Canonical is emphasizing the security and usability suitability of Internet of Things (IoT) and edge devices management with its June 15 release of Ubuntu Core 22, a fully containerized Ubuntu 22.04 LTS variant optimized for IoT and edge devices Is.
In line with Canonical’s technology offering, this release brings Ubuntu’s operating system and services to the full range of embedded and IoT devices. The new release includes a fully extensible kernel to ensure timely responses. Canonical partners with silicon and hardware manufacturers to enable advanced real-time features on Ubuntu certified hardware.
“At Canonical, we aim to provide secure, reliable open-source access everywhere – from the development environment to the cloud, to the edge and across devices,” said Mark Shuttleworth, Canonical CEO. “With this release and Ubuntu’s real-time kernel, we are ready to extend the benefits of Ubuntu Core throughout the embedded world.”
One important thing about Ubuntu Core is that it is effectively Ubuntu. It is fully containerized. All applications, kernels and operating systems are strictly limited snaps.
This means it is ultra-reliable and perfect for unattended devices. It has removed all unnecessary libraries and drivers, said David Beamonte Arbushes, product manager for IoT and embedded products at Canonical.
“It uses the same kernel and libraries as Ubuntu and its flavors, and it’s something that developers love, because they can share the same development experience for every Ubuntu version,” he told LinuxInsider.
He said it has some out-of-the-box security features such as secure boot and full disk encryption to prevent firmware replacement, as well as firmware and data manipulation.
certified hardware key
Ubuntu’s certified hardware program is a key distinguishing factor in the industry’s response to Core OS. It defines a range of trusted IoT and edge devices to work with Ubuntu.
The program typically includes a commitment to continuous testing of certified hardware in Canonical’s laboratories with every security update throughout the device’s lifecycle.
Advantech, which provides embedded, industrial, IoT and automation solutions, strengthened its participation in the Ubuntu Certified Hardware program, said Eric Cao, director of Advantech Wise-Edge+.
“Canonical ensures that certified hardware undergoes an extensive testing process and provides a stable, secure and optimized Ubuntu core to reduce market and development costs for our customers,” he said.
Another usage example, Brad Kehler, COO of KMC Controls, is the security benefits that Core OS brings to the company’s range of IoT devices, which are purpose-built for mission-critical industrial environments.
“Safety is of paramount importance to our customers. We chose Ubuntu Core for its built-in advanced security features and robust over-the-air update framework. Ubuntu Core comes with a 10-year security update commitment that allows us to keep devices safe in the field for their longer life. With a proven application enablement framework, our development team can focus on building applications that solve business problems,” he said.
solving major challenges
IoT manufacturers face complex challenges to deploy devices on time and within budget. As the device fleet expands, so too does ensuring security and remote management are taxing. Ubuntu Core 22 helps manufacturers meet these challenges with an ultra-secure, resilient and low-touch OS, backed by a growing ecosystem of silicon and original design maker partners.
The first major challenge is to enable the OS for their hardware, be it custom or generic, the well-known Arbus. It’s hard work, and many organizations lack the skills to perform kernel porting tasks.
“Sometimes they have in-house expertise, but development can take a lot longer. This can affect both time and budget,” he explained.
IoT devices should be mostly unattended. They are usually deployed in places with limited or difficult access, he offered. It is therefore essential that they be extremely reliable. It is costly to send a technician to the field to recover a bricked or unstarted device, so reliability, low touch, and remote manageability are key factors in reducing OpEx.
He added that this also adds to the challenge of managing the software of the devices. A mission-critical and bullet-proof update mechanism is critical.
“Manufacturers have to decide early in their development whether they are going to use their own infrastructure or third parties to manage the software for the devices,” Arbus said.
Beyond Standard Ubuntu
The containerized feature of Core 22 extends beyond the containerized features in non-core Ubuntu OSes. In Ubuntu Desktop or Server, the kernel and operating system are .deb packages. Applications can run as .deb or snap.
“In Ubuntu Core, all applications are strictly limited snap,” Arbusue continued. “This means that there is no way to access them from applications other than using some well-defined and secure interfaces.”
Not only applications are snaps. So are the kernel and operating system. He said that it is really useful to manage the whole system software.
“Although classic Ubuntu OSes can use Snaps, it is not mandatory to use them strictly limited, so applications can have access to the full system, and the system can have access to applications.”
Strict imprisonment is mandatory in Ubuntu Core. Additionally, both the kernel and the operating system are strictly limited snaps. In addition, the classic Ubuntu versions are not optimized for size and do not include some of the features of Ubuntu Core, such as secure boot, full disk encryption, and recovery mode.
Other Essential Core 22 Features:
- Real-time compute support via a real-time beta kernel provides high performance, ultra-low latency and workload predictability for time-sensitive industrial, telco, automotive and robotics use cases.
- There is a dedicated IoT App Store in the dedicated App Store for each device running Ubuntu Core. It provides complete control over apps and can create, publish and distribute software on a single platform. The IoT App Store provides enterprises with a sophisticated software management solution, enabling a range of new on-premises features.
- Transactional control for mission-critical over-the-air (OTA) updates of kernel, OS, and applications. These updates will always complete successfully or automatically revert to the previous working version so that a device cannot be “britched” by an incomplete update. Snap also provides delta updates to reduce network traffic, and digital signatures to ensure software integrity and provenance.
More information about Ubuntu Core 22 can be found at ubuntu.com/core.
Download images for some of the most popular platforms or browse all supported images here.