Canonical’s Latest Ubuntu Core Release Focuses on Edge Security
Canonical has released Ubuntu Core 20, the latest version of its containerized operating system optimized for edge deployments. This latest release focuses on a particular pain point for edge deployments, that of security, with the introduction of features including secure boot, full disk encryption, and some initial movement toward providing secure device recovery.
In addition to security features, Ubuntu Core 20 is also introducing a consulting service called Smart Start, which the company refers to as “smart things as a service,” intended to help companies bring ideas around Internet of Things (IoT) deployments to fruition.
Offering examples from smart coffee machines to smart cities, Galem Kayo, a product manager for Ubuntu Core at Canonical, says that they have lots of customers coming to them with good ideas, but unsure of how or where to start. Smart Start, he says, is all about unblocking innovation.
“A lot of companies have ideas about smart devices, they want to innovate, but they lack the knowledge to implement such projects,” said Kayo. “We’re offering help building, engineering, and going to market. We’re building the infrastructure that they will need to deploy the device, to maintain the devices at scale, at a fixed price and in a fixed time timeline, in order to really unblock everything on the path to innovation.”
Ubuntu Core was built with this idea of easing edge deployments from the very beginning, having evolved from Ubuntu Snappy and the Ubuntu 8.10 server Just Enough Operating System (JeOS) before that. Every part of the Ubuntu Core operating system, right down to the kernel, the filesystem, and the boot loader, is containerized, which then runs on the SnapD daemon. This containerized approach, said Kayo, makes Ubuntu Core ideal for deployments onto the wide variety of hardware possibilities you might encounter on the edge and in creating smart devices.
“The containerization approach makes it much easier to support different hardware because if you want to build an IoT device on new hardware, you just need to change the container that has your kernel, and the container that has your boot assets,” said Kayo. “And then you reuse all the other stuff that’s on top of that. The container approach makes support much more composable.”
Security is another particular pain point for edge deployments, given the fact that the devices are often physically accessible to potential bad actors, and Ubuntu Core 20 addresses that primarily with the addition of secure boot and full disk encryption features.
Secure boot prevents such a bad actor from physically accessing a device and installing a compromised boot loader or other malware that could then threaten the integrity of your network. Secure boot, explained Kayo, prevents that from happening by “verifying every bit of software in the boot chain” and checking that they originate from the device manufacturer. If they don’t, then the device will not boot. Similarly, full disk encryption prevents on-device data from being accessed by someone who may have physical access to a device in the field.
As for secure device recovery, Kayo says that they have “taken the first step by delivering a recovery system,” and that they expect to make it remotely manageable with the next release. When fully launched, the feature will enable users to securely restore a device remotely to its default configuration, meaning that any compromised device can be brought back online without having to visit it directly in the field.
Looking ahead, Kayo said that Canonical plans to add real-time capabilities to address growing demand with things like smart factories and automotive applications. Beyond that, he sees the advent of “micro clouds” as an area of focus for the edge specific operating system.
“We think that edge cloud, or ‘micro clouds’ as we call them, are on the verge of taking over and Ubuntu Core and Kubernetes distributions like Microk8s are the perfect fit for these types of use cases — small clouds deployed in a retail store, or in a factory, or on a highway for smart city applications, running Ubuntu Core for security, and Microk8s Kubernetes on top of it to orchestrate containers,” said Kayo.