This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Kernel Deblobing
From Wikipedia: A binary blob is a closed-source binary-only piece of software without publicly available source code. Since 1996, Linux kernel includes more and more binary blobs, to handle devices with closed-sources firmwares only (and among these devices, those without technical documentation which would authorize free firmware development for them). Proprietary software always introduces freedom, security or privacy concerns.
Linux kernel deblobing is the operation which removes binary blobs, to get a completely free kernel. This is done with two shell scripts written by Brian Brazil, Jeff Moe and Alexandre Oliva, named deblob-check and deblob-version, where version represents the kernel revision. A third script which is for Linux tarballs, deblob-main, is not used here. See the scripts README to get information about them.
Thoses scripts are provided by the Free Software Foundation Latin America, for each kernel revision. FSFLA mainly provides Linux-libre distribution.
Once deblobed the kernel is compiled as usual. Deblobing kernel obviously means that devices with proprietary firmware only cannot be used, like Intel wireless cards. Nvidia graphic cards will only use nouveau, the open source driver. See below how to get a list of removed blobs without kernel compilation.
Deblobing ck and rc sources
For:
set the USE flag deblob in /etc/portage/make.conf, sources will be automatically deblobed after being emerged.
Deblobing gentoo-sources (or any other sources)
deblob USE flag no more deblobs sys-kernel/gentoo-sources, this must be manually done.
linux-4.4.26-gentoo is used in the following example.Emerging Sources
If you restricted licences, for example with ACCEPT_LICENSE="-* @FREE" in /etc/portage/make.conf, first accept freedist licence needed for Gentoo sources.
root #echo 'sys-kernel/gentoo-sources freedist' >> /etc/portage/package.license/etc/portage/package.license may be a directory, in this case issue for example:
root #echo 'sys-kernel/gentoo-sources freedist' > /etc/portage/package.license/gentoo-sourcesThen emerge Gentoo sources:
root #emerge --ask sys-kernel/gentoo-sourcesThen set /usr/src/linux symlink to the emerged sources if symlink USE flag is not set for Gentoo sources:
First get the list of available sources:
root #eselect kernel list[1] linux-4.1.37-gentoo * [2] linux-4.4.26-gentoo etc.
… then choose the right ones:
root #eselect kernel set linux-4.4.26-gentooThen change directory to /usr/src/linux:
root #cd /usr/src/linuxDownloading Deblob Scripts
Scripts are on Linux-libre server. First make some vars to simplify lines to be entered:
versionwill contain sources version and is the only one to be adapted, a minor version number is not mandatory;mainwill be generated, containing version without minor revision if needed,4.4for4.4.26;
(If there is a release candidate string,4.5-rc7for example, entermainby hand —there is usually no rc string with gentoo-sources.)urlwill contain downloading URL.
Making the vars:
root #version=4.4.26
root #if [ `echo $version | tr -cd '.' | wc -c` == 2 ]; then main=`echo ${version%.*}`; else main=$version; fi
Downloading:
root #wget $url$version-gnu/deblob-$main
root #wget $url$version-gnu/deblob-$main.sign
root #wget $url$version-gnu/deblob-check
root #wget $url$version-gnu/deblob-check.sign
Make the scripts executable by root only:
root #chmod 744 deblob-$main deblob-checkVerifying Signatures
First import or update the Linux-libre server key:
root #gpg --keyserver keys.gnupg.net --recv-key BCB7CF877E7D47A7Then verify the signatures:
root #gpg --verify deblob-$main.sign deblob-$main
root #gpg --verify deblob-check.sign deblob-check
For each verification this warning is usual, because server's key was imported but not trusted:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
The important output is Good signature for each script.
Python Version
Deblob scripts use the Python 2.7 interpreter. Emerge it:
root #emerge --ask --noreplace --oneshot dev-lang/python:2.7Deblob Command
Deblobing can now be started (remember the main var):
root #PYTHON="python2.7" ./deblob-$mainDuring the operation, which may be long, all deblobing information is displayed. After kernel compilation -gnu suffix will be appended to it's name, 4.4.26-gentoo-gnu in this example.
List of Removed Blobs
To get the list of removed blobs with their kernel symbol names, redirect the deblob command output to a file:
root #PYTHON="python2.7" ./deblob-$main > /path/to/file/deblob-$version.logAs kernel sources can be re-emerged after being deblobed, this is a convenient way, without kernel compilation, to investigate if targeted hardware should work without binary blobs.