The Wire · Showcase
LINUX 7.2 HARDENS ENCRYPTED VMS, SHIPS LIVE TDX PATCHING
By RepoJournal · Filed · About Linux
Intel's TDX confidential computing now supports in-place security updates without reboots, joining a wave of x86 hardening that lands across encrypted VM architectures.
The merge window opens with three major x86 security subsystems shipping simultaneously. TDX gets its biggest feature yet: live module updates [1], letting operators patch the trusted execution environment mid-boot just like CPU microcode. This kills the operational nightmare that's plagued confidential computing since day one. SEV follows with a cleanup pass [2] that strips redundant GHCB guards and adds hard-fail semantics for SNP preparation, tightening the error paths that were previously silent failures. Rick Edgecombe, who's been carrying TDX on the host side, gets promoted to official maintainer [3], a sign of how critical this attack surface has become. The x86 crew also shipped general cleanups [4] across the platform, nothing breaking but the foundation layer is getting harder. Meanwhile, arm64 [5] is taking a slower cycle on features to focus on fpsimd hardening and kernel image unpredictability work, trading velocity for security posture.
Action items
- → Test TDX module updates in your confidential computing pipelines torvalds/linux [plan]
- → Review SNP preparation error handling if running AMD encrypted VMs torvalds/linux [monitor]
- → Stage 7.2-rc1 in non-critical arm64 deployments for fpsimd testing torvalds/linux [monitor]
References
- [1] Merge tag 'x86_tdx_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip torvalds/linux
- [2] Merge tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip torvalds/linux
- [3] Merge tag 'x86_misc_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip torvalds/linux
- [4] Merge tag 'x86_cleanups_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip torvalds/linux
- [5] Merge tag 'arm64-upstream' of gitolite.kernel.org:pub/scm/linux/kernel/git/arm64/linux torvalds/linux
FAQ
- What changed in Linux on June 16, 2026?
- Intel's TDX confidential computing now supports in-place security updates without reboots, joining a wave of x86 hardening that lands across encrypted VM architectures.
- What should Linux teams do about it?
- Test TDX module updates in your confidential computing pipelines • Review SNP preparation error handling if running AMD encrypted VMs • Stage 7.2-rc1 in non-critical arm64 deployments for fpsimd testing
- Which Linux repositories shipped on June 16, 2026?
- torvalds/linux