diff --git a/templates/core/features/full-disk-encryption.html b/templates/core/features/full-disk-encryption.html index 705be733166..ca1392a90da 100644 --- a/templates/core/features/full-disk-encryption.html +++ b/templates/core/features/full-disk-encryption.html @@ -1,141 +1,173 @@ {% extends "core/base_core.html" %} {% block title %}Full disk encryption | Ubuntu Core{% endblock %} -{% block meta_copydoc %}https://docs.google.com/document/d/1kekmNSjenq31imR4_HaJgkq51SptBjnIjVIpuj1mmX0/edit{% endblock meta_copydoc %} +{% block meta_copydoc %} + https://docs.google.com/document/d/1kekmNSjenq31imR4_HaJgkq51SptBjnIjVIpuj1mmX0/edit +{% endblock meta_copydoc %} + +{% block body_class %} + is-paper +{% endblock body_class %} {% block content %} -
-
-
-

Full disk encryption

-

IoT data is sensitive

-

Industrial internet of things (IIoT) devices store sensitive data, configuration files, log files, authentication secrets and software intellectual property. Any compromise to the integrity of data stored on devices can have damaging consequences.

-

If bad actors gain physical access to a device, they can extract user data. To prevent such scenarios, cryptography is needed to protect data confidentiality.

+
+
+
+

Full disk encryption

+
+
+

IoT data is sensitive

+

+ Industrial internet of things (IIoT) devices store sensitive data, configuration files, log files, authentication secrets and software intellectual property. Any compromise to the integrity of data stored on devices can have damaging consequences. +

+

+ If bad actors gain physical access to a device, they can extract user data. To prevent such scenarios, cryptography is needed to protect data confidentiality. +

+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/1fbe51df-UC20_Full-disc-encryption.svg", - alt="", - width="170", - height="170", - hi_def=True, - loading="lazy" - ) | safe - }} +
+
+ Diagram showing secure boot, encrypted data storage, and digital signature verification for software components. +
-
-
- -
-
- {{ image ( - url="https://assets.ubuntu.com/v1/720e50fa-UC20_advanced_security_features.svg", - alt="Advanced security features", - width="900", - height="264", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
+
-
-
-

Secure data at rest

-

Data security and integrity can be achieved by storing the secrets in secure elements or Trusted Platform Modules (TPM), or by using specialised software-enabled stores that use symmetric key encryption.

-

The most reliable technique is to cryptographically ensure data integrity by using digital signatures. Private key based cryptographic signatures can attest to the actual data at the time of signing. The integrity of signed data can be validated, ensuring the integrity prior to applying software and firmware updates.

-

The same applies to validating configuration and log files. The signing operation is usually performed in a hardware trust root, such as a TPM, where the signing key can also be securely stored.

-
-
+
+
+
+
+

Secure data at rest

+
+
+

+ Data security and integrity can be achieved by storing the secrets in secure elements or Trusted Platform Modules (TPM), or by using specialised software-enabled stores that use symmetric key encryption. +

+

+ The most reliable technique is to cryptographically ensure data integrity by using digital signatures. Private key based cryptographic signatures can attest to the actual data at the time of signing. The integrity of signed data can be validated, ensuring the integrity prior to applying software and firmware updates. +

+

+ The same applies to validating configuration and log files. The signing operation is usually performed in a hardware trust root, such as a TPM, where the signing key can also be securely stored. +

+
+
+
-
-
-

Full disk encryption on Ubuntu Core

-
-
-
-

ARM and x86

-

Ubuntu Core abstracts the root of trust implementation for full disk encryption. As a consequence, Ubuntu Core full disk encryption can be enabled for both ARM and x86 SoCs.

+
+
+
+

Full disk encryption on Ubuntu Core

-
-

Free for pre-certified boards

-

Full disk encryption is available out of the box on certified devices, with TPM support, at no additional cost. An enablement fee is required to fully certify Ubuntu Core on non-certified boards.

