On 26/08/2025 15:52, wirelessduck--- via Dng wrote:
> Does kexec allow you to avoid a reboot after updating kernel?

Yes but I think I disable it (atleast I looked into doing so but perhaps
couldn't without a kernel recompile) as it could be abused and I don't think
it's a good thing to allow from a security point of view especially for a
desktop user and when I can't even hibernate anyway unless I disable secure boot.

Secure boot automatically enables or disables lockdown mode. One enforcement of
locked down means only signed binaries or IMA (Integrity Measurement
Architecture) appraised binaries should be kexec'd. I'm not sure how secure that
is but better than allowing any kernel patch.

Live patching the kernel is a feature of Ubuntu Pro which I assume uses kexec.