IoT Linux Ubuntu Core version 26 delivers 15 years of updates
Canonical offers optimized OTA updates, live kernel patching, and up to 15 years of security updates in IoT Linux Ubuntu Core version 26.
(Image: heise medien)
The immutable Linux system Ubuntu Core for Internet-of-Things (IoT) and edge devices has been released in version 26. Canonical highlights “precise” Linux builds, optimized OTA updates, live kernel patching, hardware-supported protection, and up to 15 years of security updates.
In a blog post, Canonical announces the updated distribution. The improvements to the minimal operating system consequently make it suitable for low-latency AI applications and mission-critical operations. Reduced installation times, a 90 percent reduction in OTA update size, and “precise” builds using Chisel are responsible for this. The focus remains on security: every component runs in a sandbox, snaps are cryptographically signed, and the “measured Boot-chain” allows only verified software to start.
The Long-Term Support (LTS) release also helps to comply with the EU's Cyber Resilience Act (CRA). For operators of critical infrastructures, Ubuntu Core 26 aims to reduce costs, for example, for software updates and maintenance as well as installation times. Over-the-Air (OTA) updates are significantly smaller, as the improved delta format for snaps reduces snap size by 50 to 90 percent. Core snap updates are expected to be only 1.5 MByte instead of 16 MByte. Installations use initramfs, which is intended to bypass redundant restarts.
“Precise” Builds
Ubuntu's Chisel build system provides precise composition for Core snaps. It enforces explicit and traceable dependencies, for example. This allows every file in the system to be traced back to its origin, which is intended to improve integrity checks and vulnerability analysis. Canonical contrasts this with builds using Yocto, where origin and dependencies are mostly only implicitly specified. Chisel also reduces the size of the base image by seven percent.
Videos by heise
Ubuntu Core relies on full disk encryption and stores keys with LUKS2 headers in the TPM. Arm Trusted Execution Environments (TEE) are also supported. The security improvements from Ubuntu 26.04 are also incorporated into Ubuntu Core 26. For example, Livepatch, which applies security patches to the kernel without a reboot, is now also available on ARM64 architectures. This applies retroactively from Core 20. Canonical promises “Zero-Downtime.”
The announcement in the blog post mentions further useful functions for management in larger networks. Most recently, Ubuntu Core 24 brought significant changes to the IoT operating system.
(dmk)
