Going 100% Libre with Gentoo

From Gentoo Wiki
Jump to:navigation Jump to:search

There are many challenges in modern computing that one has to overcome in order to achieve 100% Free software usage, so much that it cannot be achieved with nearly any distribution today. As of 2024, there are currently eight GNU/Linux distributions recognized by the GNU project to be 100% Free, including the linux-libre kernel by default and no non-free software repositories.

Most of these GNU distributions either lack modern features, have a lot of bugs due to their small userbases, or are binary-based, meaning the user does not have as much freedom and choice in what he can do on his computer.

Nearly all other GNU/Linux distributions today pre-install at least non-free kernel blobs and have non-free software repositories, some go as far as to pre-install proprietary text-editors, game launchers or browsers.

Although the GNU project does not recognize Gentoo as 100% Libre due to proprietary recipes in the repositories, it can be made 100% Libre according to GNU's definition with a few tweaks. In fact, Gentoo is one of the only modern non-gnu distributions that can be made 100% Free due to its emphasis on user choice.

Boot Firmware

The vast majority of boot firmware (BIOS/UEFI) pre-installed on modern computers are proprietary. The Intel Management Engine and the AMD PSP are essentially both embedded subsystems in nearly all Intel and AMD processors which have been recognized by the Free Software foundation and the Electronics Frontier foundation as serious low-level backdoors. These subsystems have the potential of reading the computer's memory. They also run as long as the motherboard is receiving power, no matter if it is turned on or off. They have access to every part of the hardware, including the webcam, microphone, and even internet connectivity. These technologies are impossible to turn off on most systems, that is unless the user installs a 100% Libre boot firmware such as GNU boot or Canoeboot.

Why not libreboot?

Libreboot used to be a popular 100% libre boot firmware solution, but it is no longer completely free. Since January 2022, Libreboot's founder and maintainer decided to take Libreboot development to a more liberal direction, opting to attempt to reduce the use of binary blobs in the firmware rather than completely removing them.

This change allowed libreboot to support more recent hardware, at the cost of user freedom. However, there are forks of libreboot which maintain the 100% free status

GNU boot and Canoeboot

GNU boot is a fork of Libreboot which emerged as a response to Libreboot's controversial Binary Blob Reduction policy. However Libreboot's author and maintainer views GNU boot as a "hostile" and "inferior" fork of Libreboot and in response created their own libre version of libreboot called Canoeboot

Both Canoeboot and GNU boot adhere to the same Free System Distribution Guidelines (GNU FSDG) and therefore can be considered Libre software.


Allowing only Free Software to be installed on a system

In order to lock installing only Free Software on Gentoo, the user can simply add the following parameter:

FILE /etc/portage/make.confMake.conf optimized for smaller code size

There are also other license groups such as FSF-APPROVED which might be of interest to some users.

USE flags

There are several USE flags which should be used to free a Gentoo system

eme-free - enabling this flag removes proprietary DRM blobs on browsers and E-mail clients such as Mozilla Firefox, Mozilla Thunderbird. We do not recommend using Mozilla Firefox for a free system, since it's not, by default, freedom-respecting at all. We suggest using web-browsers such as Librewolf.

-proprietary-codecs - disabling this flag removes support for proprietary audio/video formats from programs such as ffmpeg. You can see which codecs are free and which are not on Wikipedia

-telemetry - disabling this flag removes telemetry from several programs. It is recommended for increased user-privacy.

FILE /etc/portage/make.confMake.conf optimized for smaller code size
USE="eme-free -proprietary-codecs -telemetry"


In Gentoo, sys-kernel/gentoo-sources and sys-kernel/gentoo-kernel are already devoid of any kind of firmware. Firmware has to be installed through a separate package, sys-kernel/linux-firmware. However, this package does not compile with ACCEPT_LICENSE="@FREE" because it contains non-free firmware.

There are some pieces of hardware that require Free firmware to be installed. This package can be devoid of any kind of non-free software with the use of a USE flag.

sys-kernel/linux-firmware -redistributable

Install sys-kernel/linux-firmware

root #emerge --ask --verbose sys-kernel/linux-firmware

Web Browsers

Almost everyone today uses some kind of web browser to access the web, however that is one of the most dangerous activities when it comes to non-free software usage and privacy, because essentially every non-free website tracks its users with JavaScript enabled, be it simply for money or malice.

Although popular browsers like www-client/firefox and www-client/chromium are technically Free Software, they do not attempt to defend user freedom and privacy almost at all. The fully Free browser recognized by the GNU project is GNU Icecat, although this browser is known to suck. It also annoyingly forces its users to use addons which are basically useless, since there are other addons and solutions which can be used instead and work better, such as Ublock Origin instead of LibreJS.

Librewolf is a fully Free web-browser which does not include any DRM blobs, has the same (if not better) tracking protection by default as IceCat, uses DuckDuckgo by default and has official Gentoo repository. Combined with Ublock Origin and disabling javascript, the user achieves the highest level of Free Software purity.