+
+
+
+
+
+

ARM and x86

+
+
+

+ Ubuntu Core abstracts the root of trust implementation for full disk encryption. As a consequence, Ubuntu Core full disk encryption can be enabled for both ARM and x86 SoCs. +

+
+
+
-
-
-
-
-

How it works

-
-
-
-

Digital signatures

-

Ubuntu Core uses digital signatures to cryptographically ensure data integrity. Private key based cryptographic signatures can attest to the actual data at the time of signing. At any point in the workflow, the integrity of signed data can be validated, thereby ensuring the integrity prior to applying software and firmware updates.

+
+
+
+
+
+

Free for pre-certified boards

+
+
+

+ Full disk encryption is available out of the box on certified devices, with TPM support, at no additional cost. An enablement fee is required to fully certify Ubuntu Core on non-certified boards. +

+
+
+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/2131b805-We+transfer+control.svg", - alt="Transfer control", - width="150", - height="150", - hi_def=True, - loading="lazy" - ) | safe - }} +
+ +
+
+
+

How it works

-
-
-
-
-
-
-

Root of trust

-

Data at Rest integrity can be achieved by securely storing the private key used for encryption in hardware/TPM, or by using specialised software-enabled stores which employ symmetric key encryption. Using this key sensitive endpoint data stored on the disk can be protected.

+
+
+
+
+
+

Digital signatures

+
+
+

+ Ubuntu Core uses digital signatures to cryptographically ensure data integrity. Private key based cryptographic signatures can attest to the actual data at the time of signing. At any point in the workflow, the integrity of signed data can be validated, thereby ensuring the integrity prior to applying software and firmware updates. +

+ +
+
+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/aec863e2-Off+the+shelf.svg", - alt="", - width="200", - height="114", - hi_def=True, - loading="lazy" - ) | safe - }} +
+
+
+
+
+

Root of trust

+
+
+

+ Data at Rest integrity can be achieved by securely storing the private key used for encryption in hardware/TPM, or by using specialised software-enabled stores which employ symmetric key encryption. Using this key sensitive endpoint data stored on the disk can be protected. +

+ +
+
+
-
-
+ -
-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/c4b290c8-Contact+us.svg", - alt="", - width="281", - height="200", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
-

Secure your devices

-

Get in touch with a Ubuntu security expert to discuss the advanced security requirements of your application.

-

- Get in touch -

+
+
+
+
+

Secure your devices

+
+
+
+
+ +
+
+

Get in touch with a Ubuntu security expert to discuss the advanced security requirements of your application.

+
+

+ Get in touch +

+
-
-
- - -
-
+ + +
{% endblock content %} diff --git a/templates/core/features/ota-updates.html b/templates/core/features/ota-updates.html index cb6c0b58637..76b4bb79280 100644 --- a/templates/core/features/ota-updates.html +++ b/templates/core/features/ota-updates.html @@ -1,218 +1,204 @@ {% extends "core/base_core.html" %} {% block title %}OTA updates | Ubuntu Core{% endblock %} -{% block meta_description %}Over-the-air updates for Linux devices are reliable and efficient with Ubuntu Core on a wide range of ARM or x86 boards.{% endblock %} -{% block meta_copydoc %}https://docs.google.com/document/d/1CftibGyQdcto7E-tUnpwZOXMJsvOegAqk0FyoL3kQEA/edit#{% endblock meta_copydoc %} +{% block meta_description %} + Over-the-air updates for Linux devices are reliable and efficient with Ubuntu Core on a wide range of ARM or x86 boards. +{% endblock %} -{% block content %} - -
-
-
-

Over-the-air updates for Linux, done right

-

Ubuntu Core sets a new standard for Linux device updates, covering the kernel, the OS and applications.

-

Transactional updates for reliability. Deltas minimize network traffic. Digital signatures guarantee integrity and provenance.

-

This is the future of smart things.

-

- Get an IoT app store -

-

- OTA updates whitepaper › -

-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/fc3ca86d-bullet+proof.svg", - alt="", - width="230", - height="230", - hi_def=True, - loading="auto" - ) | safe - }} -
-
-
- -
-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/46f1b890-IoT_field_updates_from_Cloud.svg", - alt="Iot field updates from cloud", - width="609", - height="364", - hi_def=True, - loading="auto" - ) | safe - }} -
-
-
- -
-
-

Reliability

-
-
-
-

Safely move forwards and backwards

-

Every update preserves the previous version of code and data, so you can safely move applications forwards and backwards in their version history.

