Ubuntu Livepatch for HWE Linux kernels coming soon (UPDATED)

posted by Rianne Schestowitz on Apr 13, 2023,
updated Apr 14, 2023

Canonical, the company behind Ubuntu, has announced that Hardware Enablement (HWE) kernels will receive updates via the Livepatch service, just like Long-Term Release (LTS) kernels. The first kernel to gain support will be Linux 6.2 which will ship with Ubuntu 23.04 Lunar Lobster next week before being made available as an HWE kernel in Ubuntu 22.04 LTS in July.

For those not familiar with Livepatch, it’s a service available to customers with an Ubuntu Pro subscription. If you don’t have a subscription it can be enabled on five of your personal machines. With this enabled, you are able to get the latest kernel updates installed on your computer without having to reboot. Linux kernel updates are one of the very few packages that typically require a restart in Ubuntu but with Livepatch there’s no need to restart.

With HWE kernels, users of the more stable Ubuntu LTS releases get support for the newest hardware. New HWE kernels typically arrive around the time of Ubuntu point releases following the launch of an interim Ubuntu release, such as 23.04. If you decide to enable Livepatch as a result of this news, there’s another major benefit.

Read on

UPDATE

The marketing from Canonical:

• Ubuntu Blog: Livepatch has a new 13-month sliding support window – What does it mean for you?

  Livepatch is a valuable tool for fixing critical and high security kernel Common Vulnerabilities and Exposures, CVEs, at run-time, without the need for an immediate system reboot. However, it should not be used as a replacement for regular maintenance windows and rebooting. A good enterprise policy should include both livepatching and regular reboots to ensure the system remains stable and secure.
  

  This is because some system CVEs, such as firmware or device driver updates, will still require a system reboot. Additionally, Livepatch does not include kernel updates for non-security bug fixes, lower-priority security fixes, and performance improvements.
  

  Furthermore, there may be instances where critical kernel CVEs cannot be addressed through livepatching and will require a standard system update. Last but not the least, It is important to recognise that Livepatch is not a viable solution for upgrading to the next kernel release. To do so, a traditional system update is required which entails a reboot.
  

  For all these reasons, Canonical has always strongly recommended its customers to follow good enterprise policies for regular maintenance windows, and to use Livepatch to bridge the gap until their next scheduled maintenance window.
  

  Sliding support window

  In order to ensure that our customers adhere to the industry’s best-practices and that livepatch does not hinder their maintenance schedules, Canonical has decided to introduce a sliding support window of 13 months for every version revision of the GA kernels of all its Ubuntu LTS releases. This change is scheduled to take effect on April 20, 2023, coinciding with the release of Ubuntu 23.04, also known as Lunar Lobster.

• Ubuntu Blog: Canonical Livepatch gets even better – Now supporting Hardware Enablement Kernels

  You have been telling us how much you love Livepatch’s ability to fix your kernel’s high and critical vulnerabilities at run-time, and how it significantly reduces your unplanned reboots. And many of you have requested that we make it available on Hardware Enablement (HWE) kernels, alongside the Long-Term Release (LTS) kernels we already support.
  

  We’ve listened to your feedback and are pleased to announce that Livepatch will now be available on HWE kernels. This will debut with the release of kernel version 6.2, which will initially accompany Ubuntu’s interim release of 23.04 Lunar Lobster, in April 2023. Thereafter, it will be made accessible as an HWE kernel for the 22.04 LTS release, Jammy Jellyfish, starting July 2023.
  

  This change means that you’ll be able to keep your kernel updated and secure with Livepatch, regardless of which kernel you choose to run with your Ubuntu LTS release.

  What are Ubuntu LTS releases?

  Ubuntu is known for LTS releases which come every two years and are designed to provide a stable and secure operating system. They are supported for up to 10 years with an Ubuntu Pro subscription and this makes them ideal for enterprises and production environments.