Edge-native Linux

Galem KAYO

on 8 November 2020

Tech innovators use Linux to create intelligent devices for homes, factories, buildings, cities or vehicles etc… These things are deployed at the edge, in privacy sensitive or business critical environments. They require ever more compute to run ever smarter applications.

A Linux distribution engineered for embedded devices running highly intelligent applications at edge scale is overdue. Let’s discuss what it takes to get there.

Micro-servers, built on SoCs

Application processor SoCs are replacing the constrained chips embedded devices used to be built upon. These SoCs integrate multiple CPUs, GPUs, memory, and other capabilities like multimedia encoders/decoders, controllers (USB, BT, wifi) on the same chip.

These SoCs are powerful enough to run general purpose operating systems and applications. They provide advanced computing capabilities in small form factors, and at low price points. The result is a blurring of the line between embedded and general purpose computers.

The BCM2835 SoC at the heart of the Raspberry Pi

Hence, embedded devices increasingly look like small servers built on top of smartphone chips. From the ops perspective, a fleet of smart devices is similar to highly distributed IT infrastructure. However, just like smartphones, the apps they run rely heavily on sensors. What’s more, the compute and storage they host are on par with desktop PCs.

What should a Linux then look like for embedded devices at the edge? Probably like a hybrid of embedded, mobile, desktop and server Linux distributions. Let’s survey what the key elements of an edge-first embedded Linux should be.

Workload isolation

Containers and virtual machines aren’t first class citizens on embedded Linux yet. This, although the Linux kernel enables a rich set of options for OS-level virtualisation like Snaps, Docker, LXC. This gap can be closed since most current SoCs can support container runtimes and hypervisors.

Containers and VMs are core to the cloud-native approach, which boosted developer productivity. Similar productivity gains are attainable at the edge, through decoupling of hardware and software.

Containers isolate workloads with their dependencies, so that apps can run independently from one another on the same system. They modularise software, to the benefit of composability and reuse. They also help automate software deployment.

On the other hand, virtualisation commodifies hardware. It drives the wedge between software and hardware deeper, enabling more of the value added to move to software. This drives more software-defined and app-centric hardware platforms at the edge.

App-centric industrial control platform from Bosch Rexroth

Edge ops

Optimising Linux for the edge should entail designing for maintenance and repair. IoT devices are as distributed as desktop PCs. However, IoT devices may sit in difficultly accessible locations (a cell tower, a factory, etc…). Ergo, costly repairs and long downtime.

Software update on a PLC in a factory

The economics of IoT device fleets are much harder than that of other classes of IT infrastructure. Data centers benefit from economies of scales through pooling. Distributed fleets of IoT devices don’t. Efficiency of maintenance and repair ops have a big impact on TCO and ROI.

What does cost-efficient ops then mean at the edge? First, remote operations seems imperative. Intervening manually on distributed devices can get expensive due to labor and downtime. Operators need advanced device management capabilities to perform unattended maintenance actions on their fleet.

Ops automation is even more relevant. The more devices can perform certain jobs automatically, the lower the TCO. Software updates, backups and auto-repairs make good targets for automation.

Immutable endpoints

Bluetooth, Wifi, LoRa, GPS, LTE and soon 5G, make it possible to operate distributed fleets of devices remotely. While networking introduces cybersecurity risks, these are reasonably understood and manageable with existing IT security best practices.

New sensible defaults for endpoint security

What’s new is that remotely distributed devices are mostly unattended. Therefore, they are physically accessible. Privacy sensitive data can be extracted from devices. Software can be more directly tampered with.

Modern embedded Linux should provide privacy and immutability by design, to mitigate these security risks. This means in-built encryption capabilities to protect data, tamper-proof disks, and software authentication. These capabilities are new sensible defaults for endpoint security.

Linux for the next billion devices

GNU/Linux has successfully evolved to embrace every new wave of computing technologies: desktop PCs, mobile devices, and the cloud. Judging by the pace of growth, the next wave will be dominated by IoT appliances. We build Ubuntu Core to deliver the right embodiment of Linux for the next wave.

IoT devices taking over (source: Ericsson)

IoT takes Linux to a new frontier: the physical world. At this frontier, we believe embedded Linux is at its best when secure, app-centric, and easy to operate at scale. Security drives trustworthiness. App-centricity unlocks developer productivity. Ease of operation drives TCO and ROI.

We will be discussing how Ubuntu Core implements these imperatives in a series of blogs, as we are nearing the release of Ubuntu Core 20.

smart start

IoT as a service

Bring an IoT device to market fast. Focus on your apps, we handle the rest. Canonical offers hardware bring up, app integration, knowledge transfer and engineering support to get your first device to market. App store and security updates guaranteed.

Get your IoT device to market fast ›

smart start logo

IoT app store

Build a platform ecosystem for connected devices to unlock new avenues for revenue generation. Get a secure, hosted and managed multi-tenant app store for your IoT devices.

Build your IoT app ecosystem ›

Newsletter signup

Select topics you’re
interested in

In submitting this form, I confirm that I have read and agree to Canonical’s Privacy Notice and Privacy Policy.

Related posts

Cybersecurity defenses for IIoT

Cybersecurity attacks on industrial IoT solutions can have detrimental consequences. This is the case because IoT devices record privacy-sensitive data and...

Mark Shuttleworth on overcoming software complexity

While today we see an enormous amount of incredible software being published, both by tech giants and niche providers, there is a significant lag in the telco...

Edge computing is dead, long live micro clouds and IoT gateways

“The King is dead, long live the King.” It might be my french roots speaking, but it seems that actual use cases are replacing King Edge, and it might be for...