| by Arround The Web | No comments

No More Reboots During Kernel Patching for ARM64 Systems on Ubuntu

Canonical's Livepatch can now patch the Linux kernel on ARM64 systems without forcing a reboot. This has been possible on AMD64 machines for years, but ARM64 users had no equivalent option until now.

It is available for users on Ubuntu 26.04 LTS and Ubuntu Core 26, and if this sounds familiar, that's because Canonical has already talked about this before. The first time was when the Ubuntu 26.04 release was out, back in April, and the second instance was when Ubuntu Core 26 arrived.

We are covering this now because they have put out a dedicated writeup explaining the effort that went behind getting this ready.

Work started back in 2023, where the company ran a gap analysis (a study of what's missing) on what ARM64 needed to support live kernel patching, and the results weren't very encouraging.

The issue was that the upstream ARM64 kernel lacked a stable implementation of reliable stacktraces, a feature livepatching depends on to know when it's safe to swap code in a running kernel.

The compiler toolchain wasn't ready either, with GCC, objdump, and Kpatch all missing stable ARM64 support at the time. Work picked up through 2024 and into this year as Arm processors became more common in cloud and edge deployments.

Upstream kernel maintainers, hardware vendors, and Canonical's own engineers had to step up for closing those gaps. By late February, the ARM64 Livepatch client was already applying patches in Canonical's test environments for Ubuntu 26.04 LTS and Ubuntu Core 26.

Why should you Livepatch?

the ubuntu pro section in the security center app for ubuntu
Some bug was preventing me from enabling Livepatch on a VM.

Livepatch comes as part of Ubuntu Pro, Canonical's subscription that bundles security patching, support, and compliance tools all while also covering the kernel by patching critical and high-severity vulnerabilities.

You don't need to pay for any of this if you just want to try it out, since Canonical offers Livepatch free for personal use on up to five machines. That should cover most home setups and small server fleets without forking over payment details.

The real advantage shows up once you are managing more than a handful of machines, because instead of scheduling downtime to patch a kernel vulnerability, Livepatch applies the fix in-memory and lets administrators decide when each machine gets the update.

It isn't a complete replacement for patching, though, since Livepatch only touches the kernel. Canonical still recommends rebooting every so often regardless, because long uptimes pile up memory leaks and other state issues that a livepatch can't clear.

None of this really matters if you are a desktop user who restarts their machine fairly regularly, since Livepatch is built for systems where a reboot means real downtime and risk of cost overruns.

Related posts:

  1. Canonical Promotes Steam Snap to Stable on ARM64, With Plans to Rebuild It from Scratch Later
  2. Linux 7.0.6 is Out, and It Fully Patches the Dirty Frag Exploit
  3. The Awesome New Ubuntu 26.04 LTS is Here
  4. Simon Josefsson: Debian Libre Live 13.3.0 is released!

Source: It's FOSS