KernelCare Agent v3 Has Arrived
·1 min
I wrote this for TuxCare to announce KernelCare Agent v3 and explain the thinking behind it: we built signed patch support to enable rebootless patching on Secure Boot servers, then decided the added trust was worth making the default for everyone. This was the launch post, so I focused on what the release is and why it matters.
Originally published on TuxCare Read the full article →A few things I wanted people to walk away with:
- v3 adds embedded signature validation. Every rebootless patch now carries a signature, layering more trust onto the live patching process teams already rely on.
- Signed patches were becoming the default. Starting mid-December the signed format takes over, so agents on v2 or earlier would stop receiving patches without an upgrade.
- The upgrade is genuinely easy. For most systems it’s a single command; Secure Boot servers need one reboot to register the certificate, and enterprise ePortal users move to 2.20.
Upgrading early gives you a comfortable runway to validate v3 across the fleet before the switchover.