Edit this page -- Back to previous index

The latest stable release is 20160907, released on 2016-09-07 and can be found at #https.

Information about specific changes in each Libreboot release, can be found at docs/release.html

If you’re more interested in libreboot development, go to the libreboot development page, which also includes links to the Git repositories.

GPG signing key

Releases are signed with GPG.

gpg --recv-keys 0x969A979505E8C5B2

Full key fingerprint: CDC9 CAE3 2CB4 B7FC 84FD C804 969A 9795 05E8 C5B2

The GPG key can also be downloaded with this exported dump of the pubkey: lbkey.asc.

$ sha512sum -c sha512sum.txt
$ gpg --verify sha512sum.txt.sig

Do you have a mirror?

Let us know! We will add it here.

If you wish to create a new mirror of the Libreboot releases, you can use rsync. See: rsync mirror list.

HTTPS mirrors

These mirrors are recommended, since they use TLS (https://) encryption. (University of Kent, UK) (Princeton university, USA) (Splentity Software, USA) ( (formerly (, Spain) (, France) (, Netherlands) (, France) (, Hong Kong) (, France)

RSYNC mirrors

Useful for mirroring Libreboot’s entire set of release archives. You can put an rsync command into crontab and pull the files into a directory on your web server.

It is highly recommended that you use the mirror, if you wish to host an official mirror. Otherwise, if you simply want to create your own local mirror, you should use one of the other mirrors, which sync from

rsync:// (Libreboot project official mirror)

rsync:// (University of Kent, UK)

rsync:// (Princeton university, USA)

rsync:// (, Spain)

rsync:// (, Romania)

rsync:// (, Netherlands)

rsync:// (, Hong Kong)

Are you running a mirror? Contact the libreboot project, and the link will be added to this page!

HTTP mirrors

WARNING: these mirrors are non-HTTPS which means that they are unencrypted. Your traffic could be subject to interference by adversaries. Make especially sure to check the GPG signatures, assuming that you have the right key. Of course, you should do this anyway, even if using HTTPS. (MIT university, USA) (, Romania) (, Germany) (, France)

FTP mirrors

WARNING: FTP is also unencrypted, like HTTP. The same risks are present. (University of Kent, UK) (, Romania)

Statically linked

Libreboot includes statically linked executables. If you need the sources for those statically linked dependencies inside the executables, then you can contact the libreboot project using the details on the home page; source code will be provided. You can download this source code from the “ccsource” directory on

Edit this pageLicenseTemplateAuthorsConduct GuidelinesGovernancePeers Community