Hello, I’m wondering if I should use the Linux-libre kernel or if I should stay with the stock Linux kernel. I do want to remain 100% FOSS and have Libreboot installed, but, does it really matter if I use the stock kernel or not? Can the blobs from the stock kernel be a vulnerbility? My only reason for wanting to stay with the stock kernel is because its better maintained and gets audited more. But I’m really just worried about the blobs, can they do anything?

  • neox_@sh.itjust.works
    link
    fedilink
    Français
    arrow-up
    6
    arrow-down
    2
    ·
    9 months ago

    Hello! It’s great that you’re committed to libre software principles and already using Libreboot.

    Proprietary blobs in the kernel.org Linux kernel can indeed pose risks. These blobs are nonfree, meaning they can’t be audited or modified by the community. This leaves users dependent on vendors, and there’s always the potential for vulnerabilities or backdoors. Linux-libre removes these blobs entirely, ensuring your system runs only software that respects your freedom and can be fully audited.

    While the stock kernel benefits from frequent updates and broad testing, Linux-libre is a downstream fork of Linux. This means it incorporates all technical improvements, bug fixes, and security patches from the stock kernel, minus the proprietary blobs. You get the best of both worlds: security and freedom.

    A quick note about Libreboot: while it strived to be 100% free in the past, many devices still rely on proprietary components like microcode updates. If you’re aiming for full transparency, it’s worth checking if your hardware depends on these since Libreboot did chose to make compromises and support them with nonfree blobs. This don’t lessen its value, as the project still makes the computing world more free, but it’s something to consider as Libreboot is not entirely libre anymore for every board. For instance, every computer it supports has now nonfree microcode updates. You may consider using Canoeboot or GNU Boot instead.

    • TMP_NKcYUEoM7kXg4qYe@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      9 months ago

      Ok but Linux-libre does not solve the security risk. It just makes hardware not work. You might as well say that any kernel module is a security risk (be it Free or proprietary) and it’s better to turn it off.

      Also unlike the blobs which “can cause risks”, Linux-libre causes risks. It removes proprietary microcode updates. So the outdated (also proprietary) microcode installed on your computer leaves you vulnerable to things like Spectre.

      This is potentially not an issue if OP uses ARM for example but using Linux-libre for security reasons is a really bad joke.