Ubuntu Core features

What’s under the hood


Ubuntu Core is built from snaps, a secure, confined, dependency-free, cross-platform Linux packaging format. Snaps are entirely self-contained, even to the point of encapsulating their own file system. This means they include everything they need to run in any environment. They're used by Ubuntu Core to both compose the image that's run on a device, and to deliver consistent and reliable software updates, even to low-powered, inaccessible and remotely administered embedded and IoT systems.

Learn more about snaps ›

Snap logo


Snapd is the background service that manages and maintains installed snaps. Alongside its various service and management functions, snapd:

  • Provides an API used to install and remove snaps and interact with snaps
  • Implements confinement policies that isolate snaps from the base system and from other snaps
  • Governs the interfaces that allow snaps to access specific system resources outside of their container


Snapcraft is a powerful and easy to use tool for building and publishing snaps. It helps you:

  • Build and then publish your snaps to your IoT app store
  • Fine version control of updates and releases
  • Build and debug snaps within a confined environment
  • Update and iterate over new builds without rebuilding the environment
  • Test and share your snaps locally

OTA updates

Over the air updates for Linux done right

  • Transactional updates for reliability
  • Diffs only to minimize network traffic
  • Digital signatures to guarantee integrity and provenance

Learn more about OTA updates ›

Secure boot

Ubuntu Core 20 authenticates the boot process by default. Authentication is based on the verification of digital signatures. This means:

  • Each component in the boot sequence cryptographically validates the authenticity of the subsequent component in the boot sequence.
  • Every component is measured, before it is loaded in the runtime memory space
  • If an improper or unsigned component is detected, the boot process is stopped
  • Supports for both hardware and software Root of Trust

Learn more about secure boot ›

Full disk encryption

Ubuntu Core uses digital signatures to cryptographically ensure data integrity with:

  • Disks are locked with private key based cryptography
  • Private keys for hardware, TPM and other secure layers are securely stored
  • Symmetric key encryption enabled by use of specialised software-enabled stores

Learn more about full disk encryption ›

Recovery mode

Ubuntu Core offers a recovery mode that can be activated manually when booting or remotely via an API call. It additionally offers:

  • A graphical user interface to manage recovery options
  • Snapshots of configuration settings and software bills of materials are backed up in the recovery system

Learn more about recovery ›

Secure your devices

Get in touch with a Ubuntu security expert to discuss the advanced security requirements of your application.

Get in touch