Welcome to Part II of this mini blog series on Yocto vs Ubuntu Core for your embedded Linux project. In Part I, we set the stage for the remainder of the series and gave an overview of the pros and cons of using Yocto, alongside the advantages of its recipes, layers, and BSPs.
Users, developers, and manufacturers alike embrace Ubuntu as the easy-to-use, feature-rich de-facto Linux standard. Recognizing the advent of the IoT, devices and large container deployments, Canonical has now created an open-source, purpose-built distribution for this new world: Ubuntu Core. In this chapter of the series, we will focus on why Ubuntu Core is the new standard for embedded Linux.
If you are already familiar with Ubuntu Core, you can skip to the next chapter in the series. In Part III, we will address the buy vs build debate: should developers rely on a commercial or roll-their-own distribution for an embedded Linux project?
The concluding blog post will offer an extensive, direct comparison between Yocto and Ubuntu Core. We will thoroughly analyse the two solutions across different dimensions, from security and updates to maintenance and time-to-market.
Let us now dive straight into Ubuntu Core.
Ubuntu Core for your embedded Linux project
Ubuntu Core is a flavour of Ubuntu with a minimal footprint. Hardened for security and cryptographically locked down, it is Ubuntu optimised for embedded devices and IoT. With the proliferation of inexpensive embedded boards and advanced connectivity standards, consumers expect device manufacturers to ship compatible and connected devices out-of-the-box. By operating in a hugely fragmented but rich market, they need a production-grade working base across the different “things” in the rapidly-evolving IoT landscape. Ubuntu Core empowers those vendors to bring consistency to the IoT sectors they operate in. As an enabling platform for technology fit for embedded and IoT, Ubuntu Core is the solution IoT innovators across verticals are taking advantage of, from cars and drones to fridges, gateways and robots.
An embedded Linux project is easy on Ubuntu Core, as Canonical handles the boards whilst the end-users focus on their value-add software and apps. Developers build in their familiar Ubuntu environment, with legacy BSPs, maintenance nightmares and integration delays belonging to the past.
Ubuntu Core is easy to install, maintain, and upgrade, with security and robustness among its key features. Canonical redesigned the entire system from the first boot to create the most secure embedded Linux so that developers can ship embedded devices cost-effectively without implementing complex security features themselves, from full-disk encryption to a read-only root filesystem.
Furthermore, sending an engineer to fix a device in the field if something goes wrong is not an easy task: downtime will be expensive, detrimental to customer experience and damaging to a brand. With Ubuntu Core, end-users can perform unattended maintenance actions remotely to minimize cost and downtime and avoid manual intervention. Furthermore, Ubuntu Core empowers you to improve software quality on your devices while in use. You will benefit from a resilient software update mechanism that is atomic and rolls back automatically in case of failure to increase uptime.
In the following two sections, we will focus on the role of snaps and a managed app store to provide a resilient ecosystem for embedded Linux development with Ubuntu Core.
Snaps for your embedded Linux project
When working on their embedded Linux project, developers often want to manage their application components using containers. Whereas one can achieve this with various runtimes, the Snap ecosystem provides a security-focused approach to containerisation offering strict privilege and capability separation between containers.
The OS is fully built from snaps, containerised software packages with strict fine-grained control over permissions and interfaces: snaps give users the kind of control that other packaging systems don’t, and Ubuntu Core only runs strictly confined snaps.
Besides leveraging standard Linux security capabilities like AppArmor, cgroups and seccomp to confine applications, snaps work across a range of distributions. Having just one package saves a tremendous amount of time for Linux developers, as they don’t need to rebuild and repackage their applications for every distro and each release.
Furthermore, developers painfully understand the availability of debugging tools is a must-have for any embedded Linux project. In contrast with Yocto, several additional debugging facilities are available with snaps and Ubuntu Core besides the standard Linux debugging facilities like gbd.
The snappy-debug snap helps identify the correct interfaces and changes to make to the snap to work within its sandbox. Developers use it when fixing policy violations, as it disables kernel log rate limiting, making policy denials easier to spot. Worthy of mention is also the snap try command, which installs a snap from its unpackaged components within a directory: it speeds up the development of your embedded Linux project by enabling live changes to the snap contents without having to go through the whole build process.
App Store for your embedded Linux project
Managing software and updates across devices is a challenge when working on a large-scale embedded Linux project, particularly so if a subset of the hardware requires different applications to run on them.
Ubuntu Core relies on a software distribution machinery extensively tested in production to push updates via a managed store. The Snap Store allows developers to handle software across machines and deliver reliable, automatic updates. It is a universal app store optimised for security and over-the-air (OTA) updates to distribute and deploy applications to embedded devices.
As a managed store, it provides developers with role-based access controls, application versioning, and controlled software rollouts in a secure and validated way. Furthermore, developers can push OTA updates to their apps at their cadence and not wait for distribution maintainers to catch up.
Coupled with the global Snap Store is the IoT App Store, a private application store tailored to software distribution across fleets of devices. The IoT App Store is a custom enterprise store enabling developers to cherry-pick the optimal combination of applications for their embedded Linux project, including software published in the global Snap Store and custom software developed internally for a specific use case.
Coupled with the Store proposition, Ubuntu Core is essentially an app-centric embedded operating system.
Final considerations for your embedded Linux project
Let’s recap what we discussed so far. Ubuntu Core is a version of the Ubuntu operating system designed and engineered for IoT and embedded devices. It addresses developers’ concerns ranging from ensuring security and working on an embedded Linux project at an affordable price, to getting to market fast while focusing on development.
A flavour of Ubuntu with a minimal footprint, it has a modular and simple architecture via the snaps ecosystem. Combining the updatable snaps and managed Store with the built-in security features of Ubuntu Core gives developers a platform for secure, open-source development, software deployment and global collaboration. Part I and Part II of this series on Yocto vs Ubuntu Core provided you with the necessary context to critically assess the two solutions for your embedded Linux project. It’s now time for a direct comparison between them: head over to the next chapter to discover the key considerations behind adopting a commercially supported vs rolling your own community-maintained Linux distro.
Further reading for your embedded Linux project
Want to go back to the basics? Find out what is embedded Linux.
Yocto Project and all related marks and logos are trademarks of The Linux Foundation. This presentation is not, in any way, endorsed by the Yocto Project or The Linux Foundation.
Bring an IoT device to market fast. Focus on your apps, we handle the rest. Canonical offers hardware bring up, app integration, knowledge transfer and engineering support to get your first device to market. App store and security updates guaranteed.