Index: fwupd-1.9.10/data/motd/fwupd-refresh.service.in
===================================================================
--- fwupd-1.9.10.orig/data/motd/fwupd-refresh.service.in
+++ fwupd-1.9.10/data/motd/fwupd-refresh.service.in
@@ -14,5 +14,13 @@ SystemCallFilter=~@mount
 ProtectKernelModules=yes
 ProtectControlGroups=yes
 RestrictRealtime=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+# end of automatic additions 
 SuccessExitStatus=2
 ExecStart=@bindir@/fwupdmgr refresh