The systemd 261 release brings a software TPM, new OS installer

Staff Editor 2026-06-21
The systemd 261 release brings a software TPM, new OS installer

The systemd 261 release brings a software TPM, new OS installer

https://www.helpnetsecurity.com/2026/06/22/systemd-261-released/

Publish Date: 2026-06-21 18:30:00

Source Domain: www.helpnetsecurity.com

Linux distributions that ship systemd as their init system now have a new version to track. The systemd 261 update adds a cloud metadata subsystem, carries process state through kexec reboots, and continues a long-running effort to load external libraries on demand.

Cloud metadata gets a local interface

systemd 261 adds an IMDS subsystem for cloud instance metadata. A daemon, systemd-imdsd, provides a local Varlink API that gives programs access to instance metadata services. A hardware database file recognizes public clouds by their SMBIOS information and records how to reach metadata on each node. The recognized clouds include Amazon EC2, Microsoft Azure, Google Compute Engine, Hetzner, Oracle Cloud, Scaleway, Tencent Cloud, Alibaba ECS, and Vultr.

A companion tool, systemd-imds, acts as a client and imports metadata fields into system credentials for later services to consume. Acquired metadata is measured before import. Operators can lock down network access to cloud metadata services through a build option.

State survives a kexec reboot

PID1 now supports the kernel’s Live Update Orchestration and Kexec Handover mechanisms when they are present and enabled. System units’ file descriptor stores can persist through a kexec, and units receive their stashed file descriptors back afterward where the kernel supports the descriptor type. Units enable this by setting FileDescriptorStorePreserve=yes. User session managers and systemd-nspawn containers gained matching support, letting user units and container payloads carry state across session restarts and kexec reboots.

TPM and boot changes

A new service, systemd-tpm2-swtpm.service, can run IBM’s swtpm as a software TPM for systems that lack physical hardware, gated behind a kernel command line option. A new condition, ConditionSecurity=measured-os, checks whether a system booted with measured-boot semantics. systemd-stub maintains a boot secret derived from a persistent EFI variable and passes it to…

Source

More Stories

Appia Foundation targets AI conformity evidence across supply chains

Appia Foundation targets AI conformity evidence across supply chains

Staff Editor 2026-06-21
Linuxiac Weekly Wrap-Up: Week 25, 2026 (June 15 – 21)

Linuxiac Weekly Wrap-Up: Week 25, 2026 (June 15 – 21)

Staff Editor 2026-06-21
NVIDIA Prepares For Next-Gen GPU Architectures As “Blackwell-Next” Spotted In Linux 7.2 Kernel Patch

NVIDIA Prepares For Next-Gen GPU Architectures As “Blackwell-Next” Spotted In Linux 7.2 Kernel Patch

Staff Editor 2026-06-21

Terms and Conditions - Privacy Policy