Evalutating Ubuntu Snappy Core
Mark Shuttleworth
mark at ubuntu.com
Tue Sep 1 12:38:59 UTC 2015
On 01/09/15 12:00, Stefan Knorr wrote:
> we are currently evaluating, if we can use Ubuntu Snappy Core as embedded OS for some of our products.
> Up to now, Snappy Core looks like a good fit. We feel very good about the security system and the snappy app model. But I have some questions, which I couldn't get answered by the existing documentation.
>
> 1) We use x86 based boards as embedded hardware, on which the standard kernel
> (generic-amd64/generic-i386) are working out of the box. Unfortunately we add some dedicate
> hardware to the embedded system, for which we provide a kernel module on DKMS basis.
> But DKMS doesn't work under Snappy Core, so what I got from the documentation is, that somehow we
> have to provide a oem snap with the kernel.
> My question is, if we have to provide the whole kernel and
> all the modules or is it possible to define an OEM snap to add just a kernel module to the generic kernel?
You'll have three options:
* build your own kernel with just the modules you want for your device
- smaller kernel, fewer security issues
- choose the kernel version you want and update when you want
- but obviously don't get kernel updates magically
- this is best for a very focused single-purpose device
* add the module to the standard Ubuntu supported list
- this makes those devices work for everybody
- we'll do the maintenance when we do normal updates
- but requires at least a conversation and planning
- this is best for the community and for open devices
* find a middle way, like DKMS-in-OEM-snap
- this will likely be possible
- it will invalidate security certifications (tainting the kernel)
- it also runs the risk of failing on update (dkms build failures)
- but probably work well enough as a PoC
> 2) My second question is related to the system/app update procedure. Our systems will probably have
> connection to the internet, but on some installations they will run in a dedicated network with no
> internet access. From what I got from the docu, the update has to be started from an console (ssh) with
> the snappy command, which checks the store for update and downloads the newest version.
> Is it possible to omit the download and transfer the new packages by a control-instance to the Snappy
> Core system and then deploy the update from the than uploaded package ?
In due course there will both online and offline ways to update a snappy
device. We need to support completely-disconnected updates for things
like medical scanners which cannot be connected to the Internet ever!
And we need to do that with validated updates, which requires a bunch of
signatures to provide the integrity of the update to the system. None of
that will require SSH access.
> 3) Can the update also triggered by a app or framework?
> If yes, which security-policies would be than necessary?
It will be possible to create a framework which can trigger updates,
yes, which would be a good way to bind a snappy system into your own
infrastructure.
> 4) Can a app or framework change the local IP-settings (static/dhcp)?
> If yes, which security-policies would be than necessary?
In principle yes, this is just configuration of the core OS. It will
need privileges, details to be worked out, but it's not a bad or scary
thing in and of itself. In general though we would expect the owner /
user of the device to set IP addresses.
Mark
More information about the snappy-devel
mailing list