<ul data-eligibleForWebStory="true"><li>Canonical Livepatch is a security patching automation tool for the Linux kernel, aimed at providing reboot-less security updates while prioritizing security and operational convenience.</li><li>To safeguard against bad actors, Livepatch introduces Secure Boot for trusted kernel running and module signature verification to ensure only trusted code is loaded into the kernel at runtime.</li><li>Livepatch Client is distributed as a tamper-proof, self-updating snap application with strict confinement and granular system access. A certificate-based trust model ensures Livepatch updates are from a trusted source.</li><li>Collaboration between Livepatch and kernel engineering teams, along with Launchpad's role in maintaining valid certificates, ensures the integrity and security of Livepatch updates to prevent misuse by bad actors.</li></ul>

How is Livepatch safeguarded against bad actors?

Discover more