Edoardo Barbieri
on 30 May 2022
Welcome to the concluding chapter of this journey on embedded Linux development with Ubuntu. We covered a lot of ground, so let us quickly recap what we learned so far.
In Part I we introduced Snaps, software packages designed for the world of IoT. Snap packages isolate and encapsulate an entire application, increasing the security and stability of embedded devices.
Snapcraft is the command-line tool to build snaps. It simplifies embedded development by allowing the packaging of any app for any Linux device. Snapcraft keeps your software up-to-date by automatically checking for updates four times a day. Head over to Part II to read more on Snapcraft and how it secures, eases and strengthens embedded Linux development.
In this concluding blog post, we’ll pull the different threads together and introduce Ubuntu Core, a version of the Ubuntu operating system designed and engineered for IoT systems. Built on snaps packages, Ubuntu Core automatically updates itself and its applications to create a confined and transaction-based system ideal for embedded devices.
Let’s dive into it.
A new paradigm for embedded Linux development
In Part I, we discussed several of the challenges inherent in the traditional software distribution mechanisms in Linux. The picture is further complicated when focusing on the embedded part of the compute spectrum.
Linux servers tend to be centralised, supported, expensive, and relatively cheap to fix. But Linux devices are distributed, field-serviced, and expensive to fix. Sending engineers out into the field to repair a compromised system is costly. If the device is relatively inexpensive, these operational expenditures quickly become unfeasible. In short, Linux on devices is different from servers, and lowering the cost of maintenance and the risk of a failure in the field must be a priority when doing embedded Linux development.
Furthermore, IoT is a fragmented but rich market: software vendors need a base that can work across different verticals and “things” to capitalise on the wave of tightly embedded, connected devices.
Ubuntu Core brings consistency to embedded Linux development by focusing on reliability across all connected platforms, regardless of the IoT sector one is operating in. Let’s find out more.
Embedded Linux development with Ubuntu Core
At Canonical, we used snaps to deliver a whole operating system: we built Ubuntu Core on the new packaging format to enable deploying secure and reliable software in production environments in the real world.
Ubuntu Core is a platform for technology suitable across the embedded compute spectrum, from drones and cars to fridges, gateways and robots. As an embedded operating system designed from first boot to be the most secure platform for connected devices, Ubuntu Core meets enterprise standards via automated updates, app stores and software management. Partners bring their software and Canonical handles the rest.
Ubuntu Core addresses the challenges of embedded Linux development via a modular architecture based on snaps, bullet-proof transactional updates, a smooth developer experience via Snapcraft, and built-in security.
App-centric embedded Linux development
Ubuntu Core is a snap-only edition of Ubuntu, packaged and delivered using the new containerised format. The embedded OS packages applications, daemons and tools pulled from multiple upstream sources via snaps. Container primitives lock down and isolate the different functionalities, with applications running in a security sandbox by default, secured by kernel primitives like cgroups and AppArmor. Ubuntu Core containerises the Linux kernel and run-time environments, cleanly decoupling the base system and OS from the installed applications.
As the intelligence of a device is ultimately a function of the software it runs, Ubuntu Core makes every device effectively app-enabled. The device’s primary function is an app, and developers can then ship other apps next to that primary function. Ubuntu Core is application-centric instead of a distribution archive-centric operating system.
The app-centric nature of Ubuntu Core allows publishers to update applications independently of the OS. Ubuntu Core is production-grade because software publishers can decide which updates are signed, certified and delivered to devices.
Efficient updates for embedded Linux development
As argued in Part I, in traditional embedded Linux development software publishers compare the package version on the devices to the repositories and apply a patch to the mismatch. Where conflicts arise, developers only push parts of the update. On the other hand, Ubuntu Core leverages the production-grade software distribution mechanism enabled by Snapcraft and the Snap Store by allowing atomic transactional updates. Delta diffs, downloaded over the air to conserve bandwidth, are patched with the existing snap to create a new version on disk. The system attempts to apply that update and moves forward on success or automatically rolls back in case of failure. Consumers of the embedded device can then access the latest application software avoiding the need to upgrade the entire OS.
Software publishers can mitigate data corruption in case of update failures, as the system maintains the original data and snap before the upgrade, allowing seamless rollbacks as needed. The kernel and the rootfs are transactionally updated and roll back on failure like applications, enabling faster and more reliable updates. Ubuntu Core is reliable as every application and device has backup plans with iterative progressive testing, updates and releases. This makes the vendor code running on edge devices tamper-proof.
During operations, an app may request permission to access the network or consume a file. Software publishers can adjust the confinement level via interfaces if applications require access to the filesystem or hardware or need to talk with each other. Because Ubuntu Core is made to simplify embedded Linux development, changing one line in the YAML file will suffice to provide the software access to a specific resource.
The above qualities aim to address many of the challenges inherent in the traditional embedded Linux development and software distribution model. They effectively increase reliability, predictability and security.
Final considerations
Embedded Linux development is easy on Ubuntu Core, a flavour of Ubuntu optimised for security and reliable updates and fit for the IoT and embedded environments. It’s easy to deploy, tamper-resistant, and hardened against corruption. Its read-only root filesystem is built from the same packages used in the Ubuntu family of Linux distributions but differs in how its snap packages are delivered and updated. Snaps are secure, confined, dependency-free, cross-platform, containerised software packages that bundle their dependencies and ensure a clean separation between the base system and the installed applications on Ubuntu Core.
Embedded Linux development using snaps, Snapcraft and Ubuntu Core is faster, safer and more robust. First, Snapcraft eases discovering new software for your embedded devices as it can package, distribute, and update any app on the global Snap Store. Also, the transactional updates are either 100% successful or not installed at all, leaving no trace of failure other than log details. Your embedded device on Ubuntu Core remains fully operational during both application and system updates.
Unlike more traditional package managers, a failed update never leaves the system in an unpredictable state. And finally, the system can recover or revert to previous states if necessary, even if a system fails to boot.
Further reading
Why is Linux the OS of choice for embedded systems? Check out the official guide to Linux for embedded applications in whitepaper or webinar form.
Interested in a detailed comparison of Yocto and Ubuntu Core? Watch the Yocto or Ubuntu Core for your embedded Linux project? webinar.
Did you hear the news? Real-time Ubuntu 22.04 LTS Ubuntu is now available. Check out the latest webinar on real-time Linux to find out more.
Do you have a question, feedback, or news worth sharing? Join the conversation on IoT Discourse to discuss everything related to the Internet of Things and tightly connected, embedded devices.