Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Connecting new devices

Ubuntu Core devices are onboarded to their owner’s IoT app store in a secure manner. Secure onboarding prevents unauthorised access to private software and services. It also establishes a secure communication link between devices and their cloud backend.

Secure device onboarding is a four stage process that starts with a request for serial keys, proceeds with device initiation from the cloud, and ends with device authentication and authorisation. The first two stages are handled by the serial vault which is a service that issues credentials to devices.

Secure device onboarding four stage process Illustration

Device initialisation

The secure onboarding process starts at first boot. When turned on for the first time, an Ubuntu Core device extracts its private key, its serial number, and its owner’s ID from metadata stored in its model assertion. Based on this data, the device will send a request for a serial assertion to its vault, which is hosted either by Canonical or on premise. The vault service processes the request. Had the device’s public key been stored in the vault, a serial assertion is issued as response to the request. The serial assertion issued by the serial vault is then stored on the device.

Authentication and authorisation

Both the serial and the model assertions will be used by devices to access your app store. Devices will use these secure documents to initiate a handshake with your app store. The app store authenticates the keys and authorises the device for a fixed period of time.

Helpful information

This page was last modified 2 years ago. Help improve this document in the forum.