Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Ubuntu Core features

An OS that's optimised for IoT and embedded systems

Agile containerization

Ubuntu Core architecture is built on a worldwide used and edge developed container; snaps. Through this containerization, there is a clean separation between the kernel, OS image and applications. Develops has never been so easy:

  • Secure, immutable and strictly confined containerization
  • Consistent, independent, and reliable software updates
  • Architectural flexibility with both Arm and x86 architectures supported

Learn more about Ubuntu Core containers ›

OTA updates

Over the air updates for Linux done right

  • Transactional updates for reliability
  • Diffs only to minimise network traffic
  • Digital signatures to guarantee integrity and provenance

Learn more about OTA updates ›

Real-time kernel

Support for real-time compute by integrating PREEMPT_RT patches:

  • More preemptive than mainline Linux
  • Ultra low-latency for mission critical applications
  • Bounded response times for stringent latency requirements

Learn more about the real-time kernel ›

Secure boot

Ubuntu Core 20 authenticates the boot process by default. Authentication is based on the verification of digital signatures. This means:

  • Each component in the boot sequence cryptographically validates the authenticity of the subsequent component in the boot sequence.
  • Every component is measured, before it is loaded in the runtime memory space
  • If an improper or unsigned component is detected, the boot process is stopped
  • Supports for both hardware and software Root of Trust

Learn more about secure boot ›

Full disk encryption

Ubuntu Core uses digital signatures to cryptographically ensure data integrity with:

  • Disks are locked with private key based cryptography
  • Private keys for hardware, TPM and other secure layers are securely stored
  • Symmetric key encryption enabled by use of specialised software-enabled stores

Learn more about full disk encryption ›

Recovery mode

Ubuntu Core offers a recovery mode that can be activated manually when booting or remotely via an API call. It additionally offers:

  • A graphical user interface to manage recovery options
  • Snapshots of configuration settings and software bills of materials are backed up in the recovery system

Learn more about recovery ›

Validation sets

Straightforward installation logic. With validations sets developers can guarantee the installation of specific applications that are either required to be installed together or are permitted to be installed together on a device or system. Unlock:

  • Updated consistently and simultaneously towards well defined and predictable revisions
  • Increases the compatibility and consistency between applications
  • Improve out-of-the-box experience for end-user

Learn more about validation sets ›


For those working with resellers or system integrators, Ubuntu Core remodelling feature allows changing any of the elements of your device model assertion. Brand, model, IoT App Store ID or version are some of the contexts that can be changed:

  • Enable resellers to rebrand devices
  • Easy migration path between UC20 and UC22

Learn more about remodelling ›

What's under the hood

Ubuntu Core is ideal for embedded devices because it manages itself. Snaps, Snapd and Snapcraft bring security and robustness. Applications are easy to install, easy to maintain, and easy to upgrade.


Ubuntu Core is built from snaps, a secure, confined, dependency-free, cross-platform Linux packaging format. Snaps are entirely self-contained, even to the point of encapsulating their own file system. This means they include everything they need to run in any environment. They're used by Ubuntu Core to both compose the image that's run on a device, and to deliver consistent and reliable software updates, even to low-powered, inaccessible and remotely administered embedded and IoT systems.

Learn more about snaps ›


Snapd is the background service that manages and maintains installed snaps. Alongside its various service and management functions, snapd:

  • Provides an API used to install and remove snaps and interact with snaps
  • Implements confinement policies that isolate snaps from the base system and from other snaps
  • Governs the interfaces that allow snaps to access specific system resources outside of their container

Learn more about snapd ›


Snapcraft is a powerful and easy to use tool for building and publishing snaps. It helps you:

  • Build and then publish your snaps to your IoT app store
  • Fine version control of updates and releases
  • Build and debug snaps within a confined environment
  • Update and iterate over new builds without rebuilding the environment
  • Test and share your snaps locally

Learn more about Snapcraft ›

Secure your devices

Get in touch with a Ubuntu security expert to discuss the advanced security requirements of your application.

Get in touch