Ubuntu Core 20 Linux Gets Bolstered Security, Full Disk Encryption for Embedded, IoT
Canonical’s latest Ubuntu Core 20 Linux operating system now features several important security updates, including anti-malware and anti-hijacking technologies and full-disk encryption capabilities.
The new version of Ubuntu Core 20, which is built as a minimal, containerized version of Ubuntu Linux 20.04 for use with embedded systems and IoT, was announced by the company this week. Ubuntu Core has been in production since 2016.
The latest anti-malware and anti-hijacking technologies are part of Ubuntu’s new Secure Boot feature, which provides every device running Ubuntu Core 20 with automatic verification of the source of any software, including the name of the person who signed for the software and installed it on the device.
The inclusion of Secure Boot means that attackers won't be able to hijack a device and install malicious software that can cause damage, Galem Kayo, the product manager for Ubuntu Core, told EnterpriseAI. “Ubuntu Core verifies that all the software on the device is signed at every boot,” he said.
The new full disk encryption feature means that attackers won’t be able to extract data stored on a device running Ubuntu Core, said Kayo.
“This protects the privacy of end users, so if they're using cameras or voice assistance stuff and someone steals the device, they won't be able to extract the data,” said Kayo. “We added this level of security.”
Smart Start: A New Way to Guide IoT Project Development
Also new for the OS is Smart Start, a fledgling service that aims to help companies that want to manufacture IoT devices by guiding them along in the process. Smart Start addresses the cost of design, development and maintenance of secure devices, while providing regular and automated updates. To accomplish this goal, Canonical works with chip vendors and Original Design Manufacturers (ODMs) to streamline the process and make it easier to bring a new device to market. Smart Start includes consulting, engineering and more for the first 1,000 devices on certified hardware, all to reduce IoT project risk.
“We basically reduce the job to be done [by customers to create their IoT devices] to building an app [for the product],” said Kayo. “We do the rest for them for a fixed price, for a fixed duration. We did that because we realized that this knowledge was a blocker for many companies that wanted to [build and] connect smart devices.”
By using a minimal base version of the company’s flagship Ubuntu Linux 20.04, Ubuntu Core provides a minimal attack surface for the OS and apps and leaves no unused software installed in the base OS, according to the company. That reduces the size and frequency of security updates and also reduces its profile to attackers who may want to attempt to cause havoc. The new full disk encryption can ease compliance and privacy concerns for sensitive consumer, industrial, healthcare or smart city applications.
Ubuntu Core is certified for use on x86 and ARM single board computers. Tens of thousands of industrial and consumer IoT devices run Ubuntu Core, brought to market by Bosch Rexroth, Dell, ABB, Rigado, Plus One Robotics, Jabil and others.
Ubuntu Core was born after the company realized that there was a large community of developer innovators who were trying to use Ubuntu to develop embedded devices using the new generation of embedded platforms that were emerging like the Raspberry Pi, said Kayo.
“When we started paying attention, we realized the center of gravity of computing was going to change,” he said. “We realized that there was a gap there. At that point, we decided to do Ubuntu Core and the question that we asked ourselves was ‘what's the right Linux for this emerging world of embedded computers everywhere connected to the internet?’ This is when we started doing engineering.”
The Role of AI
While serving IoT and embedded uses are the goals of the Ubuntu Core 20 operating system, none of this could be done without the presence of critical tools such as AI, said Kayo.
“We think that IoT is an emerging trend, but the end game of IoT is AI, because of the data stream that IoT generates,” he said. “It ends up in AI models that are eventually delivered at the edge closer to the source of these devices. We're seeing it happen in manufacturing already a lot, but it will come to all the domains of IoT, from consumer IoT with devices like Alexa and more.”
IoT generates a new stream of data that did not exist before and that data is now turning into intelligence for customers, said Kayo.
“And the best place to deploy this intelligence is at the edge, where it's closer to the source of data for latency, for performance and for privacy reasons, where embedded is having the right operating system,” he said. “In this way, features like security are important, to secure this data which is privacy-sensitive. When you think about cameras that do facial recognition or that monitor production lines in manufacturing, or the Alexa devices in your house that listen to everything you are saying, it is critical that it needs to be secure. And this is why we putting [deeper] security on Ubuntu Core.”
Bill Weinberg, principal analyst with research firm Linux Pundit, said that for IoT and embedded device makers, there are already dozens of available embedded/IoT OSes available in the marketplace. That includes a wide range of commercial, off-the-shelf versions of Linux as well as roll-your-own Linux platforms, plus Android, versions of Windows, BlackBerry QNX and more.
“That being said, Ubuntu Core seems to enjoy a substantial set of design wins,” said Weinberg. “The design and support services offered by Canonical, along with a robust ecosystem of software and hardware suppliers, makes the platform a solid choice for many IoT/embedded applications.”
IoT and embedded stacks and applications vary greatly in compute load, scope, role and locale along a wide spectrum of devices and uses, said Weinberg. “While many nodes along this spectrum share the possibility of running the same or comparable platform software, there’s no single right-sized solution. IoT/embedded devices at the edge and beyond, which would seem to be the target of Ubuntu Core 20, could certainly benefit from the new features and capabilities of the updated Canonical platform if the underlying hardware is capable of running a version of Linux and if the design requirements justify the overhead of deploying 32/64-bit CPUs with sufficient storage and other resources.”
But that won’t work everywhere, he added. “Many IoT/embedded devices, new designs and legacy systems, today deploy and will continue to field more modest hardware bills of materials that run real-time operating systems or other scaled-down software systems, even as hardware profiles and embedded Linux requirements continue to converge.”