Ubuntu Frame is a secure display server for embedded systems | #linux | #linuxsecurity


Canonical has announced and released the Ubuntu Frame display server for embedded systems such as interactive kiosks, digital signage solutions, or any other embedded devices with a graphical output. The solution aims to allow developers to build and deploy graphical applications more easily and quickly, as Ubuntu Frame requires less code since, as Canonical explains, there’s no need to integrate and maintain partial solutions such as DRM, KMS, input protocols, or security policies.

Ubuntu Frame fullscreen shell is based on Wayland, requires snaps support, and offers compatibility with existing graphical toolkits such as Flutter, Qt5/6, GTK3/4, Electron, and SDL2, as well as support for web-based graphical applications written with HTML5 and/or Java.

Snap Confinement: Shell and App are confined separately

Besides the ease of development, the other main reason to use Canonical new display server is security:

Ubuntu Frame adopts Wayland for a modern and secure approach to graphics. Thanks to Ubuntu Frame’s own secure socket, applications can only talk exclusively to the Ubuntu Frame server. This reduces attack vectors since there is no inter-process communication to be snooped on by malicious code.

Canonical also explains that the solution leverages the security benefits of Snaps, which are containerized software packages, meaning the display server and the apps running
on top of it are isolated from one another and limited in the resources they can access, with notably, restrictions related to job scheduling, unapproved hardware access, user management, security policy, kernel runtime variable, and kernel syscalls.

Being designed for interactive displays, Ubuntu Frame offers interfaces to handle input from touch screens, keyboard, and mouse, and windows behaviors and dynamics are all configured. The graphical can work with any operating system support Snaps, but Canonical highlights support for Ubuntu Core, the company’s OS specifically engineered for IoT and embedded systems.

A simple web kiosk can be setup in minutes with a few commands:

  1. Install Ubuntu Frame
  2. Install a Web Kiosk in Ubuntu Core

    The command varies on other Snap compatible Linux systems:

  3. Display your website:

We can see some references to Mir Display server that was used in Ubuntu Desktop, but once Unity8 development efforts were cancelled in 2017, the future of Mir seemed unclear. That’s probably why Canonical says the “technology has been in development for over 7 years and in production for 5 years, using state-of-the-art techniques, and deployed in production to Linux desktop and mobile users” in the product brief about Ubuntu Frame. The source code and more instructions can also be found in ubuntu-frame repo part of MirServer Github account.

As a solution designed for embedded systems, Ubuntu Frame comes with 10 years of security updates when used in conjunction with Ubuntu Core. It’s already used by at least one customer, with Lenovo Intelligent Devices Group using Ubuntu Frame in order to make it easier for customers to create smart retail and digital signage solutions.

More information may be found in the announcement and an upcoming webinar entitled “Building graphical applications in embedded devices” scheduled to take place on November 3rd.

Via LinuxGizmos



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

five + = ten