Debian stable is excellent at staying predictable, but that same conservatism can leave newer GPUs, Wi-Fi chipsets, and laptop platforms waiting on backports or the next release. To install the latest Linux kernel on Debian, the Zabbly kernel project publishes current mainline builds through APT while leaving Debian’s stock kernel in GRUB as your fallback.
That makes this approach useful on desktops, workstations, and lab systems that need newer hardware enablement or mainline kernel behavior before Debian’s default APT sources get there. Debian 13 (Trixie), 12 (Bookworm), and 11 (Bullseye) all use the same repository path, so the differences mostly come down to the codename in the source file and the package build stamp APT reports back. The later sections cover updates, rollback, and the Secure Boot and DKMS issues that usually decide whether a mainline kernel stays in place.
Install the Latest Linux Kernel on Debian
To install the latest Linux kernel on Debian, add the Zabbly APT repository and install the linux-zabbly metapackage. That pulls in the matching kernel image and headers together, which keeps the post-reboot header check simple.
Step 1: Refresh APT Metadata and Note Your Current Debian Kernel
Start with a metadata refresh so APT sees the current Debian packages before you add a second kernel source.
sudo apt updateThese commands use
sudofor tasks that need root privileges. If your account does not have sudo access yet, follow the guide on how to add a user to sudoers on Debian.
Record the kernel you are running now so you can confirm the change after the reboot.
uname -r6.12.73+deb13-amd64
Debian’s default APT sources currently track the 6.12.x kernel series on Debian 13, 6.1.x on Debian 12, and 5.10.x on Debian 11. Zabbly moves you to the current stable mainline branch instead of waiting for Debian to change kernel series.
Step 2: Confirm Your Debian Architecture and Secure Boot Requirements
Zabbly writes the repository file for your package architecture, so check that first before you add the source.
dpkg --print-architectureamd64
Current Zabbly coverage is amd64 on Debian 13, 12, and 11, plus arm64 on Debian 13 and 12. Bullseye’s arm64 package index is empty, so Debian 11 arm64 systems should stay on Debian’s stock kernel or upgrade from Debian 11 to Debian 12 first. If Secure Boot is enabled in firmware, disable it before booting a Zabbly kernel because these packages are not Microsoft-signed.
Step 3: Install Debian Repository Prerequisites
Install the small toolset needed to fetch the signing key and convert it into an APT keyring. Most Debian desktop installs already have these packages, but minimal, cloud, and lab images often do not.
sudo apt install ca-certificates curl gpg -yca-certificates handles HTTPS trust, curl downloads the key, and gpg --dearmor converts Zabbly’s ASCII-armored key into the binary format APT expects. For more detail on the download flags, see our curl command guide.
Step 4: Add the Zabbly Kernel Repository on Debian
Import the signing key first, then write the DEB822 source file with your live Debian codename and architecture.
curl -fsSL https://pkgs.zabbly.com/key.asc | sudo gpg --dearmor -o /usr/share/keyrings/zabbly.gpg. /etc/os-release
printf '%s\n' \
"Types: deb" \
"URIs: https://pkgs.zabbly.com/kernel/stable" \
"Suites: $VERSION_CODENAME" \
"Components: main" \
"Architectures: $(dpkg --print-architecture)" \
"Signed-By: /usr/share/keyrings/zabbly.gpg" | sudo tee /etc/apt/sources.list.d/zabbly-kernel-stable.sources > /dev/nullThe sudo tee form matters here because shell redirection with > would still run as your regular user, not as root. Writing the file through tee lets the command create the source file with elevated privileges in one step.
Check the generated source file before you refresh the package cache.
cat /etc/apt/sources.list.d/zabbly-kernel-stable.sourcesTypes: deb URIs: https://pkgs.zabbly.com/kernel/stable Suites: trixie Components: main Architectures: amd64 Signed-By: /usr/share/keyrings/zabbly.gpg
Now refresh APT and confirm that Debian sees the new metapackage.
sudo apt updateGet:1 https://pkgs.zabbly.com/kernel/stable trixie InRelease [15.4 kB] Get:2 https://pkgs.zabbly.com/kernel/stable trixie/main amd64 Packages [7,721 B]
apt-cache policy linux-zabblylinux-zabbly:
Installed: (none)
Candidate: 202603071700~amd64~debian13
Version table:
202603071700~amd64~debian13 500
500 https://pkgs.zabbly.com/kernel/stable trixie/main amd64 Packages
The build stamp changes as Zabbly publishes newer kernels. Debian 12 and Debian 11 show the same layout with
bookwormorbullseyein the repository path and the matching Debian suffix in the package version.
Step 5: Install the linux-zabbly Metapackage
Install the metapackage once the repository looks correct. APT pulls in the matching kernel image and headers as dependencies.
sudo apt install -y linux-zabblyInstalling: linux-zabbly Installing dependencies: linux-headers-6.19.6-zabbly+ linux-image-6.19.6-zabbly+ Summary: Upgrading: 0, Installing: 3, Removing: 0, Not Upgrading: 5
That dependency layout is why linux-zabbly is the right package to document. You track one metapackage, and APT handles the matching image and headers underneath it.
