Build secure IoT devices
with Ubuntu Core
Everything you love about Ubuntu, locked down for security. Helping you make safer things – because we’re all connected.
Get straight to market with our device partners
Canonical and partners speed up your device development.
Tamper-resistant and hardened against corruption
Every aspect of the system is checked and verified.
You need to know your software is pristine; not just for installation, but for the whole lifetime of the device.
Immutable packages and persistent digital signatures mean Ubuntu Core can verify any software component at any time.
Strict confinement everywhere
One bad app shouldn’t compromise the whole system
You trust your developers, but anybody can make a mistake. We created a whole new armoury of Linux security capabilities to ensure all applications stay confined to their own data.
10 years security updates, by Canonical
That's a decade of sleeping soundly.
Ubuntu Core 18 gets 10 years of Canonical maintenance from Ubuntu 18.04 LTS. Your smallest devices are now as secure as your servers.
No other embedded Linux comes close.
Minimal core, minimal risk, minimal bugs
Core is for machines, so we stripped it down to bare essentials.
Fewer packages to attack, fewer bugs to fix, fewer forced changes. We reduced the OS to reduce the attack surface. That leaves more disk for your IoT applications and data.
Manufacturer’s update control
Decide which updates go to your devices.
As a device manufacturer or a snap publisher, you decide which updates are signed, certified and delivered to your devices.
Absolute control over every device in the building.
Enterprises gain complete audit and control over every piece of software on every single device on the network. Regardless of manufacturer. Know exactly which kernel version and which OS version is running.
You decide when updates happen. You decide which versions, too.
We help you keep track of the licenses you depend on.
Standard license metadata simplifies compliance. Ubuntu Core uses open source packages from the world’s most widely deployed Linux, and we track licenses in all key components.
Software ecosystem, ready to go
Thousands of applications built to work across devices.
A standard platform helps publishers support multiple devices without recompiling. And everybody wants to support Ubuntu - it’s the most widely deployed Linux in the world.
Mission critical support
Every Ubuntu Core device qualifies for Canonical support.
Your Ubuntu Advantage contract covers enterprise support for all these devices. Get to the heart of a problem faster, get fixes straight from the source.
One platform from workstation to device
Bring your apps from Ubuntu Server to Ubuntu Core.
Snaps run on Ubuntu Server, Desktop and Core. One platform, one process. Your developer workstation, your build farm, your cloud and servers all use snaps. Your appliances too - with extra security.
Embedded Linux is easy on Ubuntu
We handle the board. You handle the apps.
No bad BSPs. No maintenance nightmares. No integration delays. Just develop on Ubuntu. Embedded, but not as you knew it.
Deploy to devices as fast as the cloud
Publish direct to devices and watch updates in real time. Bring continuous deployment right to the edge.
Put your devices on rails for rapid iteration with continuous deployment pipelines, beta testing and canary updates. Featuring Travis integration and a multi-architecture build service.
Harness all things open source
From GitHub to Ubuntu Core in minutes.
Ride the open source wave, or build your own community. Open source projects default to Ubuntu, so building is easy.
Transactional updates everywhere
Bulletproof updates need a whole new approach. Preserve data and roll back on error. Automatically.
Your power supply may not be reliable. Your devices will be. Resilience to adversity saves money and reputations. Bank on Ubuntu Core to deliver your updates safely.
Backup boot paths
Low-level updates preserve the prior boot path.
When you have to update the kernel or the operating system you want to know you can go back if needed. Ubuntu Core keeps the last working boot so you always have a safety net.
Snapshots for application data
Standard mechanisms for application data management.
Every device has apps which keep track of critical data. We make sure you can manage the data which matters to you, consistently, across all your Ubuntu Core devices. Backup and restore anything, anywhere.
Bandwidth matters for billions of devices
Delta updates reduce traffic to the edge.
Shipping and updating apps adds up to a lot of traffic. Control costs with automatic compression and delta composition.
Off-the-shelf board support by Canonical
First class enablement for widely used boards and silicon gets you straight to market.
Low-level development is a distraction in the race to market. Focus all your effort on the experience that differentiates. Pre-certified chipsets keep you out of the weeds.
Right-size your silicon
Finish your apps, then choose your chips.
A standard platform means you can develop your software and polish your industrial design first, then choose the right size chips for your experience based on real code and data.
Get the best deal when you’re ready to ship.
Choice of ARM or x86
Ubuntu runs the same. Your apps build the same.
We support both 32-bit and 64-bit apps on both architectures. If it doesn’t compile and run the same, we’ll fix it. Open up your supply chain.
See how customers succeeded with Ubuntu Core
Get to market quickly with SMART START
Canonical and partners offer full-service enablement, customisation and development to get your first device to market. App store and security updates guaranteed.
$30,000 - 2 week delivery
Time to market is crucial when establishing an IoT strategy. Canonical will validate your hardware, package your apps and prepare your device image. Free your team to focus on your solution, industrial design and business operations.
Choose from our extensive list of certified boards and boxes with long-term security commitments.
Add-ons cover enablement and certification of alternative boards and additional chipsets. For the first year, app store and device security updates are included.
Add-ons to SMART START
Full Disk Encryption
Enable full disk encryption with hardware key management and optional key escrow. Choice of ciphers and hardware acceleration for minimal performance impact. Essential for devices with personal information in regulated industries.
Enable secure boot, ensuring that the device will only run its certified workload. Hardware key management devices such as the TPM are used to validate each stage of the boot process, for enhanced assurance of integrity of the running OS.
$25,000 - $200,000
If Canonical’s certified hardware list doesn’t include what you need, we may be willing to enable your preferred board. Pricing varies depending on the similarity between your board and existing certified boards.
Meet Federal information processing requirements with a FIPS-certified kernel and cryptographic libraries. FIPS certification takes place every six months - fully compliant devices must restrict updates to certified versions. Note that this is available on x86 only.
Reduce the number of reboots significantly by live patching your running kernel. Requires specific certified kernel on an Ubuntu LTS release. Requires x86 architecture.
High Availability Kubernetes
With Canonical MicroK8s you gain a fully CNCF conformant cloud-native Kubernetes for device application operations, including clustering for high availability, service mesh support and automatic security updates.