View previous topic :: View next topic |
Author |
Message |
gspaceman n00b
Joined: 18 Jan 2018 Posts: 3
|
Posted: Fri Jan 19, 2018 12:06 am Post subject: Kernel Deblobbing |
|
|
Very noob question: I want to use gentoo as a 100% free distribution but I'm not sure on how to do that. I know that i can use a deblob script but is it any different than just deseletcting "Include in-kernel firmware blobs"?
Another thing, after I've deblobbed the kernel can I merge linux-firmware, or will it still contain proprietary blobs?
Thank you in advance |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54119 Location: 56N 3W
|
Posted: Fri Jan 19, 2018 12:34 am Post subject: |
|
|
gspaceman,
Welcome to Gentoo.
Firmware is in general, proprietary blobs.
From the firmware on your motherboard, to the CPU microcode, the HDDs, the kernel embedded firmware, linux-firmware, ...
Its not all executable code. Some is just state machines. Some is code to run in embedded processor in an attached device.
You only get to know about the existence of firmware because the vendor saved a few pennies by not providing some permanent storage for the firmware. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
gspaceman n00b
Joined: 18 Jan 2018 Posts: 3
|
Posted: Fri Jan 19, 2018 12:41 am Post subject: |
|
|
NeddySeagoon wrote: | gspaceman,
Welcome to Gentoo.
Firmware is in general, proprietary blobs.
From the firmware on your motherboard, to the CPU microcode, the HDDs, the kernel embedded firmware, linux-firmware, ...
Its not all executable code. Some is just state machines. Some is code to run in embedded processor in an attached device.
You only get to know about the existence of firmware because the vendor saved a few pennies by not providing some permanent storage for the firmware. |
Thank you, so I won't emerge linux-firmware, but I'm still confused on what to do.
Should I run the deblob script and just deselect "Include in-kernel firmware blobs", or should I do only the first or the latter? |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54119 Location: 56N 3W
|
Posted: Fri Jan 19, 2018 1:04 am Post subject: |
|
|
gspaceman,
It all depends on your definition of 'free'.
Free, as in everything open source, is not very practical. No HDD, no video card, no wifi, no processors after about the Pentium 2 and a motherboard that will run coreboot.
Free, as in free to distribute, is Gentoo out of the box.
Where in that range is your 'free'. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
gspaceman n00b
Joined: 18 Jan 2018 Posts: 3
|
Posted: Fri Jan 19, 2018 1:22 am Post subject: |
|
|
NeddySeagoon wrote: | gspaceman,
It all depends on your definition of 'free'.
Free, as in everything open source, is not very practical. No HDD, no video card, no wifi, no processors after about the Pentium 2 and a motherboard that will run coreboot.
Free, as in free to distribute, is Gentoo out of the box.
Where in that range is your 'free'. |
I have a librebooted thinkpad t400, so my free would be your impractical everything open source.
I just want to know if i have to run the deblob script -as described at https://wiki.gentoo.org/wiki/Kernel_Deblobing - on top of deselecting "Include in-kernel firmware blobs" in menuconfig, or if i have to do just one or the other |
|
Back to top |
|
|
gentoo_ram Guru
Joined: 25 Oct 2007 Posts: 474 Location: San Diego, California USA
|
Posted: Fri Jan 19, 2018 5:15 am Post subject: |
|
|
Well then you likely won't have Wi-Fi functionality since WiFi generally needs a firmware blob to run. You OK with that? |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54119 Location: 56N 3W
|
Posted: Fri Jan 19, 2018 11:58 am Post subject: |
|
|
gspaceman,
libreboot is a good start.
You can do both if you want belt and braces. After the kernel is deblobbed, there should be no firmware to include.
Also, if you don't select kernel options that need firmware, none will be included anyway. Its not obvious which options there are.
After deblobbing, when you do select kernel options that need firmware, it will be missing, so that hardware won't work.
What are you doing about the firmware in your HDD?
In line with your philosophy, you cannot use linux-firmware. While that is believed to be free to distribute, its almost all closed source. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
cord Guru
Joined: 28 Apr 2007 Posts: 344
|
Posted: Thu Apr 12, 2018 3:55 pm Post subject: |
|
|
2gspaceman, https://bugs.gentoo.org/537132
gentoo_ram wrote: | Well then you likely won't have Wi-Fi functionality since WiFi generally needs a firmware blob to run. You OK with that? |
Qualcomm Atheros chips doesn't need proprietary firmware to work. Even for USB cards (which need firmware) there's free open source firmware on github.
As you can see at https://wiki.debian.org/WiFi there's some old Ralink and few Realtech chips which also doesn't need firmware to work. So, no problem. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Thu Apr 12, 2018 4:17 pm Post subject: |
|
|
What about the motherboard BIOS? Or the ROM, or the firmware/ROM of a network card or hard disk or any other peripheral?
Personally I think you can't escape entirely from closed source, especially if you want decent hardware and expect it to perform well. For that matter the CPU microcode is baked in and can't be modified, and that is certainly closed source. |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Sat Apr 21, 2018 12:22 pm Post subject: |
|
|
It's perfectly possible to run a machine with deblobbed kernel (and no other "firmware") -- I did it for several years.
No-one's really wondering about how to disable CPU microcode, since that is just infeasible.
Sure, it opens a wider discussion about trusting hardware in general, but that's off-topic, imo. |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Sat Apr 21, 2018 1:53 pm Post subject: |
|
|
gspaceman wrote: | I just want to know if i have to run the deblob script -as described at https://wiki.gentoo.org/wiki/Kernel_Deblobing - on top of deselecting "Include in-kernel firmware blobs" in menuconfig, or if i have to do just one or the other |
gspaceman ... here is how I understand the situation (and I may be wrong), with FIRMWARE_IN_KERNEL=y then firmware blobs (if they exist) for selected drivers will be "buil[t ...] into the kernel directly", and so is primarily about how "request_firmware()" functions (in kernel, or via a call to userspace). Then there is PREVENT_FIRMWARE_BUILD which, as the name suggests, prevents existing firmware from being built, but will not prevent shipped firmware from being used. Then there is FW_LOADER, which allows for firmware loading in userspace. None of these are for expunging firmware, or preventing it from being included or used (either in kernel, or in userspace) ... to achive that then you need to 'deblob'.
HTH & best ... khay |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Apr 21, 2018 4:57 pm Post subject: |
|
|
The firmware loader mechanism is also used to load the wireless regulatory database and signatures. Those aren't proprietary code, but you'll be artificially limiting your wifi card's power and channel list without them. |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Sun Apr 22, 2018 4:27 pm Post subject: |
|
|
Ant P. wrote: | The firmware loader mechanism is also used to load the wireless regulatory database and signatures. Those aren't proprietary code, but you'll be artificially limiting your wifi card's power and channel list without them. | Well, another reason to deblob is security; and some of us prefer wired-networking only.
So it ends up being a bonus, not a disadvantage.
That's one of the thing I love about building our own kernels; we get to disable everything we don't need.
Obviously, this doesn't apply to everyone, YMMV, etc. |
|
Back to top |
|
|
|