Canonical is pushing the security and usability conveniences of managing internet of things (IoT) and edge devices with its June 15 release of Ubuntu Core 22, the fully containerized Ubuntu 22.04 LTS variant optimized for IoT and edge devices.
Combined with Canonical’s technology offer, this release brings Ubuntu’s operating system and services to a complete range of embedded and IoT devices. The new release includes a fully preemptible kernel to ensure time-bound responses. Canonical partners with silicon and hardware manufacturers to enable advanced real-time features out of the box on Ubuntu Certified Hardware.
“Our goal at Canonical is to provide secure, reliable open-source everywhere — from the development environment to the cloud, down to the edge and to devices,” said Mark Shuttleworth, CEO of Canonical. “With this release and Ubuntu’s real-time kernel, we are ready to expand the benefits of Ubuntu Core across the entire embedded world.”
One of the important things about Ubuntu Core is that it is effectively Ubuntu. It is fully containerized. All the applications, kernel, and operating system are strictly confined snaps.
This means that it is ultra-reliable and a perfect fit for unattended devices. It has a lower footprint with all the unnecessary libraries and drivers removed, explained David Beamonte Arbués, product manager for IoT and embedded products at Canonical.
“It uses the same kernel and libraries as Ubuntu and its flavors, and that is something that developers love, as they can share the same development experience for every Ubuntu variant,” he told LinuxInsider.
It has some out-of-the-box security features such as secure boot and full disk encryption to prevent firmware and data manipulation along with preventing firmware replacement, he added.
Certified Hardware Key
Ubuntu’s Certified Hardware Program is a main distinguishing factor in industry response to the Core OS. It defines a range of off-the-shelf IoT and edge devices trusted to work with Ubuntu.
The program uniquely includes a commitment to continuous testing of certified hardware at Canonical’s labs with every security update over the full lifecycle of the device.
Advantech, which provides embedded, industrial, IoT, and automation solutions, strengthened its participation in the Ubuntu Certified Hardware Program, noted Eric Kao, director of Advantech WISE-Edge+.
“Canonical ensures that certified hardware goes through an extensive testing process and provides a stable, secure, and optimized Ubuntu Core to reduce time to market and development costs for our customers,” he said.
Another use example, noted Brad Kehler, COO at KMC Controls, is the security advantage Core OS brings to the company’s range of IoT devices, which are purpose-built for mission-critical industrial environments.
“Security is paramount for our customers. We chose Ubuntu Core for its built-in advanced security features and robust over-the-air update framework. Ubuntu Core comes with 10 years of security update commitment which allows us to keep devices secure in the field for their long life. With a proven application enablement framework, our development teams can focus on creating applications that solve business problems,” he said.
Solving Key Challenges
IoT manufacturers face complex challenges to deploy devices on time and within budget. Ensuring security and remote management at scale is also taxing as device fleets expand. Ubuntu Core 22 helps manufacturers meet these challenges with an ultra-secure, resilient, and low-touch OS, backed by a growing ecosystem of silicon and original design manufacturer partners.
The first key challenge is to enable the OS for their hardware, whether custom or generic, noted Arbués. This is hard work, and many organizations lack the skill to perform kernel porting tasks.
“Sometimes they do have the expertise in-house, but the development can take too long. This can affect both time and budget,” he explained.
IoT devices need to be mostly unattended. They are usually deployed in places with limited or difficult accessibility, he offered. So it is necessary that they are extremely reliable. Sending a technician to the field to recover a bricked or not-starting device is costly, so reliability, low-touch, and remote manageability are key factors to reduce OpEx.
That also enhances the challenge of managing the software of the devices, he added. A mission-critical and bullet-proof update mechanism is critical.
“Manufacturers have to decide at the beginning of their development if they are going to use their own infrastructure or third party for managing the software of the devices,” Arbués said.
Beyond Standard Ubuntu
Core 22’s containerized feature goes beyond the containerized features in non-Core Ubuntu OSes. In Ubuntu Desktop or Server, the kernel and operating system are .deb packages. Applications can run as .deb or as snaps.
“In Ubuntu Core, all the applications are strictly confined snaps,” Arbués continued. “That means that there is no way to access them from other applications except by using some well-defined and secure interfaces.”
Not only are the applications snaps. So are the kernel and the operating system. This is really useful to manage the whole system software, he added.
“Although the classic Ubuntu OSes can use snaps, it is not mandatory to use them strictly confined, so applications could have access to the full system, and the system can have access to the applications.”
In Ubuntu Core strict confinement is mandatory. Additionally, both the kernel and the operating system are strictly confined snaps. Moreover, classic Ubuntu versions are not optimized for size and do not include some of the features that Ubuntu Core has, such as secure boot, full disk encryption, and recovery modes.
Other essential Core 22 features:
Real-time compute support via a real-time beta kernel delivers high performance, ultra-low latency, and workload predictability for time-sensitive industrial, telco, automotive, and robotics use cases.
Dedicated App Store for every device running Ubuntu Core has a dedicated IoT App Store. This offers full control over the apps and can create, publish, and distribute software on one platform. The IoT App Store offers enterprises a sophisticated software management solution, enabling a range of new on-premises features.
Transactional Control for mission-critical over-the-air (OTA) updates of the kernel, OS, and applications. These updates will always complete successfully or roll back automatically to the previous working version so a device cannot be “bricked ” by an incomplete update. Snaps also provide delta updates to minimize network traffic, and digital signatures to ensure software integrity and provenance.