Ubuntu Core: The Immutable Embedded Linux OS for Smart and Industrial Devices

The Problem with Traditional Embedded Operating Systems

When building a smart device, whether industrial equipment, a self-service kiosk, a robot, or an environmental sensor, you face one problem. The operating system was not designed for this use case.

Traditional Linux distributions are too large, contain many unnecessary components, and have update mechanisms that assume a human operator is present. Embedded devices need a system that is small, secure, immutable, and can be updated remotely and reliably.

Ubuntu Core is Canonical’s solution to this problem.

🔗 Official Website: ubuntu.com/core

What Is Ubuntu Core?

Ubuntu Core is a minimal and secure version of the Ubuntu system, designed specifically for embedded devices, Internet of Things, and edge computing. Its main characteristics are:

First, an immutable system. The core system files cannot be modified while running. This prevents malware from tampering with the system and ensures the device always returns to a known state after reboot.

Second, built entirely on snap packages. Everything in Ubuntu Core is a snap: the kernel, the operating system, applications, and even the device management tool. Snaps are containerized packages containing the application and all its dependencies. Each snap is updated independently of others.

Third, strict security. Each snap runs in confinement. It cannot access the system or other snaps except through specific channels explicitly permitted by the user. This is similar to the Android and iOS security model.

Fourth, long-term update support. Ubuntu Core comes with security support lasting up to 15 years, the longest support window in the embedded systems industry.

Fifth, over-the-air updates. The entire device, including kernel, system, and applications, can be updated remotely without human intervention. Updates are delta-based to save bandwidth, and are performed securely with automatic rollback if an update fails.

Technical Architecture

The image below shows the basic architecture of Ubuntu Core:

Ubuntu Core consists of three isolated layers:

The kernel snap layer contains the Linux kernel and its modules. It is updated independently. The kernel supports a wide range of hardware, from ARM 32/64 to x86 to RISC-V.

The operating system snap layer, called core snap, contains the essential libraries and system tools. This is the layer that makes Ubuntu Core “Ubuntu”. It is very small, approximately 100 megabytes compared to 4 gigabytes for desktop systems.

The application snaps layer is where you place your own applications. You can have multiple snaps working together. Each snap has its own access permissions. Applications can be of two types: regular applications that provide a service, or gadget snaps that control device configuration.

Who Needs Ubuntu Core?

The image below shows some typical use cases:

Industrial sector. Bosch Rexroth is building an Industry 4.0 platform based on Ubuntu Core. Industrial automation requires devices that run for years without downtime, with secure remote updates.

Medical devices. BeWell uses Ubuntu Core in its CE-marked, GDPR-compliant self-service health kiosks. Medical systems require high security and the ability to prove that software has not been tampered with.

Edge Artificial Intelligence. Elementary chooses Ubuntu Core to replace its server-based setup and reduce provisioning time by 98 percent. Computer vision cameras need fast processing and regular updates to machine learning models.

Cloud infrastructure. IBM Cloud uses Ubuntu Core to provide fully isolated bare metal servers with high-performance tenant isolation. Even cloud servers benefit from the immutable system concept.

Development and Deployment Workflow

Ubuntu Core makes the transition from development to production seamless:

During development, you use standard Ubuntu Desktop or Ubuntu Server. You write your application in any language, such as C++, Rust, Python, or Go. You test it in your local environment.

Then you package your application as a snap using the snapcraft tool. Snapcraft reads a snapcraft.yaml file that describes the application’s dependencies, how to build it, and the access permissions it needs.

After building the snap, you test it using Ubuntu Core in a virtual machine or on test hardware. If there is any issue, you modify the application or the snapcraft.yaml file and rebuild.

For deployment, you push the snap to the Snap Store. The Snap Store can be public for open distribution, or private for internal organizational use only.

Finally, you build a custom Ubuntu Core image that contains the kernel, operating system, and your applications. You flash this image onto the device, and it becomes ready to run.

The image below shows the snapcraft tool in action:

Security and Additional Features with Ubuntu Pro

Ubuntu Core itself is free and open source. However, Canonical offers an optional subscription called Ubuntu Pro, which provides:

Compliance with government security standards: FIPS (Federal Information Processing Standard) and DISA STIG (Defense Information Systems Agency Security Technical Implementation Guide). This is necessary for devices used by governments and the military.

Security maintenance for all Ubuntu Universe packages, which are not normally covered by free security updates. This reduces the number of vulnerabilities that an attacker could exploit.

Zero-touch management through the Landscape tool. You can manage thousands of devices from a single dashboard: pushing updates, monitoring status, running remote commands, and collecting logs.

Live kernel updates (Livepatch) for some critical devices. Security patches can be applied to the kernel without rebooting the device.

The Ubuntu Pro subscription is free for up to 50 devices for personal use. For organizations, pricing depends on the number of devices and the required support level.

Hardware Integration and Vendor Support

Canonical partners with major chip manufacturers and original design manufacturers to ensure Ubuntu Core works with common hardware:

Chips from Intel, AMD, Arm including Cortex-A and Cortex-M, and RISC-V.

Development boards including all Raspberry Pi models, BeagleBone, NVIDIA Jetson, and SiFive.

Industrial devices from Siemens, Advantech, Dell, and HP.

All these devices are continuously tested and documented. You can build an Ubuntu Core image for your target device directly from Canonical’s tools without manually configuring the kernel.

Quick Comparison with Other Embedded Linux Alternatives

Yocto Project is a flexible build system but complex. It requires deep embedded Linux expertise and writing recipes for each component. Ubuntu Core simplifies the process through snaps and provides a ready-made architecture.

Buildroot is simpler than Yocto but lacks over-the-air update mechanisms and strong security. Ubuntu Core provides these features directly.

BalenaOS specializes in IoT devices and provides excellent update tools, but it is not Ubuntu and cannot easily use existing Ubuntu software.

Android Things, now discontinued, was limited to Java and Kotlin only. Ubuntu Core supports any programming language.

When Not to Use Ubuntu Core

If you are building a regular desktop system that needs to install arbitrary apt packages, Ubuntu Core is not suitable. The strict confinement rules make installing software not packaged as snaps difficult.

If your device operates in an internet-hostile environment and cannot access the Snap Store even offline, the core update mechanism loses its value. You can set up an offline private Snap Store, but it requires additional management.

If your device is very small with less than 256 megabytes of RAM and less than 512 megabytes of storage, Ubuntu Core may be too large. There are lighter distributions such as Alpine Linux, but they do not offer the same level of security.

Summary

Ubuntu Core is not an ordinary Linux distribution. It is a complete platform for deploying and managing smart devices at scale, with enterprise-grade security and reliable updates for up to 15 years.

If you work in industrial automation, develop medical devices, build smart cameras, deploy edge computing nodes, or any other field requiring devices that run for years without human intervention, Ubuntu Core deserves serious consideration. Learning it initially requires understanding snaps and the confinement mechanism, but the return on that investment is a system you can trust to run your devices for the coming decade.