Hello, I’m wondering if I should use the Linux-libre kernel or if I should stay with the stock Linux kernel. I do want to remain 100% FOSS and have Libreboot installed, but, does it really matter if I use the stock kernel or not? Can the blobs from the stock kernel be a vulnerbility? My only reason for wanting to stay with the stock kernel is because its better maintained and gets audited more. But I’m really just worried about the blobs, can they do anything?
Since you are already using Libreboot, you already have (proprietary) microcode updates installed. So I think it shouldn’t be a security disaster with Linux-libre (that assumes that you keep your Libreboot updated). Worst thing that would happen is that your hardware won’t work. That’s also the best thing that will happen. The blobs are just firmware that gets loaded on a device that needs it. If you have the device, it won’t work without blobs. If you don’t have it, the firmware is not loaded so the outcome is not that different from regular linux. And also reading from comments there are some blobs for enabling DRM content. I guess that’s not mandatory.
Though imo Linux-libre is pointless. For noobs it’s a potential security disaster and skilled users would be better off compiling their own kernel with just the features they need to reduce attack surface.
If your hardware supports linux-libre and you don’t consume DRM content (If you don’t know. Widevine is the cause), it’s better to use that. If not, then you can use Debian/LMDE which can only use the blobs your hardware requires.
My only reason for wanting to stay with the stock kernel is because its better maintained and gets audited more
linux-libre used by Trisquel GNU+Linux which used by FSF. So don’t worry.
Can the blobs from the stock kernel be a vulnerbility?
This is not the thing to worry about. Vulnerability is normal because we are human. What is worrying is that blobs are non-libre and you are dependent on the blob developer to care. If the blob developer cares, then great. If not, then you are done. Also, this is a matter of trust. We cannot know what blobs are doing because they are non-libre.
if you want to be fully foss then sure but you’ll probably find shit works less reliably with it. ymmv
Sure if your hardware works to your satisfaction with it. The only way to know is to try it yourself. You can test it with a Trisquel liveusb.
i personally wouldn’t use it as it’s more inconvenient. also i suggest probably go outside /hj
only the truly ascetic stallman monks can main libre stuff
Do you use Netflix or other services/products with DRM?
That’s your answer.
Beside this service (which I’m not using), any other? I briefly looked for a list but couldn’t find one.
I’m highlighting a contradiction in what you’re asking.
You’re asking whether you should use a ‘pure’ Linux kernel but using ‘dirty’ stuff everywhere else?
It’s not a great flex, but the whole thing about Linux is that you can choose to do what you want with no restrictions.
Have at it! Enjoy!
I’m confused, are you talking to me or OP? I didn’t ask which kernel anyone “should” use. I asked about which software does rely on a specific feature that you mentioned, namely DRM. Please clarify.
If you hardware is compatible, go for it !
No.
If you have a wireless card (or don’t need wireless) capable of working with Linux Libre, then by all means use it. There is no technological advantage to using Linux-Libre. There are principle advantages. I say this as someone who uses Linux-Libre on my Gentoo laptop (and maintains an overlay with an ebuild for Linux-Libre).
Unless you know what it is and have REALLY strong feelings about that, nope. You wouldn’t be here asking otherwise. You’re fine.
Hello! It’s great that you’re committed to libre software principles and already using Libreboot.
Proprietary blobs in the kernel.org Linux kernel can indeed pose risks. These blobs are nonfree, meaning they can’t be audited or modified by the community. This leaves users dependent on vendors, and there’s always the potential for vulnerabilities or backdoors. Linux-libre removes these blobs entirely, ensuring your system runs only software that respects your freedom and can be fully audited.
While the stock kernel benefits from frequent updates and broad testing, Linux-libre is a downstream fork of Linux. This means it incorporates all technical improvements, bug fixes, and security patches from the stock kernel, minus the proprietary blobs. You get the best of both worlds: security and freedom.
A quick note about Libreboot: while it strived to be 100% free in the past, many devices still rely on proprietary components like microcode updates. If you’re aiming for full transparency, it’s worth checking if your hardware depends on these since Libreboot did chose to make compromises and support them with nonfree blobs. This don’t lessen its value, as the project still makes the computing world more free, but it’s something to consider as Libreboot is not entirely libre anymore for every board. For instance, every computer it supports has now nonfree microcode updates. You may consider using Canoeboot or GNU Boot instead.
Ok but Linux-libre does not solve the security risk. It just makes hardware not work. You might as well say that any kernel module is a security risk (be it Free or proprietary) and it’s better to turn it off.
Also unlike the blobs which “can cause risks”, Linux-libre causes risks. It removes proprietary microcode updates. So the outdated (also proprietary) microcode installed on your computer leaves you vulnerable to things like Spectre.
This is potentially not an issue if OP uses ARM for example but using Linux-libre for security reasons is a really bad joke.
Depends on your hardware and distro. Linux-libre not be so bad assuming it’s one of those old Thinkpads. Also, though, if you’re on Debian; they deblob their kernel already and put the blobs in separate packages so they can be optionally used. Don’t install any blobs and you’re good.
I was learning what they are actually and I don’t see any point of using linux-libre.Nowdays Linux kernel loading firmware for device from packages called “linux-firmware” technically is binary files located in ur filesystem.Linux libre project just removing mechanism of loading firmware dynamically,does it make device free? No they just don’t work.Devices which work with linux-libre for example WiFi dongles contains already firmware on WiFi chip itself and not loading from ur computer.In fact u even loosing security patches from vendors which u can get as updates for all devices.Linux libre project even removing warning about that u are u are using vulnerable firmware.Blobs which now located in kernel code itself is header files with some amount of arrays number arrays.Also not all firmware files works in once,kernel loading only needed one for hardware installed in computer right now So in conclusion I would not use such kernel,problem not in kernel ,problem that vendors don’t share source code for devices.Project linux libre not okay with dynamically loading firmware from filesystem buy they are okay with firmware which installed on devices which work without dynamically loading.It’s weird and sounds hypocrisy
I understand your perspective, but I think there’s a deeper context to consider about Linux-libre. The project’s goal isn’t just about making hardware work or not. It’s about promoting software freedom and raising awareness of the reliance on proprietary firmware, and help people to be certain that never nonfree software is installed on hardware without them knowing.
Yes, Linux-libre disables dynamic firmware loading, which can render some devices non-functional. But that’s not a flaw in Linux-libre itself; it reflects the larger issue that many hardware vendors don’t provide free firmware. Linux-libre isn’t against firmware per se, but it draws a line against proprietary blobs to encourage transparency and community-driven solutions. It tolerates non-updatable on-device firmware because it’s unavoidable for now (pragmatism), but the ultimate aim is to promote hardware that doesn’t rely on non-free programs at all.
Regarding security patches, it’s true that proprietary firmware can bring updates, but it also comes with risks: you can’t audit or modify it, and you depend entirely on the vendor. With free firmware, the community can audit and improve it openly, creating more trustworthy systems.
However, when it comes to assert that Linux-libre removes warnings about the use of vulnerable firmware, well, this claim lacks specific evidence. The Linux-libre project focuses on removing proprietary components and does not typically alter security warnings related to firmware. In fact there usually is a “Missing free firmware” message that you can find reading dmesg output.
So, while Linux-libre might not be for everyone, it’s more than a technical project. This is an ethical stance for a freer and more transparent computing future. If anything, it highlights the real issue: the need for manufacturers to provide free firmware.
Use whatever works for you. Perfect is the enemy of good. If there was anything better or just as good as free software as the few blobs that are in there they would be replaced since blobs are a pain to work around.
