Advanced options

The following advanced security, integrity and resilience options harden smart devices exposed to challenging environments. All are available as part of our IoT Professional Services packages.

Secure boot

Ensures the integrity of both the boot mechanism and the operating system environment it bootstraps.

  • Guarantees a device can only run a certified workload
  • Secures a device against both physical and remote attacks
  • Verifies boot binaries, and kernel, against known keys held in the device firmware

Find out more about secure boot

Full disk encryption

Essential for devices with personal information in regulated industries:

  • Hardware key management
  • Optional key escrow
  • Choice of ciphers and hardware acceleration
  • Minimal performance impact
  • TPM integration with the current CA (x86 only)

Find out more about fuld disk encryption (FDE)

FIPS certification

Allows your devices to meet Federal information processing requirements:

  • FIPS-certified kernel and cryptographic libraries
  • FIPS certification takes place every six months
  • Fully compliant devices must restrict updates to certified versions (x86 only)

Kernel Livepatch

Reduce the number of reboots by live patching the running kernel against critical vulnerabilities. Requires specific certified kernel and x86 architecture.

  • Maximise service availability
  • Fixes are applied automatically, without restarting your system
  • Reduces downtime, keeping systems both secure and compliant

High availability Kubernetes

With Canonical MicroK8s and Charmed Kubernetes, you gain a fully CNCF conformance cloud-native Kubernetes for device application operations, including clustering for high availability, service mesh support and automatic security updates.

Helpful resources

This page was last modified 2 years ago. Help improve this document in the forum.