Step 6: Reboot Into the New Debian Kernel
The new kernel is installed on disk now, but Debian will keep running the old one until the next boot.
sudo rebootThe first boot after a kernel install can take a little longer than a routine restart while GRUB and initramfs changes settle in. Give the machine a normal reboot cycle before you start troubleshooting.
Step 7: Verify the Running Zabbly Kernel on Debian
Confirm the running kernel first, then check that the matching headers are installed for the live kernel string.
uname -r6.19.6-zabbly+
dpkg -l | grep "linux-headers-$(uname -r)"ii linux-headers-6.19.6-zabbly+ 6.19.6-amd64-202603060022-debian13 amd64 Linux kernel headers for 6.19.6-zabbly+ on amd64
That header check matters for DKMS-managed modules such as NVIDIA and VirtualBox. If the package name from
dpkg -lmatches the kernel string fromuname -r, the header side of the install is aligned correctly.
Compare Debian Kernel Choices
Zabbly is not the only path to a newer kernel on Debian, so it helps to decide whether you want a mainline-style build, Debian’s default branch, or a kernel tuned for a narrower workload. Zabbly’s advantage is that it stays close to upstream Linux instead of aiming for gaming or low-latency desktop tweaks.
| Kernel choice | What it tracks | Best fit | Main trade-off |
|---|---|---|---|
| Debian stock kernel | Debian’s default APT sources | Servers, conservative desktops, and systems that value long-tested packages | You stay on Debian’s kernel series for your release |
| Zabbly mainline kernel | Current upstream stable mainline branch | Newer hardware, lab systems, and users who want mainline behavior through APT | Secure Boot is unsupported, and regressions arrive sooner than on Debian stable |
| Install Liquorix kernel on Debian | Desktop-focused tuned kernel | Low-latency audio, fast desktop response, and interactive workloads | More aggressive tuning than many server or general-purpose systems need |
| Install XanMod kernel on Debian | Performance-focused custom branch | Gaming, multimedia, and users who want extra scheduler and networking tweaks | More opinionated patch set than Zabbly or Debian stock |
If your goal is just newer upstream hardware support with as little extra tuning as possible, Zabbly is the cleanest fit. If you mainly want desktop latency or gaming tweaks, Liquorix or XanMod are better matches than a straight mainline build.
Update or Remove the Zabbly Kernel on Debian
Update the Zabbly Kernel on Debian
When Zabbly publishes a newer kernel, ask APT to install the metapackage again so it can pull in the next image and header pair.
sudo apt update && sudo apt install linux-zabblylinux-zabbly is already the newest version or The following NEW packages will be installed: linux-headers-6.x.x-zabbly+ linux-image-6.x.x-zabbly+
Reboot after the update so uname -r switches to the new kernel. If you want Debian to handle routine package maintenance in the background, see how to configure unattended-upgrades on Debian.
Remove the Zabbly Kernel from Debian
Removal is straightforward, but do not purge the Zabbly packages while you are booted into the Zabbly kernel. Boot a normal Debian kernel first, then remove the packages and repository.
Boot a Stock Debian Kernel First
Reboot, open Advanced options for Debian GNU/Linux in GRUB, and choose a kernel entry that does not contain zabbly. Once the system is back up, confirm that you are on Debian’s kernel again.
uname -r6.12.73+deb13-amd64
List the Installed Zabbly Packages
Check the package names first so you can see exactly what the metapackage pulled in.
dpkg -l | grep zabblyii linux-headers-6.19.6-zabbly+ 6.19.6-amd64-202603060022-debian13 amd64 Linux kernel headers for 6.19.6-zabbly+ on amd64 ii linux-image-6.19.6-zabbly+ 6.19.6-amd64-202603060022-debian13 amd64 Linux kernel, version 6.19.6-zabbly+ ii linux-zabbly 202603071700~amd64~debian13 amd64 Mainline Linux kernel by Zabbly
Purge the Zabbly Kernel Packages
This purge command reads the installed package names from dpkg -l and passes them to APT. That matters because apt purge linux-image-*-zabbly+ does not expand the way many readers expect.
sudo apt purge -y $(dpkg -l | awk '/^ii linux-(headers|image)-.*zabbly\+|^ii linux-zabbly/ {print $2}')
sudo apt autoremove -yREMOVING: linux-headers-6.19.6-zabbly+* linux-image-6.19.6-zabbly+* linux-zabbly* Summary: Upgrading: 0, Installing: 0, Removing: 3, Not Upgrading: 5
Remove the Repository and Verify Cleanup
Delete the source file and key, then refresh APT so Debian stops offering the package.
sudo rm -f /etc/apt/sources.list.d/zabbly-kernel-stable.sources /usr/share/keyrings/zabbly.gpg
sudo apt updateAPT should stop finding the metapackage once the repository is gone.
apt-cache show linux-zabblyE: No packages found
Troubleshoot Zabbly Kernel Issues on Debian
The Zabbly kernel usually behaves like any other Debian-installed kernel, so most problems come down to boot policy, DKMS rebuilds, or a regression you can confirm in the boot log.
