Providing opt-in upgrade path to the OEM Archives from the Ubuntu Archive

[Dimitri John Ledkov]

We have had IRC meeting, and then a few private meetings since then.

The current focus is on 20.04 LTS release only.
The current focus is to enable out of the box OEM Certified experience
using the default Ubuntu Desktop installation media.
Allow a secure opt-in upgrade path from vanilla Ubuntu to Certified OEM Ubuntu.

Unlike previous releases, at 20.04.0 release time we will have two
kernel flavours available generic v5.4 based flavour, and oem flavour.
The oem flavour is currently based on the v5.4 generic, but is already
different from it. It is likely that by 20.04.0 time the oem flavour
might be based on v5.5/v5.6 unstable-ppa kernel that is prepared for
20.10 release. We currently do not expect to ship non-oem v5.5/v5.6 in
20.04.0.

There will be a single graphics stack compatible with both OEM and
Generic kernel flavours.

The installation media will contain both generic and oem kernel flavours.

On non-certified machines, generic kernel will be the default with no
changes to the installer or the installed system.

On certified machines, identified precisely by smbios grub module
(i.e. equivalent to matching by vendor, sku, product ids as seen in
dmidecode) may boot to the OEM kernel for installation by default.

The installer will have UX changes to opt in/out of certified
experience, on machines that are determined to be certified either at
boot time or after internet-enabled apt-update during the live
session.

The installation media, and the Ubuntu Archive, will contain
per-vendor/per-sku specific metapackages with Modaliases that will
depend on the correct kernel flavour; enable OEM archive; trust the
OEM archive keyring. These packages will be in the Ubuntu Archive and
only depend on things that are available in the Ubuntu Archive. After
installation, apt update may bring in additional targeted
packages/hotfixes that are published in the per-vendor/per-sku OEM
archives. This also means, that one might install Vanilla 20.04, and
get offered certified upgrade via per-vendor/per-sku metapackage from
focal-updates when said machine gets certified.

The OEM archives are public and are visible at
http://oem.archive.canonical.com/dists/
Furthermore, a few Canonical Teams got granted access to observe the
private staging PPAs from which the above Archives are constructed.
This includes a few Canonical TechBoard members, that now have further
visibility into pre-release / pre-public publication of the updates
that land in the OEM archives.

To further support post-install upgrades to certified experience /
downgrade to vanilla experience, we are careful around allowing to
install multiple kernel flavours in parallel. Specifically to ensure
that grub.cfg menu entries point to a default kernel flavour, and that
kernel packages autoremovals operate correctly. This should enable to
correctly reboot into generic flavour, from oem one and vice versa.
Similarly, this will enable users to for example co-install generic &
lowlatency flavours, and pick which one should be booted by default.

It remains to be determined as to how many kernel flavours and
graphics stacks will be shipped at .2 time, as we have received some
indication that graphics stacks are not as tightly coupled today as
they were in the past, and thus we might be able to ship ga/hwe/oem
kernels with a single graphics stack in .2. This remains to be
determined.

Also, eventually, the certified oem metapackages will wean certified
machines off the oem kernel flavour onto the hwe/generic flavours when
those incorporate all the needed delta for a given SKU.

Although this is not the exact summary of the live IRC meeting we had
in October last year, this does describe in rough detail the current
rough plan of action; answers most questions raised during that
meeting; and avoids hard-problems/questions raised by reducing the
scope of the original strawman proposal. I.e. current plan only
targets 20.04.0, leaving any potential questions around .2 or bionic
backports of above answered.

Most of the things mentioned above are simply plans, and are not
implemented yet, but are in prototyping stage. For example we do have
linux-oem-20.04 kernel flavour, and smbios module in grub2. We are
currently integrating the additional flavour into
livecd-rootfs/ubuntu-cdimage/debian-cd but it's not there yet. Also
smbios modules is not yet secureboot signed (pending security team
reivew). However, I hope that above summary gives an accurate
impression of what I hope to make Ubuntu Desktop installer look like
in April this year.

-- 
Regards,

Dimitri.