// OMG! UBUNTU! — LINUX & OPEN SOURCE
Ubuntu brings Livepatch to arm64 for rebootless kernel updates
Canonical has brought Livepatch to Arm64 devices for the first time, allowing Ubuntu systems on Arm hardware to apply critical kernel security patches without a full reboot.
Livepatch is one of Ubuntu’s best hidden security features – it’s not enabled by default, requires Ubuntu Pro – as it allows kernel security updates to be applied in memory while your system is running. Normally, a restart is needed.
Perfect if you’re a bit lazy running a task or workload you don’t want interrupted.
Livepatch is now available on Ubuntu 26.04 LTS and Ubuntu Core 26 running on Arm64 devices for the first time – not that getting things working was straightforward.
Patching ‘live’ requires the kernel to know when it’s safe to replace running code with a patched version. That relies on stack traces, which arm64 had poor support for. The toolchain for building and comparing patches on arm64 was similarly lacking.
It took a multi-year collaboration effort between Canonical, kernel maintainers, hardware vendors and hyperscalers to get to this point.
If you run Ubuntu 26.04 LTS Raspberry Pi you won’t be able to Livepatch.
Ubuntu’s Pi builds run on the linux-raspi kernel, a kernel variant not among those listed as supported by Livepatch on its website.
The arm64 kernel variants which are supported are: aws, azure, fips, gcp, generic, gke,ibm, lowlatency and oracle.
Arm-powered servers, clouds and always-on hardware is where Livepatch is needed, ensuring critical and high-severity CVEs, the sort that might require an unscheduled restart to apply, are patched in-place without downtime.