Ubuntu Frame is a secure display server for embedded systems

Canonical has announced and released the Ubuntu Frame display server for embedded systems such as interactive kiosks, digital signage solutions, or any other embedded devices with a graphical output. The solution aims to allow developers to build and deploy graphical applications more easily and quickly, as Ubuntu Frame requires less code since, as Canonical explains, there’s no need to integrate and maintain partial solutions such as DRM, KMS, input protocols, or security policies.

Ubuntu Frame fullscreen shell is based on Wayland, requires snaps support, and offers compatibility with existing graphical toolkits such as Flutter, Qt5/6, GTK3/4, Electron, and SDL2, as well as support for web-based graphical applications written with HTML5 and/or Java.

Snap Confinement: Shell and App are confined separately

Besides the ease of development, the other main reason to use Canonical new display server is security:

Ubuntu Frame adopts Wayland for a modern and secure approach to graphics. Thanks to Ubuntu Frame’s own secure socket, applications can only talk exclusively to the Ubuntu Frame server. This reduces attack vectors since there is no inter-process communication to be snooped on by malicious code.

Canonical also explains that the solution leverages the security benefits of Snaps, which are containerized software packages, meaning the display server and the apps running on top of it are isolated from one another and limited in the resources they can access, with notably, restrictions related to job scheduling, unapproved hardware access, user management, security policy, kernel runtime variable, and kernel syscalls.

Being designed for interactive displays, Ubuntu Frame offers interfaces to handle input from touch screens, keyboard, and mouse, and windows behaviors and dynamics are all configured. The graphical can work with any operating system support Snaps, but Canonical highlights support for Ubuntu Core, the company’s OS specifically engineered for IoT and embedded systems.

A simple web kiosk can be setup in minutes with a few commands:

  1. Install Ubuntu Frame
  2. Install a Web Kiosk in Ubuntu Core

    The command varies on other Snap compatible Linux systems:
  3. Display your website:

We can see some references to Mir Display server that was used in Ubuntu Desktop, but once Unity8 development efforts were cancelled in 2017, the future of Mir seemed unclear. That’s probably why Canonical says the “technology has been in development for over 7 years and in production for 5 years, using state-of-the-art techniques, and deployed in production to Linux desktop and mobile users” in the product brief about Ubuntu Frame. The source code and more instructions can also be found in ubuntu-frame repo part of MirServer Github account.

As a solution designed for embedded systems, Ubuntu Frame comes with 10 years of security updates when used in conjunction with Ubuntu Core. It’s already used by at least one customer, with Lenovo Intelligent Devices Group using Ubuntu Frame in order to make it easier for customers to create smart retail and digital signage solutions.

More information may be found in the announcement and an upcoming webinar entitled “Building graphical applications in embedded devices” scheduled to take place on November 3rd.

Via LinuxGizmos

Share this:

Support CNX Software! Donate via PayPal or cryptocurrencies, become a Patron on Patreon, or buy review samples

6 Replies to “Ubuntu Frame is a secure display server for embedded systems”

  1. like ubuntu-core, this is a revenue tool and you will need pay for it and run it on ubuntu-core with snaps for commercial deployments, I believe this is different from the typical open source case: git clone && make && sudo make install

  2. It is not possible to build a *secure* display server in linux. The linux DRM uses GEM memory buffers. Any application can trivially guess a GEM handle and have complete access to the display/render surfaces being used by any other application. This makes it possible to not only intercept what is being display but also to alter what is being displayed.

    1. That is something of an oversimplification or outdated. It is true of X11 based display servers which need GEM objects to have global names (which are indeed trivially guessable).

      With Wayland it isn’t necessary to call GEM_FLINK on buffers (although some code does), without which there are no global names to guess. Also, dma buffer FDs (used by linux-dmabuf) are not susceptible to guessing.

    1. While Canonical used setting up kiosk as an example, Ubuntu Frame should be quite more flexible than Cage, and other types of user interfaces can be developed using a range of frameworks. There’s also the secure aspect, but I’m not sure how both compare.

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement
Advertisement