Categories: BlogCanonicalUbuntu

Embedded Linux development on Ubuntu – Part III

Welcome to the concluding chapter of this journey on embedded Linux development with Ubuntu. We covered a lot of ground, so let us quickly recap what we learned so far.

In Part I we introduced Snaps, software packages designed for the world of IoT. Snap packages isolate and encapsulate an entire application, increasing the security and stability of embedded devices.

Snapcraft is the command-line tool to build snaps. It simplifies embedded development by allowing the packaging of any app for any Linux device. Snapcraft keeps your software up-to-date by automatically checking for updates

Sponsored
four times a day. Head over to Part II to read more on Snapcraft and how it secures, eases and strengthens embedded Linux development.

In this concluding blog post, we’ll pull the different threads together and introduce Ubuntu Core, a version of the Ubuntu operating system designed and engineered for IoT systems. Built on snaps packages, Ubuntu Core automatically updates itself and its applications to create a confined and transaction-based system ideal for embedded devices. 

Porting the traditional embedded Linux development model to the modern app-centric world of interconnected devices uncovers many challenges, from applications tightly coupled to the OS having to target a specific release, decreasing developer velocity, to broken upgrades in one part of the device preventing refreshes in the rest of the system. On the other hand, the combination of Ubuntu Core, Snapcraft and snaps offers a production-grade platform for secure, open-source development, fast software deployment and global collaboration.

Let’s dive into it.

A new paradigm for embedded Linux development 

In Part I, we discussed several of the challenges inherent in the traditional software distribution mechanisms in Linux. The picture is further complicated when focusing on the embedded part of the compute spectrum

Ubuntu is the OS for most public cloud workloads as well as the emerging categories of smart gateways, self-driving cars and advanced robots.

Linux servers tend to be centralised, supported, expensive, and relatively cheap to fix. But Linux devices are distributed, field-serviced, and expensive to fix. Sending engineers out into the field to repair a compromised system is costly. If the device is relatively inexpensive, these operational expenditures quickly become unfeasible. In short, Linux on devices is different from servers, and lowering the cost of maintenance and the risk of a failure in the field must be a priority when doing embedded Linux development.

Furthermore, IoT is a fragmented but rich market: software vendors need a base that can work across different verticals and “things” to capitalise on the wave of tightly embedded, connected devices.

Ubuntu Core brings consistency to embedded Linux development by focusing on reliability across all connected platforms, regardless of the IoT sector one is operating in. Let’s find out more.

From smart homes to smart drones, robots, and industrial systems, Ubuntu Core is the new standard for embedded Linux.

Embedded Linux development with Ubuntu Core

At Canonical, we used snaps to deliver a whole operating system: we built Ubuntu Core on the new packaging format to enable deploying secure and reliable software in production environments in the real world.

Ubuntu Core is a platform for technology suitable across the embedded compute spectrum, from drones and cars to fridges, gateways and robots. As an embedded operating system designed from first boot to be the most secure platform for connected devices, Ubuntu Core meets enterprise standards via automated updates, app stores and software management. Partners bring their software and Canonical handles the rest.

Ubuntu Core addresses the challenges of embedded Linux development via a modular architecture based on snaps, bullet-proof transactional updates, a smooth developer experience via Snapcraft, and built-in security. 

App-centric embedded Linux development

Ubuntu Core is a snap-only edition of Ubuntu, packaged and delivered using the new containerised format. The embedded OS packages applications, daemons and tools pulled from multiple upstream sources via snaps. Container primitives lock down and isolate the different functionalities, with applications running in a security sandbox by default, secured by kernel primitives like cgroups and AppArmor. Ubuntu Core containerises the Linux kernel and run-time environments, cleanly decoupling the base system and OS from the installed applications.

Each snap can have three levels of confinement from the system: strict (running in complete isolation), classic (allowing access to the system’s resources as traditional packages) and devmode (running as strictly confined with full access to system resources).

As the intelligence of a device is ultimately a function of the software it runs, Ubuntu Core  makes every device effectively app-enabled. The device’s primary function is an app, and developers can then ship other apps next to that primary function. Ubuntu Core is application-centric instead of a distribution archive-centric operating system.

The app-centric nature of Ubuntu Core allows publishers to update applications independently of the OS. Ubuntu Core is production-grade because software publishers can decide which updates are signed, certified and delivered to devices. 

