Evalutating Ubuntu Snappy Core

Mark Shuttleworth mark at ubuntu.com
Tue Sep 1 12:38:59 UTC 2015

On 01/09/15 12:00, Stefan Knorr wrote:
> we are currently evaluating, if we can use Ubuntu Snappy Core as embedded OS for some of our products.
> Up to now, Snappy Core looks like a good fit. We feel very good about the security system and the snappy app model. But I have some questions, which I couldn't get answered by the existing documentation.
> 1) We use x86 based boards as embedded hardware, on which the standard kernel 
>     (generic-amd64/generic-i386) are working out of the box. Unfortunately we add some dedicate   
>     hardware to the embedded system, for which we provide a kernel module on DKMS basis.
>     But DKMS doesn't work under Snappy Core, so what I got from the documentation is, that somehow we 
>     have to provide a oem snap with the kernel. 
>     My question is, if we have to provide the whole kernel and 
>     all the modules or is it possible to define an OEM snap to add just a kernel module to the generic kernel?

You'll have three options:

 * build your own kernel with just the modules you want for your device

     - smaller kernel, fewer security issues
     - choose the kernel version you want and update when you want
     - but obviously don't get kernel updates magically
     - this is best for a very focused single-purpose device

 * add the module to the standard Ubuntu supported list

     - this makes those devices work for everybody
     - we'll do the maintenance when we do normal updates
     - but requires at least a conversation and planning
     - this is best for the community and for open devices

 * find a middle way, like DKMS-in-OEM-snap

     - this will likely be possible
     - it will invalidate security certifications (tainting the kernel)
     - it also runs the risk of failing on update (dkms build failures)
     - but probably work well enough as a PoC

> 2) My second question is related to the system/app update procedure. Our systems will probably have 
>      connection to the internet, but on some installations they will run in a dedicated network with no 
>      internet access. From what I got from the docu, the update has to be started from an console (ssh) with 
>     the snappy command, which checks the store for update and downloads the newest version.
>     Is it possible to omit the download and transfer the new packages by a control-instance to the Snappy 
>     Core system and then deploy the update from the than uploaded package ?

In due course there will both online and offline ways to update a snappy
device. We need to support completely-disconnected updates for things
like medical scanners which cannot be connected to the Internet ever!
And we need to do that with validated updates, which requires a bunch of
signatures to provide the integrity of the update to the system. None of
that will require SSH access.

> 3) Can the update also triggered by a app or framework? 
>      If yes, which security-policies would be than necessary?

It will be possible to create a framework which can trigger updates,
yes, which would be a good way to bind a snappy system into your own

> 4) Can a app or framework change the local IP-settings (static/dhcp)?
>      If yes, which security-policies would be than necessary?

In principle yes, this is just configuration of the core OS. It will
need privileges, details to be worked out, but it's not a bad or scary
thing in and of itself. In general though we would expect the owner /
user of the device to set IP addresses.


More information about the snappy-devel mailing list