Ubuntu 26.04 LTS: Linux 7.0, Confidential Computing, and Infrastructure Powerhouse

Ubuntu 26.04 LTS (Resolute Raccoon) has been released in April 2026, marking a significant milestone for server and infrastructure deployments. As the latest long-term support release, this version introduces Linux kernel 7.0, a new HWE virtualization stack model, Intel TDX confidential computing host support, and numerous improvements across virtualization, databases, and security. Given Ubuntu's popularity and the LTS edition's biennial release cycle with five years of support, this release carries substantial weight for enterprise deployments and homelab enthusiasts alike.

Linux Kernel 7.0 and Hardware Enablement

The most significant upgrade is the jump from Linux kernel 6.8 to 7.0, delivering improved hardware support and performance optimizations. The kernel update brings several notable features:

• Intel Panther Lake Support: Enhanced support for Intel Core Ultra Series 3 processors with targeted optimizations for Intel Xe3 integrated graphics and the integrated NPU (Neural Processing Unit)
• EtherCAT Industrial Networking: Integrated IgH EtherCAT module and generic driver for real-time industrial Ethernet networks
• Real-Time Kernel Availability: The PREEMPT_RT real-time kernel is now available in the main archive outside of Ubuntu Pro, following upstream integration
• ARM64 Livepatch Support: Kernel Livepatch now supports ARM64 architecture for security patches without rebooting
• Crash Dumps Enabled by Default: Kdump is enabled by default for desktop and server installations
• Sched_ext Support: New eBPF-based scheduling system allows user-space scheduler implementation

Notably, the lowlatency kernel package has been retired in favor of linux-generic, combined with the user-space lowlatency-kernel package for tuning GRUB command line parameters. This change simplifies kernel management while maintaining performance optimization capabilities.

Virtualization Stack Updates

The virtualization stack receives substantial updates, including QEMU, libvirt, edk2, and seabios improvements:

• NVIDIA Multi-Instance GPU (MIG): Support for NVIDIA MIG configurations in libvirt and QEMU
• Intel TDX Support: Continued support for Intel Trusted Domain Extensions, confidential computing with host-side enablement
• Firmware Selection: Better firmware selection capabilities in libvirt
• NUMA Affinity: Support for NUMA affinity of PCI devices, crucial as systems grow to larger topologies where latency and bandwidth are under scrutiny
• NVMe Disk Support: Enhanced NVMe disk management
• AMD IOMMU and SEV-SNP: AMD IOMMU device support and SEV-SNP confidential computing features
• RISC-V RVA23 Profile: Support for RISC-V RVA23 profile specification

A new Hardware Enablement (HWE) virtualization stack is introduced, similar to the HWE kernel model. This virt-hwe stack includes qemu-hwe, libvirt-hwe, seabios-hwe, and edk2-hwe packages that will be updated twice yearly to align with interim releases while maintaining stability on the LTS base.

Database and Application Server Updates

Ubuntu 26.04 LTS brings major updates to database servers and application runtimes:

Database Servers

• PostgreSQL 18: New I/O subsystem with up to 3x performance improvements for storage reads, improved index utilization, virtual generated columns, uuidv7() function for better indexing, and OAuth 2.0 authentication support
• MySQL 8.4 LTS: MySQL's first official long-term support release with internal improvements and configuration changes (32-bit server support removed)
• DocumentDB: New MongoDB-compatible document database built on PostgreSQL, starting with version 0.108-0

Application Runtimes

• Valkey 9.0: Updated to version 9.0 with atomic slot migrations and hash field expiration
• PHP 8.5: Property hooks, asymmetric visibility, updated DOM API, URI extension, pipe operator, clone with functionality, NoDiscard attribute, closures in constant expressions, persistent cURL share handles, array_first() and array_last() functions
• Django 5.2 LTS: Updated from Django 4.2 LTS to the latest long-term support release
• .NET 10: Updated from .NET 8 with expanded IBM Power platform support
• OpenJDK 25: Default Java version updated to OpenJDK 25, TCK certified on AMD64, ARM64, S390X, and PPC64EL; LTS versions 8, 11, 17, and 21 also available
• GCC 15.2: Compiler toolchain updates, including binutils 2.46 and glibc 2.43
• Python 3.14: Updated from Python 3.12
• Rust 1.93, LLVM 21, and Golang 1.25: Modern toolchain updates for systems programming

Infrastructure Service Upgrades

Several key infrastructure services receive significant updates:

• OpenSSH 10.2: The upgrade from OpenSSH 9.6p1 includes a post-quantum hybrid key exchange algorithm "mlkem768x25519-sha256" available by default, and the removal of weak DSA signature algorithm support
• Chrony Default Time Daemon: Chrony replaces systemd-timesyncd as the default time synchronization daemon for new installations. NTS (authenticated and encrypted NTP) uses Ubuntu time servers by default, configured in /etc/chrony/sources.d/ubuntu-ntp-pools.sources
• Samba 4.23: Major update with SMB3 Unix Extensions enabled by default, NetBIOS disabled by default for fresh installs, LDAP TLS/SASL channel binding support, Group Managed Service Accounts, and functional level 2012R2 support claim
• HAProxy 3.2 LTS: Updated to the latest upstream LTS release with performance improvements, faster QUIC protocol support, detection of accidental multiple Runtime API commands, stricter URI parsing, and renamed tune.ssl.ocsp-update to tune.ocsp-update

