Skip to main content

KernelCare Agent v3: Upgrade Now for Signed Patch Security

·1 min

I wrote this second KernelCare piece for TuxCare as the mid-December switchover actually landed. Where the launch post introduced Agent v3, this one is the timely nudge: signed patches are becoming the default now, and anyone still on v2 needs to move before their patch stream stops.

Originally published on TuxCare Read the full article →

A few things I wanted people to walk away with:

  • Signed patches are the default going forward. Both formats coexisted for a while, but with the switch, older agents simply stop receiving patches.
  • Waiting creates avoidable risk. Systems on v2 or earlier will have coverage gaps and end up doing the upgrade under time pressure instead of on their own schedule.
  • The upgrade path is the same as always. One command for most systems, a single reboot on Secure Boot hosts to register the certificate, and ePortal 2.20+ for enterprise customers.

If you upgraded early after the launch, you’re set; if not, this was the reminder to close the gap before it opened.