diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd
index 9ac0e21e..b6ef68b0 100644
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@@ -31,6 +31,10 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
   capability sys_rawio,
   capability syslog,
 
+  network inet dgram,
+  network inet stream,
+  network inet6 dgram,
+  network inet6 stream,
   network netlink raw,
 
   #aa:dbus own bus=system name=org.freedesktop.fwupd path=/
@@ -54,6 +58,7 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
   @{bin}/gpgsm       rCx -> gpg,
 
   /usr/share/fwupd/{,**} r,
+  /usr/share/hwdata/*.ids r,
   /usr/share/mime/mime.cache r,
 
   /etc/fwupd/{,**} rw,
@@ -83,15 +88,20 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
   @{sys}/**/ r,
   @{sys}/devices/** r,
 
+  @{sys}/bus/hid/drivers/*/uevent r,
+  @{sys}/bus/usb/drivers/usbhid/uevent r,
   @{sys}/firmware/acpi/** r,
   @{sys}/firmware/dmi/tables/DMI r,
   @{sys}/firmware/dmi/tables/smbios_entry_point r,
   @{sys}/firmware/efi/** r,
-  @{sys}/firmware/efi/efivars/BootNext-@{uuid} rw,
   @{sys}/firmware/efi/efivars/Boot@{hex}-@{uuid} rw,
+  @{sys}/firmware/efi/efivars/BootNext-@{uuid} rw,
   @{sys}/firmware/efi/efivars/fwupd-* rw,
   @{sys}/kernel/security/lockdown r,
-  @{sys}/kernel/security/tpm[0-9]/binary_bios_measurements r,
+  @{sys}/kernel/security/tpm@{int}/binary_bios_measurements r,
+  @{sys}/module/*/uevent r,
+  @{sys}/module/uhid/uevent r,
+  @{sys}/module/usbhid/uevent r,
   @{sys}/power/mem_sleep r,
 
   @{att}/@{run}/systemd/inhibit/@{int}.ref rw,