RepoJournal
Linux

Linux

The kernel, distros, and the rigs of the moment

Pick a date

The Wire · Showcase

LINUX 7.2 HARDENS ENCRYPTED VMS, SHIPS LIVE TDX PATCHING

By RepoJournal · Filed · About Linux

Intel's TDX confidential computing now supports in-place security updates without reboots, joining a wave of x86 hardening that lands across encrypted VM architectures.

The merge window opens with three major x86 security subsystems shipping simultaneously. TDX gets its biggest feature yet: live module updates [1], letting operators patch the trusted execution environment mid-boot just like CPU microcode. This kills the operational nightmare that's plagued confidential computing since day one. SEV follows with a cleanup pass [2] that strips redundant GHCB guards and adds hard-fail semantics for SNP preparation, tightening the error paths that were previously silent failures. Rick Edgecombe, who's been carrying TDX on the host side, gets promoted to official maintainer [3], a sign of how critical this attack surface has become. The x86 crew also shipped general cleanups [4] across the platform, nothing breaking but the foundation layer is getting harder. Meanwhile, arm64 [5] is taking a slower cycle on features to focus on fpsimd hardening and kernel image unpredictability work, trading velocity for security posture.

Action items

References

  1. [1] Merge tag 'x86_tdx_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip torvalds/linux
  2. [2] Merge tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip torvalds/linux
  3. [3] Merge tag 'x86_misc_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip torvalds/linux
  4. [4] Merge tag 'x86_cleanups_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip torvalds/linux
  5. [5] Merge tag 'arm64-upstream' of gitolite.kernel.org:pub/scm/linux/kernel/git/arm64/linux torvalds/linux

FAQ

What changed in Linux on June 16, 2026?
Intel's TDX confidential computing now supports in-place security updates without reboots, joining a wave of x86 hardening that lands across encrypted VM architectures.
What should Linux teams do about it?
Test TDX module updates in your confidential computing pipelines • Review SNP preparation error handling if running AMD encrypted VMs • Stage 7.2-rc1 in non-critical arm64 deployments for fpsimd testing
Which Linux repositories shipped on June 16, 2026?
torvalds/linux

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.