Secure to the core: IoT Ubuntu Core Linux 20 released

The latest embedded Ubuntu Linux makes a particular point of securing the operating system against all attackers.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Canonical's Ubuntu is best known for its Linux desktop, but the company really makes its profits from the cloud and -- CEO and founder Mark Shuttleworth has said -- from its Internet of Things (IoT) Linux distribution Ubuntu Core.

In its latest release, Ubuntu Core 20, Canonical has gone to great pains to make it the most secure IoT and embedded Linux available on the market today. According to a third-party security audit by Rule4, a global cybersecurity provider:

Ubuntu Core takes a security-first approach, ensuring that security is built-in throughout the entire application and device lifecycle. While most of the Ubuntu Core attributes directly support security in some manner, the architecture itself establishes a secure foundation that is easily built upon. This includes a minimal operating system and kernel, with device drivers are packaged and installed as snaps, as are gadget-specific applications. At runtime, individual applications are rigidly sandboxed via a policy-based system that restricts access to the filesystem, network interfaces, system calls, and other standard Linux facilities. This approach provides an extraordinary amount of fine-grained security control that can be used to ensure that both the device and any associated data is adequately protected. Out of the box, Ubuntu Core provides the ability to easily deploy security updates across the application, gadget, and base system. 

Specifically, the new Ubuntu Core supports controlled and cost-effective unattended software updates for device families. These fix everything, everywhere, fast on your shipping devices.  It also includes a minimal attack surface for OS and apps, with no unused software installed in the base OS. This, in turn, reduces the size and frequency of security updates. 

Helping to lock down Ubuntu Core, all snaps are strictly confined and isolated. This way, even if an application is compromised, the design limits the damage it can cause. In addition, provable software integrity and secure boot prevents unauthorized software installation, with hardware roots-of-trust. Full disk encryption eases compliance with privacy requirements for sensitive consumer, industrial, healthcare, or smart city applications.

Galem Kayo, Ubuntu Core's Product Manager added,  "As apps move to the edge, the value of data in remote locations increases. Ubuntu Core 20 adds secure boot with hardware-backed full disk encryption to guarantee confidentiality from physical attackers."

This new release is already finding fans. Eben Upton, CEO of the Raspberry Pi Foundation, said in a statement, "Raspberry Pi and Ubuntu both foster the spirit of learning, discovery, and invention in classrooms and startups around the world. From prototype with Ubuntu Server on Raspberry Pi 4, to production with Ubuntu Core on the Raspberry Pi Compute Module, we offer the next generation of inventors a simple path to all of open source."

Canonical is not just offering Ubuntu Core 20 as a standalone operating system. Instead of leaving you to work out for yourself how to integrate it with your device's design, Canonical and its partners offer Smart Start,  a fixed-price contract to help you launch your device. This package covers consulting, engineering, and updates for the first 1,000 devices on certified hardware to make sure your IoT works right before it gets to your customers. 

451 Research the global technology research and advisory firm, expects Smart Start to do well for both Canonical and its device customers.  Christian Renaud, 451 Research analyst, said: "The Smart Start offering is targeted at firms seeking to become connected product manufacturers, and it combines hardware certification, software, and services to accelerate the development process. The company has pre-certified hardware (boards) based on either ARM or x86 architectures, has integrated with Raspberry Pi (any model), and offers to perform integration with a customer-selected board if they are not pre-certified."

Ubuntu Core is widely available and certified on the most popular x86 and ARM single board computers, making it accessible to all. Canonical stands behind its operating system and its security mechanism with a 10-year support plan.

Canonical's Shuttleworth has high hopes for Ubuntu Core 20:  "Every connected device needs guaranteed platform security and an app store Ubuntu Core 20 enables innovators to create highly secure things and focus entirely on their own unique features and apps, with confinement and security updates built into the operating system." 

In other words, Ubuntu Core can deliver the operating system and software goods modern embedded, IoT, and Edge Computing companies need for their products.

Related Stories:

Editorial standards