How KernelCare IoT Works

Allocates kernel memory loads new, secure code into it

Momentarily freezes all processes in a ‘safe’ mode

Modifies original functions and jumps to new secure code, ensuring old (vulnerable) code can never run

Unfreezes all processes and resumes

In 2020, KernelCare IoT has become available for patching of AWS Graviton2 ARM64 processors.

 

Watch the demo to see how KernelCare for IoT secures EC2 A1 instances running AWS Graviton2 ARM64 processors in real-time.

Supported Distributions & Chipsets

KernelCare for IoT provides on-the-fly updates for Linux kernels on ARM64.

Supported Chipsets

KernelCare IoT Integrates with Microsoft Azure IoT Hub

Frequently Asked Questions

TuxCare is a portfolio of services that help organizations take care of support, maintenance and security of Enterprise Linux systems.  The portfolio of TuxCare services include:
  • KernelCare Enterprise – live patching for Linux kernels. A subscription with out-of-the-box integration with automation tools & vulnerability scanners, priority support, and a separate ePortal server. It is specially tailored for larger server fleets.
  • LibraryCare – Live patching for shared libraries.
  • KernelCare IoT – live patching for Linux kernels on ARM 64. KernelCare for IoT protects devices with on-the-fly kernel updates. The pricing is custom-based depending on the specific use case.
  • QEMUCare – live patching for QEMU virtualization (available in Q3 2021)
  • DBCare – live patching for MySQL, MariaDB and PostgreSQL (available in Q3 2021)
  • Extended Lifecycle Support Services – Patches and updates for all Enterprise Linux components & 24/7 incident support. Available for CentOS 6, Oracle Linux 6, Ubuntu 16, Debian 9.
  • Linux Support Services – Patches and updates for all Enterprise Linux components & 24/7 incident support. Available for AlmaLinux 8, CentOS 7 and Oracle Linux 7.
TuxCare doesn’t have a services trial available, but we do individual POCs for Enterprise companies. A 30-day money-back guarantee is available for all subscriptions.
  • The KernelCare team is constantly monitoring security mailing lists to check for vulnerabilities. As soon as one is found, the team prepares a patch and then sends it to distribution servers.
  • An agent will run a process on your device, checking with the distribution servers every 4 hours until it finds a new patch and then safely apply it to the running kernel without needing to stop it.
  • A special kernel module is used to apply the patches. It first loads the update into the kernel address space, then it places relocations on the original code/data to make sure the code block doesn’t execute during the update. Once finished, it will safely switch the execution path from the original to the updated code and then make sure the old code will never run again.
  • KernelCare does all of this instantly, automatically, and without service interruptions.
  • For Enterprise teams, we recommend scheduling a demo with a TuxCare technical engineer. They will collect your system requirements, assist with TuxCare services’ set up on your systems, and ensure you get the best price quote.
  • If your systems are running behind the firewall – contacting sales is the only option because using TuxCare will require an ePortal secure patch server setup.

Setting up live patching on IoT devices requires a customized approach.

Fill up the form and TuxCare engineers will reach out to you with the next steps.

Contact TuxCare Experts

Add more security with other Live Patching Services by TuxCare

Automated live patching for Linux Kernels with centralized management & common automation and vulnerability management tools integration.

Learn More
Library

That detects and patches shared libraries in-memory without disrupting the applications using them.

Learn More
QEMU

Protects enterprise virtualization stack with live patching that does not affect virtual machines or requires migrating them to other servers. Available in Q3 2021.

Learn More
DB

Keeps the enterprise’s most important asset, data, safe by live patching the database provider, MySQL, MariaDB or PostgreSQL, without interrupting the applications that depend on it. Available in Q3 2021.

Learn More

Automated live patching for Linux Kernels with centralized management & common automation and vulnerability management tools integration.

Learn More
LibraryCare add-on for

That detects and patches shared libraries in-memory without disrupting the applications using them.

Learn More
QEMU

Protects enterprise virtualization stack with live patching that does not affect virtual machines or requires migrating them to other servers.

Learn More
DB

Keeps the enterprise’s most important asset, data, safe by live patching the database provider, MySQL, MariaDB or PostgreSQL, without interrupting the applications that depend on it.

Learn More

Featured on

Your compare list

Compare
REMOVE ALL
COMPARE
0