Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers

Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, codenamed Resolute Raccoon, pulls most of those threads together into a single release that will receive standard security support until April 2031.

Rust moves into the system layer

One of the more consequential changes in this release is the expansion of memory-safe components at the OS level. Ubuntu 26.04 LTS ships with new kernel drivers and subsystems written in Rust, alongside sudo-rs and uutils coreutils, which are Rust reimplementations of foundational tools including sudo, ls, cp, and mv. For organizations that track software composition as part of their security posture, this shifts a meaningful portion of privileged execution paths away from C.

The Rust Foundation called the move a sign of serious commitment to memory safety at the distribution level.

TPM-backed encryption goes general availability

TPM-backed full-disk encryption is now generally available in the Ubuntu installer. In earlier Ubuntu versions this was experimental. The mechanism ties disk encryption to a specific TPM chip embedded in the device, which raises the threshold for physical access attacks and removes the need for manual passphrase entry at boot. This makes it a more practical default for laptop and workstation fleets where physical theft is a credible risk.

Live patching reaches Arm64

Canonical’s Livepatch service, which applies kernel patches without requiring a reboot, now covers Arm64 servers for the first time. Previously it was limited to x86 hardware.

“As agentic AI and always-on workloads move into production, minimizing downtime is a necessity. With Canonical’s Ubuntu 26.04 LTS, organizations can address critical vulnerabilities in real time while systems remain fully operational with Kernel Livepatch, which was developed through close collaboration between Arm and the upstream Linux community to advance secure and scalable AI infrastructure,” said Bhumik Patel, Director of Server Ecosystem Development, Cloud AI Business Unit, Arm.

NVIDIA CUDA and AMD ROCm land in official repositories

Ubuntu 26.04 LTS is the first Ubuntu release to natively distribute NVIDIA CUDA through its own software repositories. Previously, CUDA required installation through NVIDIA’s own channels or third-party methods. Canonical also added AMD ROCm, the open software platform for AI, machine learning, and HPC workloads on AMD GPUs, to the official Ubuntu repositories. Both integrations mean those toolchains now receive the same package management, update cadence, and long-term support treatment as the rest of the Ubuntu archive.

Linux 7.0 and new silicon support

The release is built on Linux 7.0, continuing Canonical’s practice of shipping the latest upstream kernel. Linux 7.0 adds targeted support for Intel Core Ultra Series 3 processors (Panther Lake), including optimizations for Intel Xe3 integrated graphics and the integrated Neural Processing Unit.

Confidential computing support is available for both Intel Trust Domain Extensions and AMD SEV on guest and host configurations.

Ubuntu 26.04 LTS also adds support for the RVA23 RISC-V baseline standard, covering mixed-architecture environments. For industrial deployments, the IgH EtherCAT Master module and Generic Ethernet driver are now integrated into the kernel, bringing microsecond-level timing precision natively into Ubuntu for motion control and factory automation use cases.

Desktop: Wayland by default, App Center updates

The desktop ships with the latest GNOME release and completes the transition to Wayland, dropping X.org as a default display server. The shift delivers per-monitor scaling, native touch and gesture support, and compatibility with the latest NVIDIA production drivers. The App Center gains improved support for Debian packages, unifying application management across package formats.

Enterprise management additions

Ubuntu 26.04 LTS integrates Landscape, Canonical’s systems management tool, directly into the Ubuntu Desktop installer. This lets enterprise users register a newly provisioned workstation with Landscape during initial setup, provided they have an Ubuntu Pro subscription.

Authd, the open source service that allows authentication against cloud identity providers including Microsoft Entra ID and Google IAM, is now available directly from official Ubuntu repositories without requiring additional infrastructure.

The release also ships an updated WSL experience with cloud-init and Ubuntu Pro for WSL integration, enabling large-scale management and compliance through Landscape.

Support terms

Ubuntu 26.04 LTS will receive security updates and critical bug fixes through April 2031. With an Ubuntu Pro subscription, Expanded Security Maintenance extends that to ten years. Desktop installation requires a 2 GHz dual-core processor, 6 GB of RAM, and 25 GB of storage.

Must read:

• 40 open-source tools redefining how security teams secure the stack
• Firmware scanning time, cost, and where teams run EMBA

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!