Sponsored
Every embedded device running Ubuntu Core has guaranteed platform security and an App Store, underpinning the new wave of connected device business models

Efficient updates for embedded Linux development

As argued in Part I, in traditional embedded Linux development software publishers compare the package version on the devices to the repositories and apply a patch to the mismatch. Where conflicts arise, developers only push parts of the update. On the other hand, Ubuntu Core leverages the production-grade software distribution mechanism enabled by Snapcraft and the Snap Store by allowing atomic transactional updates. Delta diffs, downloaded over the air to conserve bandwidth, are patched with the existing snap to create a new version on disk. The system attempts to apply that update and moves forward on success or automatically rolls back in case of failure. Consumers of the embedded device can then access the latest application software avoiding the need to upgrade the entire OS. 

Software publishers can mitigate data corruption in case of update failures, as the system maintains the original data and snap before the upgrade, allowing seamless rollbacks as needed. The kernel and the rootfs are transactionally updated and roll back on failure like applications, enabling faster and more reliable updates. Ubuntu Core is reliable as every application and device has backup plans with iterative progressive testing, updates and releases. This makes the vendor code running on edge devices tamper-proof. 

During operations, an app may request permission to access the network or consume a file. Software publishers can adjust the confinement level via interfaces if applications require access to the filesystem or hardware or need to talk with each other. Because Ubuntu Core is made to simplify embedded Linux development, changing one line in the YAML file will suffice to provide the software access to a specific resource.

Interfaces enable resources from one snap to be shared with another and with the system. For a snap to use an interface, its developer needs to have first defined its corresponding plugs and slots within a snap’s snapcraft.yaml file.

The above qualities aim to address many of the challenges inherent in the traditional embedded Linux development and software distribution model. They effectively increase reliability, predictability and security.

Final considerations

Embedded Linux development is easy on Ubuntu Core, a flavour of Ubuntu optimised for security and reliable updates and fit for the IoT and embedded environments. It’s easy to deploy, tamper-resistant, and hardened against corruption. Its read-only root filesystem is built from the same packages used in the Ubuntu family of Linux distributions but differs in how its snap packages are delivered and updated. Snaps are secure, confined, dependency-free, cross-platform, containerised software packages that bundle their dependencies and ensure a clean separation between the base system and the installed applications on Ubuntu Core.

Embedded Linux development using snaps, Snapcraft and Ubuntu Core is faster, safer and more robust. First, Snapcraft eases discovering new software for your embedded devices as it can package, distribute, and update any app on the global Snap Store. Also, the transactional updates are either 100% successful or not installed at all, leaving no trace of failure other than log details. Your embedded device on Ubuntu Core remains fully operational during both application and system updates.  

Unlike more traditional package managers, a failed update never leaves the system in an unpredictable state. And finally, the system can recover or revert to previous states if necessary, even if a system fails to boot.

Are you evaluating Ubuntu Linux for your embedded device?

Get in touch

Further reading

Why is Linux the OS of choice for embedded systems? Check out the official guide to Linux for embedded applications in whitepaper or webinar form.

Interested in a detailed comparison of Yocto and Ubuntu Core? Watch the Yocto or Ubuntu Core for your embedded Linux project? webinar.

Did you hear the news? Real-time Ubuntu 22.04 LTS Ubuntu is now available. Check out the latest webinar on real-time Linux to find out more.

Do you have a question, feedback, or news worth sharing? Join the conversation on IoT Discourse to discuss everything related to the Internet of Things and tightly connected, embedded devices.

Ubuntu Server Admin

Recent Posts

Building RAG with enterprise open source AI infrastructure

One of the most critical gaps in traditional Large Language Models (LLMs) is that they…

14 hours ago

Life at Canonical: Victoria Antipova’s perspective as a new joiner in Product Marketing

Canonical is continuously hiring new talent. Being a remote- first company, Canonical’s new joiners receive…

2 days ago

What is patching automation?

What is patching automation? With increasing numbers of vulnerabilities, there is a growing risk of…

3 days ago

A beginner’s tutorial for your first Machine Learning project using Charmed Kubeflow

Wouldn’t it be wonderful to wake up one day with a desire to explore AI…

4 days ago

Ubuntu brings comprehensive support to Azure Cobalt 100 VMs

Ubuntu and Ubuntu Pro supports Microsoft’s Azure Cobalt 100 Virtual Machines (VMs), powered by their…

4 days ago

Ubuntu Weekly Newsletter Issue 870

Welcome to the Ubuntu Weekly Newsletter, Issue 870 for the week of December 8 –…

4 days ago