You've successfully subscribed to Nuvotex Blog
Great! Next, complete checkout for full access to Nuvotex Blog
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Debian - Kernelupdate via backports

Daniel Nachtrub
Daniel Nachtrub

Working with machines running on debian is great - debian is a distribution that focuses on stable environments. Providing stability comes - as everything - with a cost: Packages provided with a distribution are not latest & greatest, they are proven.


Using debian backports is a good way to install newer package versions that are compiled for debian stable.

Why backports

If you require features provided with newer versions - like newer kernels - you might want to update the kernel. This is especially required when the desired features are integrated into the kernel, like a specific filesystem driver or similar.

To update kernel to newer versions on debian you might use debian backports reposority which provides packages that will be contained in upcoming debian releases.

You are running Debian stable, because you prefer the Debian stable tree. It runs great, there is just one problem: the software is a little bit outdated compared to other distributions. This is where backports come in.

Backports are packages taken from the next Debian release (called "testing"), adjusted and recompiled for usage on Debian stable. Because the package is also present in the next Debian release, you can easily upgrade your stable+backports system once the next Debian release comes out. (In a few cases, usually for security updates, backports are also created from the Debian unstable distribution.)

Backports cannot be tested as extensively as Debian stable, and backports are provided on an as-is basis, with risk of incompatibilities with other components in Debian stable. Use with care!

It is therefore recommended to only select single backported packages that fit your needs, and not use all available backports.

Enabling backports

Integrating backports is straight forward and done by adding the backports repository to apt sources.

# debian backports backports
deb buster-backports main
# regular sources
deb buster main
deb-src buster main
deb buster/updates main
deb-src buster/updates main
# buster-updates, previously known as 'volatile'
deb buster-updates main
deb-src buster-updates main

Beside common repositories you can see that debian backports has been added (second line).

Alternate configuration

If you prefer to create a dedicate source file, feel free to go this way:

# debian backports backports
deb buster-backports main

Using this way you don't fiddle with the source.list file directly.

Updating the kernel

Having added the repository we now run apt update to get metadata and search for a kernel we want to install:

# search kernel
apt search linux-image-5.*

# available kernels

linux-headers-5.8.0-0.bpo.2-amd64/buster-backports 5.8.10-1~bpo10+1 amd64
Header files for Linux 5.8.0-0.bpo.2-amd64
linux-headers-5.8.0-0.bpo.2-cloud-amd64/buster-backports 5.8.10-1~bpo10+1 amd64
Header files for Linux 5.8.0-0.bpo.2-cloud-amd64
linux-headers-5.9.0-0.bpo.2-amd64/buster-backports 5.9.6-1~bpo10+1 amd64
Header files for Linux 5.9.0-0.bpo.2-amd64
linux-headers-5.9.0-0.bpo.2-cloud-amd64/buster-backports 5.9.6-1~bpo10+1 amd64
Header files for Linux 5.9.0-0.bpo.2-cloud-amd64
linux-headers-5.9.0-0.bpo.2-rt-amd64/buster-backports 5.9.6-1~bpo10+1 amd64
Header files for Linux 5.9.0-0.bpo.2-rt-amd64
linux-image-5.8.0-0.bpo.2-amd64/buster-backports 5.8.10-1~bpo10+1 amd64
Linux 5.8 for 64-bit PCs (signed)
linux-image-5.8.0-0.bpo.2-amd64-dbg/buster-backports 5.8.10-1~bpo10+1 amd64
Debug symbols for linux-image-5.8.0-0.bpo.2-amd64
linux-image-5.8.0-0.bpo.2-amd64-unsigned/buster-backports 5.8.10-1~bpo10+1 amd64
Linux 5.8 for 64-bit PCs
linux-image-5.8.0-0.bpo.2-cloud-amd64/buster-backports 5.8.10-1~bpo10+1 amd64
Linux 5.8 for x86-64 cloud (signed)
linux-image-5.8.0-0.bpo.2-cloud-amd64-dbg/buster-backports 5.8.10-1~bpo10+1 amd64
Debug symbols for linux-image-5.8.0-0.bpo.2-cloud-amd64
linux-image-5.8.0-0.bpo.2-cloud-amd64-unsigned/buster-backports 5.8.10-1~bpo10+1 amd64
Linux 5.8 for x86-64 cloud
linux-image-5.9.0-0.bpo.2-amd64-dbg/buster-backports 5.9.6-1~bpo10+1 amd64
Debug symbols for linux-image-5.9.0-0.bpo.2-amd64
linux-image-5.9.0-0.bpo.2-amd64-unsigned/buster-backports 5.9.6-1~bpo10+1 amd64
Linux 5.9 for 64-bit PCs
linux-image-5.9.0-0.bpo.2-rt-amd64-unsigned/buster-backports 5.9.6-1~bpo10+1 amd64
Linux 5.9 for 64-bit PCs, PREEMPT_RT
search kernel

Determining the desired kernel version

We're working on a server environment with enabled secure boot. The matching kernel package can be located using the following search criteria:

  • linux-image = Kernel
  • signed = Kernel is signed
  • cloud = Kernel for cloud ("server") edition

Searching for the newest available kernel in the output shown above you might spot kernel 5.9 which is available - which we don't want to use as it's not signed. Therefore our best match is linux-image-5.8.0-0.bpo.2-cloud-amd64 linux-headers-5.8.0-0.bpo.2-cloud-amd64.

Installing the kernel is done easily:

apt install linux-image-5.8.0-0.bpo.2-cloud-amd64 linux-headers-5.8.0-0.bpo.2-cloud-amd64 
install kernel

Applying the kernel version requires a reboot. When completed, you're set and can use the new version.


Daniel Nachtrub

Kind of likes computers. Linux foundation certified: LFCS / CKA / CKAD / CKS. Microsoft certified: Cybersecurity Architect Expert & Azure Solutions Architect Expert.