Canonical has brought Livepatch to Arm64 devices for the first time, allowing Ubuntu systems on Arm hardware to apply critical kernel security patches without a full reboot.

Livepatch is one of Ubuntu’s best hidden security features – it’s not enabled by default, requires Ubuntu Pro – as it allows kernel security updates to be applied in memory while your system is running. Normally, a restart is needed.

Perfect if you’re a bit lazy running a task or workload you don’t want interrupted.

Livepatch is now available on Ubuntu 26.04 LTS and Ubuntu Core 26 running on Arm64 devices for the first time – not that getting things working was straightforward.

Patching ‘live’ requires the kernel to know when it’s safe to replace running code with a patched version. That relies on stack traces, which arm64 had poor support for. The toolchain for building and comparing patches on arm64 was similarly lacking.

It took a multi-year collaboration effort between Canonical, kernel maintainers, hardware vendors and hyperscalers to get to this point.

Can I use Livepatch on Ubuntu for Raspberry Pi?

If you run Ubuntu 26.04 LTS Raspberry Pi you won’t be able to Livepatch.

Ubuntu’s Pi builds run on the linux-raspi kernel, a kernel variant not among those listed as supported by Livepatch on its website.

The arm64 kernel variants which are supported are: aws, azure, fips, gcp, generic, gke,ibm, lowlatency and oracle.

Arm-powered servers, clouds and always-on hardware is where Livepatch is needed, ensuring critical and high-severity CVEs, the sort that might require an unscheduled restart to apply, are patched in-place without downtime.

“This enhancement will strengthen the security of systems that aren’t security maintained daily or weekly, and provides an operational advantage for organizations working towards Cyber Resilience Act (CRA) compliance”, writes Canonical’s Rajan Patel in the announcement.

Still, this isn’t hands-free security. Livepatch only updates the kernel. Regular packages (like OpenSSL, etc) still need tending to via the usual apt upgrade processes. Canonical also recommend rebooting periodically, too.

Enable Livepatch on Ubuntu 26.04 LTS

To use Livepatch you need an Ubuntu Pro account, which is free for personal use on up to five machines. Ubuntu 26.04 LTS users can enable it through Security Center on desktop or through the command-line on headless setups, servers and cloud.