-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/6c90dd33-OTA-GIF_5_Transparent.gif", - alt="Safely move forwards and backwards GIF", - width="300", - height="100", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
- -
-
-
- -
-
- {{ image ( - url="https://assets.ubuntu.com/v1/bb60ec1a-OTA-GIF_1_Transparent.gif", - alt="Update streams GIF", - width="300", - height="100", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
-

Update streams from channels

-

Every snap can offer multiple streams of updates - called channels - including the version and maturity -edge, beta, stable- of the snap . Switch to ‘3.2/stable’ and you know what you’ll be getting on that machine.

-

That means you can go closer to the edge to see what features are coming, experiment with various versions to see which one suits you best, or stick to the recommended stable branch.

-
-
- -
-
-
- -
-
-

Graceful error handling and automatic recovery

-

Things don’t always work as we want, but snaps have automatic recovery mechanisms. If an error happens at any point during an update, Ubuntu Core will stop and revert to the previous working version of the application.

-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/a015f4cb-OTA-GIF_2_Transparent.gif", - alt="Error handling GIF", - width="300", - height="100", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
-
- -
-
-

Efficiency

-
-
-
-

Delta updates

-

When you make a small change in a large component, snaps will automatically calculate a binary delta to minimize the traffic and time required to distribute that update.

-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/8247250c-OTA-GIF_4_WHT.gif", - alt="Delta updates GIF", - width="300", - height="100", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
- -
-
-
+{% block meta_copydoc %} + https://docs.google.com/document/d/1CftibGyQdcto7E-tUnpwZOXMJsvOegAqk0FyoL3kQEA/edit# +{% endblock meta_copydoc %} -
-
- {{ image ( - url="https://assets.ubuntu.com/v1/454d7467-OTA-GIF_3_WHT.gif", - alt="Compressed and read only GIF", - width="300", - height="100", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
-

Compressed and read-only

-

The content that ships inside snaps is compressed and remains compressed and read-only through the whole life time of the snap, even during normal use after installation. This means the original package digest and signature is never touched.

-
-
+{% block body_class %} + is-paper +{% endblock body_class %} -
-
-
+{% block content %} -
-
-

Safe operating system updates

-

Resilience and flexibility all the way down.

-

The kernel and base operating system are handled as snaps as well, so all the benefits that apply to applications also apply to the system foundation. This means not only benefitting from fast and consistent updates to the core, but also graceful error handling with automatic rollbacks on improperly updated kernels.

-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/714e4c31-OTA_Stack_Case.svg", - alt="Safe operating system updates", - width="300", - height="130", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
-
- -
-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/c4b290c8-Contact+us.svg", - alt="Get in touch", - width="281", - height="200", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
-

Get an IoT app store for OTA updates

-

Get your own infrastructure for secure management and seamless software updates for your fleet of devices.

-

- Get in touch -

-
-
-
+
+
+

Over-the-air updates for Linux, done right

+

Ubuntu Core sets a new standard for Linux device updates, covering the kernel, the OS and applications.

+
+
+
+

+ Transactional updates for reliability. Deltas minimize network traffic. Digital signatures guarantee integrity and provenance. +

+
+

This is the future of smart things.

+
+
+ Get an IoT app store + OTA updates whitepaper › +
+
+
+ Iot field updates from cloud +
+
+
+
+ +
+
+
+

Reliability

+
+
+
+
+
+
+
+ Safely move forwards and backwards GIF +
+
+
+
+

Safely move forwards and backwards

+
+

+ Every update preserves the previous version of code and data, so you can safely move applications forwards and backwards in their version history. +

+
+
+
+
+ Update streams GIF +
+
+
+
+

Update streams from channels

+
+
+

+ Every snap can offer multiple streams of updates — called channels — including the version and maturity -edge, beta, stable- of the snap . Switch to ‘3.2/stable’ and you know what you’ll be getting on that machine. +

