Hello, I’m wondering if I should use the Linux-libre kernel or if I should stay with the stock Linux kernel. I do want to remain 100% FOSS and have Libreboot installed, but, does it really matter if I use the stock kernel or not? Can the blobs from the stock kernel be a vulnerbility? My only reason for wanting to stay with the stock kernel is because its better maintained and gets audited more. But I’m really just worried about the blobs, can they do anything?
Hello! It’s great that you’re committed to libre software principles and already using Libreboot.
Proprietary blobs in the kernel.org Linux kernel can indeed pose risks. These blobs are nonfree, meaning they can’t be audited or modified by the community. This leaves users dependent on vendors, and there’s always the potential for vulnerabilities or backdoors. Linux-libre removes these blobs entirely, ensuring your system runs only software that respects your freedom and can be fully audited.
While the stock kernel benefits from frequent updates and broad testing, Linux-libre is a downstream fork of Linux. This means it incorporates all technical improvements, bug fixes, and security patches from the stock kernel, minus the proprietary blobs. You get the best of both worlds: security and freedom.
A quick note about Libreboot: while it strived to be 100% free in the past, many devices still rely on proprietary components like microcode updates. If you’re aiming for full transparency, it’s worth checking if your hardware depends on these since Libreboot did chose to make compromises and support them with nonfree blobs. This don’t lessen its value, as the project still makes the computing world more free, but it’s something to consider as Libreboot is not entirely libre anymore for every board. For instance, every computer it supports has now nonfree microcode updates. You may consider using Canoeboot or GNU Boot instead.
Ok but Linux-libre does not solve the security risk. It just makes hardware not work. You might as well say that any kernel module is a security risk (be it Free or proprietary) and it’s better to turn it off.
Also unlike the blobs which “can cause risks”, Linux-libre causes risks. It removes proprietary microcode updates. So the outdated (also proprietary) microcode installed on your computer leaves you vulnerable to things like Spectre.
This is potentially not an issue if OP uses ARM for example but using Linux-libre for security reasons is a really bad joke.
i personally wouldn’t use it as it’s more inconvenient. also i suggest probably go outside /hj
I was learning what they are actually and I don’t see any point of using linux-libre.Nowdays Linux kernel loading firmware for device from packages called “linux-firmware” technically is binary files located in ur filesystem.Linux libre project just removing mechanism of loading firmware dynamically,does it make device free? No they just don’t work.Devices which work with linux-libre for example WiFi dongles contains already firmware on WiFi chip itself and not loading from ur computer.In fact u even loosing security patches from vendors which u can get as updates for all devices.Linux libre project even removing warning about that u are u are using vulnerable firmware.Blobs which now located in kernel code itself is header files with some amount of arrays number arrays.Also not all firmware files works in once,kernel loading only needed one for hardware installed in computer right now So in conclusion I would not use such kernel,problem not in kernel ,problem that vendors don’t share source code for devices.Project linux libre not okay with dynamically loading firmware from filesystem buy they are okay with firmware which installed on devices which work without dynamically loading.It’s weird and sounds hypocrisy
I understand your perspective, but I think there’s a deeper context to consider about Linux-libre. The project’s goal isn’t just about making hardware work or not. It’s about promoting software freedom and raising awareness of the reliance on proprietary firmware, and help people to be certain that never nonfree software is installed on hardware without them knowing.
Yes, Linux-libre disables dynamic firmware loading, which can render some devices non-functional. But that’s not a flaw in Linux-libre itself; it reflects the larger issue that many hardware vendors don’t provide free firmware. Linux-libre isn’t against firmware per se, but it draws a line against proprietary blobs to encourage transparency and community-driven solutions. It tolerates non-updatable on-device firmware because it’s unavoidable for now (pragmatism), but the ultimate aim is to promote hardware that doesn’t rely on non-free programs at all.
Regarding security patches, it’s true that proprietary firmware can bring updates, but it also comes with risks: you can’t audit or modify it, and you depend entirely on the vendor. With free firmware, the community can audit and improve it openly, creating more trustworthy systems.
However, when it comes to assert that Linux-libre removes warnings about the use of vulnerable firmware, well, this claim lacks specific evidence. The Linux-libre project focuses on removing proprietary components and does not typically alter security warnings related to firmware. In fact there usually is a “Missing free firmware” message that you can find reading dmesg output.
So, while Linux-libre might not be for everyone, it’s more than a technical project. This is an ethical stance for a freer and more transparent computing future. If anything, it highlights the real issue: the need for manufacturers to provide free firmware.
only the truly ascetic stallman monks can main libre stuff
No.
