Ubuntu Core features
An OS that's optimised for IoT and embedded systems
Agile containerization
Ubuntu Core architecture is built on a worldwide used and edge developed container; snaps. Through this containerization, there is a clean separation between the kernel, OS image and applications. Develops has never been so easy:
- Secure, immutable and strictly confined containerization
- Consistent, independent, and reliable software updates
- Architectural flexibility with both Arm and x86 architectures supported
OTA updates
Over the air updates for Linux done right
- Transactional updates for reliability
- Diffs only to minimise network traffic
- Digital signatures to guarantee integrity and provenance
Secure boot
Ubuntu Core 20 authenticates the boot process by default. Authentication is based on the verification of digital signatures. This means:
- Each component in the boot sequence cryptographically validates the authenticity of the subsequent component in the boot sequence.
- Every component is measured, before it is loaded in the runtime memory space
- If an improper or unsigned component is detected, the boot process is stopped
- Supports for both hardware and software Root of Trust
Full disk encryption
Ubuntu Core uses digital signatures to cryptographically ensure data integrity with:
- Disks are locked with private key based cryptography
- Private keys for hardware, TPM and other secure layers are securely stored
- Symmetric key encryption enabled by use of specialised software-enabled stores
Recovery mode
Ubuntu Core offers a recovery mode that can be activated manually when booting or remotely via an API call. It additionally offers:
- A graphical user interface to manage recovery options
- Snapshots of configuration settings and software bills of materials are backed up in the recovery system
Validation sets
Straightforward installation logic. With validations sets developers can guarantee the installation of specific applications that are either required to be installed together or are permitted to be installed together on a device or system. Unlock:
- Updated consistently and simultaneously towards well defined and predictable revisions
- Increases the compatibility and consistency between applications
- Improve out-of-the-box experience for end-user
Remodelling
For those working with resellers or system integrators, Ubuntu Core remodelling feature allows changing any of the elements of your device model assertion. Brand, model, IoT App Store ID or version are some of the contexts that can be changed:
- Enable resellers to rebrand devices
- Easy migration path between UC20 and UC22
What's under the hood
Ubuntu Core is ideal for embedded devices because it manages itself. Snaps, Snapd and Snapcraft bring security and robustness. Applications are easy to install, easy to maintain, and easy to upgrade.
Snaps
Ubuntu Core is built from snaps, a secure, confined, dependency-free, cross-platform Linux packaging format. Snaps are entirely self-contained, even to the point of encapsulating their own file system. This means they include everything they need to run in any environment. They're used by Ubuntu Core to both compose the image that's run on a device, and to deliver consistent and reliable software updates, even to low-powered, inaccessible and remotely administered embedded and IoT systems.
Snapd
Snapd is the background service that manages and maintains installed snaps. Alongside its various service and management functions, snapd:
- Provides an API used to install and remove snaps and interact with snaps
- Implements confinement policies that isolate snaps from the base system and from other snaps
- Governs the interfaces that allow snaps to access specific system resources outside of their container
Snapcraft
Snapcraft is a powerful and easy to use tool for building and publishing snaps. It helps you:
- Build and then publish your snaps to your IoT app store
- Fine version control of updates and releases
- Build and debug snaps within a confined environment
- Update and iterate over new builds without rebuilding the environment
- Test and share your snaps locally
Secure your devices
Get in touch with a Ubuntu security expert to discuss the advanced security requirements of your application.