<component type="firmware">
  <summary>Firmware for the Hughski ColorHug Ambient Light Sensor</summary>
      Updating the firmware on your ColorHugALS device improves performance and
      adds new features.
    <firmware type="flashed">84f40464-9272-4ef7-9399-cd95f12da696</firmware>
  <url type="homepage"></url>
  <developer_name>Hughski Limited</developer_name>
    <release urgency="high" version="3.0.2" date="2017-02-09" install_duration="120">
    <checksum filename="my-custom-name.bin" target="content"/>
        <p>This stable release fixes the following bugs:</p>
          <li>Fix the return code from GetHardwareVersion</li>
          <li>Scale the output of TakeReadingRaw by the datasheet values</li>
  <!-- we can optionally restrict this update to specific fwupd versions,
       or even previous firmware or bootloader versions -->
    <id compare="ge" version="0.8.0">org.freedesktop.fwupd</id>
    <firmware compare="ge" version="0.1.2"/>
    <firmware compare="ge" version="0.3.4">bootloader</firmware>
  <!-- these keywords are optional and are used for searching -->

Which GUID Do I Use?

GUID means 'Globally Unique Identifier' and is a 128-bit integer number used to identify a device. GUIDs are often formatted as strings such as 84f40464-9272-4ef7-9399-cd95f12da696. Another name for GUID is UUID ('Universally Unique Identifier') and the two terms can be used interchangably.

In fwupd the GUID is generated from the DeviceInstanceId strings, so for a single USB device the GUIDs would be generated like this:

$ python
>>> import uuid
>>> print uuid.uuid5(uuid.NAMESPACE_DNS, 'USB\VID_0A5C&PID_6412&REV_0001')
>>> print uuid.uuid5(uuid.NAMESPACE_DNS, 'USB\VID_0A5C&PID_6412')
>>> print uuid.uuid5(uuid.NAMESPACE_DNS, 'USB\VID_0A5C')

or, using appstream-glib:

$ appstream-util generate-guid "USB\VID_0A5C&PID_6412&REV_0001"

This allows the vendor to choose the GUID for what should match; to match on the vendor+product+revision you'd choose the first one, and the vendor+device you would use the second. We only really use the third GUID for fixing a vendor name, or other very broad quirks that apply to all USB devices from a specific vendor.

In the case for PCI devices and other technologies like NVMe, you can dump the GUIDs generated by fwupd using this tool:

sudo /usr/libexec/fwupd/fwupdtool --plugin-whitelist nvme get-devices --verbose
using e22c4520-43dc-5bb3-8245-5787fead9b63 for NVME\VEN_1179&DEV_010F&REV_01
using 83991323-9951-5adf-b743-d93e882a41e1 for NVME\VEN_1179&DEV_010F
using ad9fe8f7-cdc4-52c9-9fea-31b6f4988ffa for NVME\VEN_1179

More details about the GUID generation scheme used in each plugin can be found in the file in each plugin directory.

Can I match more than one GUID?

Metainfo files can contain as many lines of <firmware type="flashed"> as required and any device with any of the GUIDs will match the firmware file.