Boot Debian’s Stock Kernel When the Zabbly Kernel Fails
If the new kernel hangs, panics, or leaves hardware unusable, fall back to Debian’s last working kernel from GRUB before you decide whether to purge Zabbly.
- Reboot the system and open the GRUB menu.
- Select Advanced options for Debian GNU/Linux.
- Choose the newest kernel entry that does not contain
zabbly. - Once the system is back up, run
uname -rand decide whether you want to keep Zabbly installed or remove it.
Fix Secure Boot Errors With the Zabbly Kernel
If the machine rejects the new kernel before Linux starts, the firmware is usually still enforcing Secure Boot.
Secure Boot Violation Invalid signature detected. Check Secure Boot Policy in Setup
Zabbly’s kernels are not Microsoft-signed, so firmware that requires Secure Boot signatures will block them. Disable Secure Boot in your firmware settings, then boot the Zabbly kernel again.
Fix DKMS Module Failures After a Zabbly Kernel Update
Out-of-tree modules such as NVIDIA rely on DKMS to rebuild against the new kernel headers. If graphics, virtualization, or storage modules stop loading, check DKMS status first.
dkms statusnvidia/550.90.07, 6.19.6-zabbly+, x86_64: built
A line stuck at built instead of installed means the module compiled but did not finish installing for the running kernel. Trigger the rebuild again, then recheck the status.
sudo dkms autoinstall
dkms statusnvidia/550.90.07, 6.19.6-zabbly+, x86_64: installed
If the module still does not install, work through your vendor-specific steps next. For the common Debian desktop case, see how to install NVIDIA drivers on Debian.
Inspect Debian Kernel Logs After a Zabbly Boot
When the system boots but hardware or drivers still misbehave, filter the current boot log for obvious warnings and failures first.
journalctl -k -b | grep -iE "error|fail|warn" | head -20kernel: ACPI Error: AE_NOT_FOUND, Evaluating _DSM kernel: nvidia: module verification failed: signature kernel: usb 1-2: device descriptor read/64, error -71
ACPI warnings are often firmware noise, the NVIDIA signature line points back to Secure Boot or DKMS, and repeated USB errors usually mean the newer kernel exposed a hardware quirk. If you want more ways to narrow long logs, our grep command guide covers the pattern flags used here.
Latest Linux Kernel on Debian FAQ
Debian 13 currently tracks the 6.12.x kernel series from its default APT sources, Debian 12 tracks 6.1.x, and Debian 11 tracks 5.10.x. Zabbly moves you to the current stable mainline branch instead. If you want to confirm the live candidate on your own system, run apt-cache policy linux-image-amd64.
No. Debian keeps its own kernel packages installed, and GRUB continues to list them under the normal or advanced boot entries. That makes Zabbly easier to test because you can boot a Debian kernel again before you purge the Zabbly packages.
Not with the current Bullseye package index. The Debian 11 repository metadata exists for arm64, but the Bullseye arm64 package list is empty, so Debian 11 arm64 readers should stay on Debian’s stock kernel or upgrade to Debian 12 or Debian 13 before trying Zabbly.
The repository path keeps the kernel image, headers, signing key, and update flow under APT. That is easier to maintain than hunting for individual .deb files, and it lets you refresh the kernel later with a normal apt update and apt install linux-zabbly workflow.
Conclusion
The latest Linux kernel on Debian is now running through the Zabbly APT path, while Debian’s stock kernel stays available in GRUB as a fallback. If you want quieter maintenance after the install, configure unattended-upgrades on Debian next, and if you want an easier rollback point before the next kernel jump, install Timeshift on Debian.
Be aware the next command doen’t work on derivated distro like Linux Mint LMDE 6 (which codename is “faye”).
codename=$(lsb_release -sc) && echo deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/linux-zabbly.gpg] https://pkgs.zabbly.com/kernel/stable $codename main | sudo tee /etc/apt/sources.list.d/linux-zabbly.list
Instead, replace codename by the debian name (not Linux Mint) expected by zabbly, like “bookworm”.
codename=’bookworm’ && echo deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/linux-zabbly.gpg] https://pkgs.zabbly.com/kernel/stable $codename main | sudo tee /etc/apt/sources.list.d/linux-zabbly.list
Thanks for flagging this, Bobinours. You were absolutely right. The original command used
lsb_release -scwhich returns “faye” on LMDE 6 instead of the underlying Debian codename. The article has since been rewritten with the modern DEB822 repository format, but LMDE users still need to hardcode the Debian codename sinceVERSION_CODENAMEalso returns the Mint release name.For LMDE 7 (Gigi), which is based on Debian 13, use this command instead of the auto-detection version in the guide:
For LMDE 6 (Faye), based on Debian 12:
For LMDE 5 (Elsie), based on Debian 11:
The rest of the guide (GPG key import, package installation, verification) works identically on LMDE. Thanks for documenting this workaround for other LMDE users.