how to install linux kernel mainline on debian 12

Need newer drivers, security patches, or scheduler improvements on Debian 12 Bookworm? Installing the Linux kernel mainline delivers the latest features and hardware support. The process below builds clean .deb packages, installs them safely, and keeps your old kernel to roll back. Terminal required; downtime minimal.

Check current kernel, CPU, and Secure Boot

Confirm what you run now, then check if Secure Boot is enabled. Unsigned custom kernels will not boot with Secure Boot unless you sign them.

uname -r
dpkg --print-architecture
sudo apt update
sudo apt install -y mokutil || true
mokutil --sb-state || echo "Secure Boot tool not available"

Example:
6.1.0-27-amd64
amd64
SecureBoot disabled

Install build tools and dependencies

Install the toolchain and libraries required to compile and package the kernel as Debian .deb files.

sudo apt install -y build-essential fakeroot bc flex bison \
libssl-dev libelf-dev libncurses-dev dwarves pahole zstd \
liblz4-tool rsync cpio xz-utils wget curl git ca-certificates

Download the mainline kernel source

Fetch the desired mainline version from kernel.org. Replace KVER with the version you want (e.g., 6.11.7).

mkdir -p ~/build/kernel-mainline
cd ~/build/kernel-mainline
export KVER=6.11.7
wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-$KVER.tar.xz
tar -xf linux-$KVER.tar.xz
cd linux-$KVER

Reuse current config and set options

Start from your current Debian kernel config for maximum compatibility, then auto-accept new defaults.

cp -v /boot/config-$(uname -r) .config
yes "" | make olddefconfig
# Optional TUI to tweak options:
# make menuconfig

Compile and build Debian packages

Build binary packages only for your machine using bindeb-pkg. This produces .deb files one directory up. Expect heavy CPU usage for 15–90 minutes depending on hardware.

fakeroot make -j"$(nproc)" LOCALVERSION=-mainline bindeb-pkg

Output example (truncated):
  DEPMOD  6.11.7-mainline
  BUILDDEB  linux-image-6.11.7-mainline_6.11.7-mainline-1_amd64.deb
  BUILDDEB  linux-headers-6.11.7-mainline_6.11.7-mainline-1_amd64.deb

Install the new kernel packages

Install the freshly built image and headers. The post-install scripts will generate initramfs and update GRUB automatically.

cd ..
sudo dpkg -i linux-image-*-mainline_*.deb linux-headers-*-mainline_*.deb

Expected messages (truncated):
Setting up linux-image-6.11.7-mainline ...
update-initramfs: Generating /boot/initrd.img-6.11.7-mainline
Generating grub configuration file ...
done

Reboot and verify the kernel

Boot into the new mainline kernel and verify the version.

sudo reboot

uname -r
ls /boot/vmlinuz-*

Example:
6.11.7-mainline
/boot/vmlinuz-6.1.0-27-amd64  /boot/vmlinuz-6.11.7-mainline

Rebuild DKMS modules (NVIDIA, ZFS, VirtualBox)

External modules must rebuild for the new kernel. Install their DKMS packages and confirm status.

sudo apt install -y dkms
sudo dkms status
# Example specific packages (adjust to your stack):
# sudo apt install -y nvidia-dkms nvidia-driver
# sudo apt install -y zfs-dkms
# sudo apt install -y virtualbox-dkms

Pin the mainline kernel to avoid auto-replacement

Hold Debian’s meta packages so routine upgrades do not switch you back to a stock kernel. You can unhold later.

sudo apt-mark hold linux-image-amd64 linux-headers-amd64
# To undo:
# sudo apt-mark unhold linux-image-amd64 linux-headers-amd64

Roll back safely if needed

GRUB keeps older kernels. Pick “Advanced options for Debian” at boot to select a previous kernel. To remove the mainline packages from userspace:

dpkg -l | grep linux-image
sudo apt remove --purge linux-image-*-mainline linux-headers-*-mainline
sudo update-grub

Optional: Handle Secure Boot

If Secure Boot is enabled, either disable it in firmware or sign the kernel with your own Machine Owner Key (MOK) and enroll it.

sudo apt install -y sbsigntool mokutil
mokutil --sb-state
# Generate a key pair:
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -out MOK.crt -nodes -days 3650 -subj "/CN=Local Kernel Sign/"
# Enroll the certificate (follow on-screen steps and reboot to MOK manager):
sudo mokutil --import MOK.crt
# After enrollment, sign the kernel image:
KIMG=$(readlink -f /boot/vmlinuz-*-mainline)
sudo sbsign --key MOK.key --cert MOK.crt "$KIMG" --output "$KIMG"

Installing the Linux kernel mainline on Debian 12 unlocks new hardware support and features while keeping a safe fallback. For more study, guidance, support, and to buy various servers, visit dropvps.com