Ubuntu launches Livepatch service for Arm64, kernel updates for key devices can be done without restarting

Recently, Canonical, the company behind Ubuntu, announced that its zero-downtime Livepatch service now supports devices equipped with Arm64 processors. Livepatch allows users to apply important Linux kernel updates without interrupting service or restarting the system, which improves security for any user, but is especially significant for critical production equipment that "must not go offline."

According to Canonical, Livepatch has been provided on the Arm64 platform with Ubuntu Core 26. At the same time, in terms of x86 architecture, it supports AMD64 devices starting from Ubuntu Core 20. This capability will improve the protection level of systems that cannot perform security maintenance on a daily or weekly basis, and help enterprises better meet compliance requirements such as the Cyber ​​Resilience Act (CRA) in practice.

In the traditional Ubuntu experience, most packages can be updated without rebooting the system, with the kernel usually being an exception: To enable the updated kernel version, users need to reboot the machine. With Livepatch, Canonical leverages kernel hot-patch technology to enable systems to load critical security patches directly on the fly, thereby starting to use the "new" kernel without rebooting and avoiding service interruptions caused by maintenance windows.

In addition to Ubuntu Core 26, users running Ubuntu 26.04 LTS with Arm64 chips can also enable Livepatch. To learn more about how the service works and applicable scenarios, users can visit the Livepatch product page provided by Canonical; on this page, there is also an entrance to join Ubuntu Pro, and through this subscription, you can obtain the permissions required to enable Livepatch.

Canonical also reminds that individual users can use Ubuntu Pro and its accompanying security capabilities for free on a certain number of home devices. Once the device is associated with an Ubuntu Pro account, not only can Livepatch be turned on, but the official security support cycle of the system can also be extended from 5 years to 10 years, providing longer-lasting security update guarantees for long-running critical businesses or long-term deployed IoT devices.