We use Canonical‘s Ubuntu Linux on desktops, servers, and clouds all the time. But Ubuntu also finds its way into narrower purposes. For example, Ubuntu Core Linux is often used in Internet of Things (IoT) devices. Now, with Ubuntu Frame, Ubuntu has an even more specialized role: digital signs and user kiosks.
How to secure your IoT deployment
Seemingly every day there’s another story about Internet of Things devices being compromised or used for large-scale attacks. Here’s how to ensure that your deployment remains secure.
Ubuntu Frame makes it easy to build and deploy graphical applications for interactive kiosks, digital signage, or any other products that require a graphical output. Besides just providing an Ubuntu Linux base, it also comes with integrated Direct Rendering Manager (DRM) and Kernel Mode Setting (KMS), to back up displays. This means you’ll have less code to manage and fewer opportunities for bugs and vulnerabilities in untried code. All this, in turn, gives programmers more time to work on the display’s content rather than fine-tuning the display itself.
Frame’s goal is to minimize the development and deployment time for building graphic solutions for edge devices. It does this by leveraging existing applications and hardening security techniques. It’s compatible with toolkits such as Flutter, Qt, GTK, Electron, and Simple DirectMedia Layer (SDL) 2. It also supports HTML5 and Java.
You can deploy graphical applications to Frame-based hardware using snaps, Ubuntu’s next-generation package format. Snaps are containerized software packages. By design, Ubuntu Frame and the apps running on top of it are isolated from one another and limited in the resources they can access from the hardware. They are also controlled and operated so that unplanned or unauthorized access to privileged system APIs, portions of the OS, or non-application-specific user data are automatically blocked.
Put it all together and out-of-the-box, Ubuntu Frame provides developers with all they need to deploy fully interactive applications. It also supports graphical interfaces so you don’t need to worry about handcrafting the application programming interfaces (APIs) to deal with specific hardware drivers. It also automatically enables digital display functionality, such as touch screen input with support for many gestures.
“Ubuntu Frame’s reliability has been widely tested in the field. Its technology has been in development for over 7 years and in production for 5 years, using state-of-the-art techniques, and deployed in production to Linux desktop and mobile users. As such, Ubuntu Frame is one of the most mature graphical servers available today for embedded devices.” Michał Sawicz, Canonical’s Smart Displays Engineering Manager.
Ubuntu Frame also comes with built-in security. The shell provides secure client-server communications based on the Wayland protocol. The client and server snaps are in separate, secure containers so applications can only communicate to the Ubuntu Frame via a secure socket. This reduces the attack vectors available to malicious code. Finally, snaps software publishers can also benefit from automatic notifications on security vulnerabilities. Snaps also make it simple to update deployed software with the latest security fixes.
Together with Ubuntu Core, Ubuntu Frame is supported for up to 10 years. Since embedded devices are deployed for years, this enables you to deploy and support secure devices for much longer than most IoT and embedded operating systems will allow you to. With IoT security becoming more of a worry, this will make Ubuntu Frame-based hardware much more attractive to buyers and end-users.