How to Upgrade to the Latest Kernel

Microarchitectural Data Sampling (MDS) Advisory: On 14 May 2019, Intel released a statement regarding Microarchitectural Data Sampling (MDS), a significant security vulnerability that affects cloud providers with multi-tenant environments, including DigitalOcean. In addition to the steps we are taking described on our blog, we strongly recommend that you update your internal Droplet kernels to ensure you have the latest available bug fixes and security patches. You can verify that your Droplets are patched with the instructions here.

Verify the Droplet’s Kernel Management Method

Before you can upgrade your Droplet’s kernel, you need to make sure your Droplet is using internal kernel management.

All Droplets created after March 2017 use internal kernels by default, and older Droplets can be configured to support internal kernels with the DigitalOcean GrubLoader kernel.

If you’re not sure whether your Droplet manages its kernels internally, visit its detail page in the control panel and click Kernel in the navigation. If the kernel management page has the following message, your Droplet is set to use internal kernels natively:

The kernel for this Droplet is not managed within the control panel. Instead, you can upgrade the kernel from within the Droplet.

If you see a Select a Kernel menu with a Change button and the following description instead, your Droplet is using legacy external kernel management:

This will update your configuration. Then power off the server from the command line and boot it from the control panel and the new kernel will be active. To revert, simply select ‘Original Kernel’ and follow the same process.

If your Droplet is using legacy kernel management, you can switch to the DigitalOcean GrubLoader kernel to support internal kernels.

Upgrade the Kernel

Once your Droplet is using internal kernel management, you can upgrade its kernel.

Before upgrading your kernel, you can use the command uname -ir to get the version of the kernel that your Droplet is currently using and your system’s architecture (32-bit or 64-bit). The output will look similar to 3.13.0-43-generic x86_64. The first section (3.13.0-43-generic in this example) is your Droplet’s current kernel version and the second is its architecture (x86_64 in this example, i.e., 64-bit).

If you want to upgrade your Droplet to the latest kernel version, there are two ways to do it:

  • Update all packages. Applying all available package upgrades to your server will pull in the latest stable kernel if available.

  • Update kernel only. Targeting only the kernel for update will not modify any other packages on your server.

The commands you need to run for either option depends on your Droplet’s operating system:

OS Upgrade all packages Upgrade kernel only
Ubuntu sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get update
sudo apt-get install linux-virtual
Debian (64-bit) sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get update
sudo apt-get install linux-image-amd64 linux-headers-amd64
Debian (32-bit) sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get update
sudo apt-get install linux-image-686-pae linux-headers-686-pae
CentOS sudo yum update sudo yum update kernel
Fedora sudo dnf update sudo dnf update kernel

Power Off the Droplet from the Command Line

To ensure data integrity, shut down your Droplet from the command line with this command:

sudo poweroff

Completely powering off the Droplet rather than just rebooting it ensures the Droplet receives the latest virtualization improvements from the hypervisor. To ensure the Droplet is able to take advantage of all updates after upgrading the kernel, it’s necessary to power off rather than reboot the Droplet.

To power the Droplet on, log into the control panel.

Switch on the Droplet in the Control Panel

Locate the Droplet on the Droplet page, click its name, and switch on the Droplet. Power on Droplet

After your Droplet boots, you can use uname -ir again to confirm the new kernel version.