Canonical on Feb. 2 made available Ubuntu Core 20, a minimal, containerized version of Ubuntu 20.04 LTS for Internet of Things (IoT) devices and embedded systems.
This major version bolsters device security with secure boot, full disk encryption, and secure device recovery. Ubuntu Core builds on the Ubuntu application ecosystem to create ultra-secure smart things.
“Every connected device needs guaranteed platform security and an app store” said Mark Shuttleworth. “Ubuntu Core 20 enables innovators to create highly secure things and focus entirely on their own unique features and apps, with confinement and security updates built into the operating system.”
Ubuntu Core powers industrial IoT devices. Innovative companies are using it to build and commercialize consumer-fronting devices, ranging from coffee brewers to medical devices, according to Galem Kayo, a product manager at Canonical.
The new Ubuntu Core version 20 boasts notable new device security innovations. Given the increasing numbers and sophistication of attacks by individual and state-sponsored cybercriminals, Canonical’s efforts should be welcomed by both IoT device makers and their customers, according to Charles King, principal analyst at Pund-IT.
“In fact, if the security of remote sensors and similar devices cannot be ensured, the future of IoT and other embedded systems is questionable. Ubuntu Core version 20 demonstrates that Canonical intends to avert such bleak scenarios,” he told LinuxInsider.
What Core Does
Ubuntu Core 20 addresses the cost of design, development, and maintenance of secure devices with regular, automated and reliable updates included. Canonical works with silicon providers and original design manufacturers (ODMs) to streamline the entire process to bring a new device to market.
The company and its partners offer “Smart Start,” a fixed-price engagement to launch a device that covers consulting, engineering, and updates for the first 1,000 devices on certified hardware. The result is a reduction of IoT project risk.
This release builds on established strengths for Ubuntu Core. Security updates support controlled and unattended software updates for OEM fleets, aimed to fix “everything, everywhere, fast.”
Furthermore, Ubuntu Core 20 introduces a device recovery system to minimize downtime due to device maintenance. Admins can backup device configuration to restore manually or remotely, when needed.
Several features in the version 20 release are significant upgrades to the earlier version. For instance, Ubuntu Core 20 improves device endpoint security.
It introduces advanced security capabilities such as:
- Secure boot: Ubuntu Core 20 boots only software that is trusted by the manufacturer of the device on which it runs; and
- Full disk encryption: Ubuntu Core 20 encrypts data stored on devices to prevent unauthorized access.
This diagram shows the elements that make up the containerized structure of the embedded Linux OS for IoT devices and Ubuntu Core 20.
Security for industrial users targeted by Ubuntu Core differ from consumer IoT platforms. The consequences of security breaches are different for industrial and consumer use cases, noted Canonical’s Kayo.
“Ubuntu Core provides the same advanced security capabilities at the OS level for any device irrespective of its use,” he told LinuxInsider.
Reduces Attack Surfaces
The software provides a minimal attack surface for both the operating system and apps. It eliminates unused software installed in the base OS and reduces the size and frequency of security updates.
All snap packages running on Ubuntu Core devices are strictly confined and isolated. This limits the damage from a compromised application.
Provable software integrity and secure boot prevents unauthorized software installation with hardware roots of trust. Full disk encryption eases compliance with privacy requirements for sensitive consumer, industrial, healthcare, or smart city applications.
“App stores underpin the new wave of connected device business models,” said Kayo. “As apps move to the edge, the value of data in remote locations increases. Ubuntu Core 20 adds secure boot with hardware-backed full disk encryption to guarantee confidentiality from physical attackers.”
Bosch Rexroth, a supplier of drives and control technologies, uses Ubuntu Core to power its new ctrlX Automation app store. The combination of the Ubuntu Core OS and snaps creates a software-defined industrial manufacturing platform with an open ecosystem, offered Hans Michael Krause, director of product management PLC and IoT at Bosch Rexroth.
“The system provides faster time to production and stronger security throughout the device lifecycle. Industrial machine builders using this platform can break down the traditional barriers between information technology and operation technology and free themselves from proprietary systems,” he said.
Intel is using Ubuntu Core to drive it process of transforming retail, manufacturing, energy, and healthcare with new generations of compute platforms that are purpose-built for the intelligent edge and IoT, added John Healy, Intel vice president in the Internet of Things Group.
“Intel and Canonical are collaborating to deliver a premium quality Linux. Ubuntu Core will help OEMs respond to an ever growing demand for sector-specific IoT solutions, while empowering ODMs to go to market sooner — all with long-term supply and technical support availability,” he said.
The Raspberry Pi Foundation, a U.K.-based charity, uses a pairing of Raspberry Pi 4 and Ubuntu Core to put the power of computing and digital making into the hands of people all over the world. Raspberry Pi and Ubuntu both foster the spirit of learning, discovery and invention in classrooms and startups around the world, according to Eben Upton, founder of the Raspberry Pi Foundation and CEO at Raspberry Pi (Trading) Ltd.
“From prototype with Ubuntu Server on Raspberry Pi 4 to production with Ubuntu Core on the Raspberry Pi Compute Module, we offer the next generation of inventors a simple path to all of open source,” he said.
Ubuntu Core is free and open source like Canonical’s other Ubuntu desktop and server products. It is commercialized through the Smart Start offering.
This is a fixed-price engagement with Canonical to launch a device running Ubuntu Core. The price covers consulting, engineering and OTA updates for the first 1,000 devices on certified hardware.
“Canonical’s Smart Start offering is targeted at firms seeking to become connected product manufacturers, and it combines hardware certification, software and services to accelerate the development process,” said Christian Renaud, research director of the Internet of Things practice for 451 Research, a part of S&P Global Market Intelligence.
The company has pre-certified hardware (boards) based on either ARM or x86 architectures, has integrated with Raspberry Pi (any model), and offers to perform integration with a customer-selected board if they are not pre-certified, he added.
More Linux Options for IoT
In addition to Canonical, Red Hat has been actively pursuing embedded Linux at the IoT/Edge, as well as developers of proprietary embedded OSes, according to Renaud.
“As we see more robust compute consolidate at the edge in the form of edge-optimized CPUs including Intel Xeon, or even Xeon D, or Keem Bay for low power use cases, it will expand the opportunities for Linux at the edge that were previously out of reach on compute constrained microcontrollers and ECUs in passenger vehicles,” he told LinuxInsider.
Tens of thousands of industrial and consumer IoT devices run Ubuntu Core, brought to market by Bosch Rexroth, Dell, ABB, Rigado, Plus One Robotics, Jabil, and more, noted Canonical.
Ubuntu Core runs on any x86 or ARM devices that meet the minimum requirements specified on the Core 20 datasheet.