projectmoon-overlay/docs/Libre-Kernel.md

143 lines
4.4 KiB
Markdown

# The Linux-libre dist-kernel
This overlay provides a dist-kernel (based on
`sys-kernel/vanilla-kernel`) using the Linux-libre kernel sources, and
an accompanying updated version of `virtual/dist-kernel`. It is
maintained and tested for my personal use on amd64. The Linux-libre
kernel removes the ability for the Linux kernel to load firmware that
is not [Free Software][free-software]. The ebuild roughly follows the
current stable 5.15.x gentoo-kernel for amd64.
The libre kernel can be installed alongside other dist-kernels, and
works with the `dist-kernel` and `initramfs` USE flags. The ebuild
does NOT fail if non-free firmware (i.e. `sys-kernel/linux-firmware`
with `redistributable` USE flag set) is installed, but it will warn
you if this is the case. It will also warn you if the `linux-firmware`
package is not found at all, like normal dist-kernel ebuilds.
The kernel installed by this ebuild has the version suffix
`-gnu-dist`, making it easy to determine which kernel it is.
## Quick Setup
This is a quick guide for setting up the system to properly install the
Linux-libre Kernel. It assumes you have set up the overlay as described
in the README.
In `/etc/portage/package.use`:
```
# Install only libre firmware
sys-kernel/linux-firmware -redistributable -unknown-license
# libre kernel with gentoo kernel patches applied
sys-kernel/libre-kernel verify-sig
# or, if you do not want gentoo patches applied
sys-kernel/libre-kernel verify-sig -gentoo
```
In `/etc/portage/package.unmask`:
```
sys-kernel/libre-kernel::projectmoon
virtual/dist-kernel::projectmoon
virtual/linux-sources::projectmoon
sec-keys/openpgp-keys-linux-libre::projectmoon
```
In `/etc/portage/package.accept_keywords`:
```
sys-kernel/librem-ec-acpi::projectmoon
sys-kernel/libre-kernel::projectmoon ~amd64
virtual/dist-kernel::projectmoon
virtual/linux-sources::projectmoon
```
In `/etc/portage/package.mask`:
```
# stay on libre kernel
sys-kernel/gentoo-kernel
sys-kernel/gentoo-kernel-bin
sys-kernel/vanilla-kernel
```
## Detailed Instructions
The rest of this documentation covers the quick steps above in detail,
and extra information about the Linux firmware package, the Librem EC
ACPI module, etc.
### Signature Verification
It is recommended to enable GPG signature verification of
`sys-kenrel/libre-kernel` by adding the USE flag to
o`/etc/portage/package.use`:
```
sys-kernel/libre-kernel verify-sig
```
### Keeping the Linux-libre Kernel Installed
Portage will sometimes try to install `sys-kernel/gentoo-kernel` or
another dist-kernel if there is a newer stable version than
`sys-kernel/libre-kernel`. This happens because of a version bump to
`virtual/dist-kernel` before this overlay has updated its own copy of
`virtual/dist-kernel`.
To prevent portage from attempting to install another dist-kernel
instead of the Linux-libre kernel, you should mask other dist-kernels in
`/etc/portage/package.mask`:
```
# stay on libre kernel
sys-kernel/gentoo-kernel
sys-kernel/gentoo-kernel-bin
sys-kernel/vanilla-kernel
```
### Linux Firmware
*Note: If you are running the Linux-libre kernel, it is unlikely (though
not impossible) that you need to install `sys-kernel/linux-firmware`.*
To install only the Linux firmware that meets the [Free Software
Definition][free-software], configure `/etc/portage/package.use`
accordingly:
```
# Install only libre firmware
sys-kernel/linux-firmware -redistributable -unknown-license
```
You can also edit `/etc/portage/profile/package.use.mask` to prevent
the linux-firmware package from ever installing the closed-source
firmware by adding this line:
```
# forcibly stop non-free firmware installation
sys-kernel/linux-firmware redistributable unknown-license
```
### Using the Librem EC ACPI kernel module
The Librem EC ACPI kernel module should install and be automatically
available (via modprobe) after installation, using `emerge
sys-kernel/librem-ec-acpi`. The module is currently installed to
`/lib/modules/<kernel>/librem/`.
This ebuild supports the `dist-kernel` USE flag, and the module will
automatically be rebuilt when installing a new dist-kernel if that
flag is enabled.
If you are not using a dist-kernel, you will need to do `emerge
@modules-rebuild` to install the module after you upgrade or install a
new kernel.
[free-software]: https://www.gnu.org/philosophy/free-sw.en.html#fs-definition
[linux-libre]: https://www.fsfla.org/ikiwiki/selibre/linux-libre/
[free-software]: https://www.gnu.org/philosophy/free-sw.en.html#fs-definition