Ubuntu Expands Livepatch Support to Arm64 Systems for Zero-Downtime Kernel Updates

Canonical has extended Ubuntu Livepatch support to Arm64 platforms, allowing compatible Ubuntu systems running on ARM-based hardware to receive important kernel security fixes without requiring a traditional system reboot.

Livepatch is a security feature that updates the Linux kernel while the operating system continues running. Instead of waiting for maintenance windows or restarting a machine after every critical kernel update, administrators can apply certain fixes directly to the active kernel, helping reduce interruptions for important workloads.

The feature is especially useful for servers, cloud environments, and systems that need to remain available for long periods without downtime. However, Livepatch is not enabled automatically and requires an Ubuntu Pro subscription to use.

With this expansion, Livepatch is now supported on Ubuntu 26.04 LTS and Ubuntu Core 26 installations running on Arm64 hardware. Bringing this capability to ARM was a significant engineering challenge because safely replacing active kernel code requires advanced kernel support.

Live kernel patching depends on the ability to identify exactly when running code can be replaced without affecting system stability. On Arm64, improvements were needed in areas such as stack tracing and the tools used to build and compare kernel patches. Achieving reliable support required years of cooperation between Canonical, Linux kernel developers, hardware companies, and cloud infrastructure providers.

The new support is mainly targeted at professional Arm-based deployments, including cloud servers, dedicated hardware, and always-on systems where unexpected restarts can create operational problems. It helps organizations apply high-priority security fixes while maintaining service availability.

However, not every Arm64 Ubuntu installation can use Livepatch. For example, Ubuntu systems running on Raspberry Pi devices are currently not supported because they use the linux-raspi kernel, which is not included in the list of supported Livepatch kernel variants.

Supported Arm64 kernel types currently include aws, azure, fips, gcp, generic, gke, ibm, lowlatency, and oracle. These cover many enterprise, cloud, and specialized deployment scenarios.

Canonical says the addition improves protection for systems that may not receive frequent maintenance and can help organizations meet security and compliance goals, including requirements related to digital resilience.

Despite its advantages, Livepatch is not a complete replacement for normal system maintenance. It only handles kernel-level updates, meaning regular software packages such as security libraries and applications still need to be updated through standard package management tools. Canonical also recommends rebooting systems occasionally to apply changes that cannot be handled through live patching.

Users running Ubuntu 26.04 LTS can enable Livepatch through the Security Center application on desktop systems. For servers, cloud instances, and machines without a graphical interface, the feature can be activated from the command line after connecting the system to an Ubuntu Pro account.

Ubuntu Pro is available at no cost for personal use on a limited number of machines, making Livepatch accessible for individual users as well as organizations that need additional uptime protection.