Skip to main content

KernelCare Agent v3 Has Arrived

·1 min

I wrote this for TuxCare to announce KernelCare Agent v3 and explain the thinking behind it: we built signed patch support to enable rebootless patching on Secure Boot servers, then decided the added trust was worth making the default for everyone. This was the launch post, so I focused on what the release is and why it matters.

Originally published on TuxCare Read the full article →

A few things I wanted people to walk away with:

  • v3 adds embedded signature validation. Every rebootless patch now carries a signature, layering more trust onto the live patching process teams already rely on.
  • Signed patches were becoming the default. Starting mid-December the signed format takes over, so agents on v2 or earlier would stop receiving patches without an upgrade.
  • The upgrade is genuinely easy. For most systems it’s a single command; Secure Boot servers need one reboot to register the certificate, and enterprise ePortal users move to 2.20.

Upgrading early gives you a comfortable runway to validate v3 across the fleet before the switchover.