Valentin David

Ubuntu Core is a different kind of linux. It offers image-based updates and secure boot with disk encryption. This presentation is a technical explanation on how this is achieved. We will focus on what makes Ubuntu Core different from other distributions.

Ubuntu Core is based on “snaps” which are readonly squashfs images with signed metadata. Everything on the system is a snap. This includes applications and the kernel. Snaps run in a lightweight container like environment with apparmor confinement and are isolated from each other and can only communicate via well defined security boundaries (“interfaces”).

Then the main system is composed of a kernel snap, a bootloader snap, a base (rootfs) snap, and a snapd daemon snap. This granularity is useful to handle IoT hardware since much of the hardware needs custom kernels or bootloaders. Here a new initrd was developed and is presented in the talk. Some hurdles (like how to deal with /etc in a readonly image world) are also presented.