Kernel Deblobing

From Wikipedia: A binary blob is a closed-source binary-only piece of software without publicly available source code. Since 1996, Linux kernel includes more and more binary blobs, to handle closed-sources devices (without technical documentation which would authorize free firmware development for them). Proprietary software always introduces freedom, security or privacy concerns.

Linux kernel deblobing is the operation which removes binary blobs, to get a completely free kernel. This is done with two shell scripts wroten by Brian Brazil, Jeff Moe and Alexandre Oliva, named  and , where   represents the kernel revision. A third script which is for Linux tarballs,, is not used here. See the scripts README to get information about them.

Thoses scripts are provided by the Free Software Foundation Latin America, for each kernel revision. FSFLA mainly provides Linux-libre distribution.

Deblobing kernel obviously means that devices with proprietary firmware only cannot be used, like Intel wireless cards. Nvidia graphic cards will only use nouveau, the open source driver. See below how to get a list of removed blobs without kernel compilation.

Once deblobed the kernel is compiled as usual.

Deblobing hardened, ck and rc sources
For:

set the USE flag  in, sources will be automatically deblobed after being emerged.

Deblobing gentoo-sources (or any other sources)
USE flag no more deblobs, this must be manually done.

Emerging Sources
If you restricted licences, for example with  in, first accept   licence needed for Gentoo sources.


 * If the file exists:


 * If the file doesn't exist:

Then emerge Gentoo sources:

… and set symlink to the emerged sources. First get the list of available sources:

… then choose the right ones:

Then change directory to :

Downloading Deblob Scripts
Explore Linux-libre releases and download the emerged kernel revision scripts and signatures. directory is chosen for  sources:

Make the scripts executable by root only:

Verifying Signatures
First import the Linux-libre server key:

Then verify the signatures:

Python Version
Deblob scripts use Python 2.7 interpreter, set it at the beginning of the interpreters list. Get the list with:

… then:

Deblob Command
Deblobing can now be started:

During the operation, which may be long, all deblobing information is displayed. After kernel compilation -gnu suffix will be appended to it's name,  in this example.

List of Removed Blobs
To get the list of removed blobs with their kernel symbol names, redirect the deblob command output to a file:

As kernel sources can be re-emerged after being deblobed, this is a convenient way, without kernel compilation, to investigate if targeted hardware should work without binary blobs.

External resources

 * The Binary blob Wikipedia article