• FDE: measure DeployedMode and AuditMode variables if they appear as disabled in the event log to avoid a potential reseal-failure boot loop
• LP: #2141328 FDE: reuse preinstall check context during install to account for user-ignored errors
• LP: #2139611 FDE: fix db updates by allowing multiple payloads
• LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising memory lock limit when required
• LP: #2139099 snap-confine: bump the max element count of the BPF map used to store IDs of allowed/matched devices to 1000
• LP: #2141607 Desktop: revert change that caused user daemons declaring the desktop plug to implicitly depend on graphical-session.target
• Interfaces: Added pidfd_open and memfd_secret to seccomp template
• Interfaces: camera | add locking permission for /dev/video