Canonical launched the Canonical Livepatch Service recently, an "authenticated, encrypted, signed stream of livepatch kernel modules for Ubuntu servers, virtual machines and desktops", applying critical security and vulnerability patches without requiring a reboot.
The new service is commercial (commercial support subscriptions start at $12 / month), but it's offered for free to the Ubuntu community, for up to 3 systems.
Any Ubuntu user can enable the new Canonical Livepatch Service for free, on 3 systems running a 64bit Ubuntu 16.04 LTS machine.
It does not work with other Ubuntu versions, 32bit Ubuntu systems, or if you're using a custom kernel!
It does not work with other Ubuntu versions, 32bit Ubuntu systems, or if you're using a custom kernel!
To use it, firstly make sure you're running snapd version 2.15 or newer (to make sure you have the latest version, you can use Software Updater or just run "sudo apt update" and "sudo apt install snapd"). If you're using an older version, you'll encounter an issue and canonical-livepatch will fail to start (this occurred on my system but I don't remember the exact error message).
Then simply head to https://ubuntu.com/livepatch, login with your Ubuntu SSO account (you can create one for free HERE if you don't already have one), and the commands required to get the Canonical Livepatch Service up and running should be displayed, including the key specific to your account, like in the screenshot above.
If you installed canonical-livepatch while you were using an older snapd version, and you get an error, remove canonical-livepatch ("sudo snap remove canonical-livepatch"), then install it again.
If you installed canonical-livepatch while you were using an older snapd version, and you get an error, remove canonical-livepatch ("sudo snap remove canonical-livepatch"), then install it again.
For more information, see the official announcement and Dustin Kirkland's blog.