Security Enhancements

Security receives substantial attention in this release:

• Post-Quantum Cryptography: OpenSSL includes support for post-quantum cryptography algorithms (ML-KEM, ML-DSA, SLH-DSA) and QUIC client/server support. OpenSSH enables hybrid post-quantum key exchange by default
• Intel TDX Host Support: Hardware-based confidential computing with Intel Trusted Domain Extensions provides isolated virtual machines (Trusted Domains) that protect guest workloads from hypervisor, host OS, and other VMs through encrypted memory and hardware-level isolation. Guest support available from Ubuntu 24.04 LTS; host support began in Ubuntu 25.10
• AppArmor Profiles: New AppArmor sandboxing profiles added for many applications to improve system security through better confinement
• cargo-auditable Support: Rust packages built on Launchpad now have opt-in cargo-auditable support, embedding JSON-formatted dependency metadata in binaries for CVE impact assessment

Container and Virtualization Upgrades

The container stack receives updates to support modern deployment needs:

• Container Stacks: The containerd and runc packages follow a pattern of either regular updates to the latest versions or slower stable paths throughout the release lifecycle, providing flexibility for different deployment requirements
• Cloud images use AMD64v3: All cloud provider AMD64 images are now built with AMD64v3 microarchitecture level by default

System Changes and Requirements

Several system-level changes impact deployment and compatibility:

Architecture Requirements

• RISC-V: Only supports hardware implementing RVA23S64 ISA profile; Ubuntu 24.04 LTS continues supporting earlier RVA20 cores
• IBM Z: Minimum z15 architectural level required; z14 and older no longer supported; performance improved on z15 and newer
• Samba i386: python3-samba package no longer built for i386 due to python3-cryptography dependency

Common Infrastructure Changes

• sudo-rs Default: Rust-based sudo implementation is now default; original sudo renamed to sudo.ws; sudo-ldap package removed in favor of LDAP via PAM
• rust-coreutils: Core utilities now provided by rust-coreutils with performance improvements (GNU utilities remain available for compatibility)
• Dracut Default: Dracut replaces initramfs-tools as default initial ramdisk infrastructure; supports Bluetooth and NVMe-oF in initrd
• APT 3.1: New dependency solver, switched from GnuTLS to OpenSSL for TLS connections, automatic pager for show/list commands, apt-key command removed

Performance and Build Recommendations

For those deploying Ubuntu 26.04 LTS in production environments, several considerations emerge:

Server Build Recommendations

• Virtualization Hosts: The new HWE virtualization stack provides excellent support for both KVM and VMware virtualization, with particular attention to NUMA affinity for large deployments
• Database Servers: PostgreSQL 18's I/O subsystem improvements make it particularly suitable for storage-heavy workloads, while MySQL 8.4 LTS offers the first official long-term support option
• Security-Conscious Deployments: Intel TDX support provides hardware-level isolation for sensitive workloads, while post-quantum cryptography readiness ensures forward security

Performance Considerations

• Kernel Performance: Linux kernel 7.0 brings optimizations for Intel Core Ultra processors, particularly around the integrated NPU and Xe3 graphics
• Real-Time Workloads: The availability of PREEMPT_RT in the main archive simplifies deployment for time-sensitive applications
• ARM64 Systems: Enhanced ARM64 support, including livepatching, makes this release particularly attractive for ARM-based server deployments

Support Timeline

Ubuntu 26.04 LTS is supported until April 2031 with five years of standard security updates and critical bug fixes. The Ubuntu Pro subscription extends support to 10 years with ESM (Extended Security Maintenance). This support timeline makes it an attractive option for enterprise deployments requiring long-term stability.

Final Thoughts

Ubuntu 26.04 LTS delivers substantial infrastructure improvements for server deployments, from Linux kernel 7.0's hardware enablement through PostgreSQL 18's performance gains and Intel TDX confidential computing host support. The new HWE virtualization stack model and post-quantum cryptography readiness position this release for modern datacenter requirements.

The removal of older architecture support (IBM Z z14 and earlier, RISC-V RVA20) reflects Ubuntu's progression toward contemporary hardware platforms while maintaining broad compatibility across AMD64v3-capable systems deployed in the past decade. Adding post-quantum encryption readiness in OpenSSL may seem small, but quantum is moving fast, and this forward-thinking approach will benefit users for years to come.

For those looking to deploy Ubuntu 26.04 LTS, the release notes provide comprehensive information about all changes and updates. As with any major release, testing in non-production environments is recommended before full-scale deployment.