KernelCare, a company providing automated and rebootless Linux kernel security updates, has released support for Arm-based processors – to protect IoT devices and servers running on Linux from security vulnerabilities. KernelCare is a product of CloudLinux, the maker of this OS for shared web hosting providers.
By 2020, according to Gartner, more than 25% of identified cybersecurity attacks in enterprises will involve the IoT. This would mean that enterprise IoT devices and servers based on Arm processor technology and running on the Linux kernel require watertight-security. Traditionally, companies have patched such devices via a reboot, but reboot cycles would require planning and often times can cause system downtime.
KernelCare’s automated kernel security updates for Arm-based devices would work differently, by updating the Linux kernel on Arm-based processors without stopping the environment in which it’s running, be it bare-metal or virtualized. The software would be quite easy to deploy. It is available for CentOS, Oracle Linux, Amazon Linux, RedHat, Ubuntu, Debian OpenVZ, Virtuozzo, and CloudLinux OS servers.
KernelCare patches live, running kernel code at the binary level, in memory, without power-cycling. Applications and users see nothing; for them, the kernel never stops running. System processes wait “milliseconds” while the kernel module suspends and restarts processor threads.
“It started as a challenge: to see if we could live-patch a Linux kernel running on Arm,” said Mikhail Pobirsky, KernelCare’s Product Manager. “Within a few months,” he went on, “we successfully completed a proof-of-concept on Amazon EC2-instances, and are confident we can automatically patch most IoT and network devices, from Raspberry Pi-based equipment to network routers.”
Low Power Consumption
“We believe the ability to live-patch Arm processors running Linux will greatly benefit servers that run non-stop in remote locations,” added Mikhail Pobirsky. “Arm’s low power consumption characteristics coupled with the ability to patch the Linux kernel without rebooting will be key to the expansion of edge cloud computing and other always-on, low-power application areas, such as supercomputing and AI.”
Linux kernel live-patching for Arm-based processors can be used by IoT and Arm-based server manufacturers via embedded original equipment manufacturers (OEMs).
KernelCare is actively seeking early adopters interested in arming their IoT devices with live-patching.