+

+ That means you can go closer to the edge to see what features are coming, experiment with various versions to see which one suits you best, or stick to the recommended stable branch. +

+
+
+
+
+
+ Error handling GIF +
+
+
+
+

Graceful error handling and automatic recovery

+
+

+ Things don’t always work as we want, but snaps have automatic recovery mechanisms. If an error happens at any point during an update, Ubuntu Core will stop and revert to the previous working version of the application. +

+
+
+
+
+
+ +
+
+
+

Efficiency

+
+
+
+
+
+
+
+ Delta updates GIF +
+
+
+
+

Delta updates

+
+

+ When you make a small change in a large component, snaps will automatically calculate a binary delta to minimize the traffic and time required to distribute that update. +

+
+
+
+
+ Compressed and read only GIF +
+
+
+
+

Compressed and read-only

+
+

+ The content that ships inside snaps is compressed and remains compressed and read-only through the whole life time of the snap, even during normal use after installation. This means the original package digest and signature is never touched. +

+
+
+
+
+ Safe operating system updates +
+
+
+
+

Safe operating system updates

+
+
+

Resilience and flexibility all the way down.

+

+ The kernel and base operating system are handled as snaps as well, so all the benefits that apply to applications also apply to the system foundation. This means not only benefitting from fast and consistent updates to the core, but also graceful error handling with automatic rollbacks on improperly updated kernels. +

+
+
+
+
+
+
+ +
+
+
+
+

Get an IoT app store
for OTA updates

+
+
+

Get your own infrastructure for secure management and seamless software updates for your fleet of devices.

+
+

+ Get in touch +

+
+
+
-
-
- +
{% endblock content %} diff --git a/templates/core/features/recovery.html b/templates/core/features/recovery.html index a70f91fa6bb..703fb49b8a6 100644 --- a/templates/core/features/recovery.html +++ b/templates/core/features/recovery.html @@ -1,141 +1,174 @@ {% extends "core/base_core.html" %} {% block title %}Recovery | Ubuntu Core{% endblock %} -{% block meta_copydoc %}https://docs.google.com/document/d/1VpsLUf-cODyuKe7xqxW27cDIGorQHgWd95tFqMnClsg/edit{% endblock meta_copydoc %} +{% block meta_copydoc %} + https://docs.google.com/document/d/1VpsLUf-cODyuKe7xqxW27cDIGorQHgWd95tFqMnClsg/edit +{% endblock meta_copydoc %} + +{% block body_class %} + is-paper +{% endblock body_class %} {% block content %} -
-
-
-

Device recovery

-

Field repair is costly

-

Having to manually repair an IoT device in the field often can exceed the cost of the device itself. Dispatching an operator to a remote location to perform maintenance or an intervention may incur significant costs, depending on distance to the site and accessibility of devices. Furthermore, the resulting downtime may cause additional losses, even more so if the device is mission critical. A reliable device recovery system is essential to help avoid these costs and annoyances.

-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/3bbf268f-UC20_Device_Recovery.svg", - alt="", - width="200", - height="246", - hi_def=True, - loading="lazy" - ) | safe - }} +
+
+
+

Device recovery

+

Field repair is costly

+

+ Having to manually repair an IoT device in the field often can exceed the cost of the device itself. Dispatching an operator to a remote location to perform maintenance or an intervention may incur significant costs, depending on distance to the site and accessibility of devices. Furthermore, the resulting downtime may cause additional losses, even more so if the device is mission critical. A reliable device recovery system is essential to help avoid these costs and annoyances. +

+
+
+
+ +
+
-
-
+ -
-
-

Low touch device maintenance

-
-
-
-

Device recovery in the field should be low touch. IoT devices may be deployed at a very large scale, with hundreds or even thousands of devices in a fleet. At this scale, maintenance operations become a significant driver of costs. Automation and remote access are key for low touch maintenance. Basic and repetitive maintenance actions can be performed autonomously by the operating system. This frees up device operators from performing simple maintenance tasks, repeatedly on a large number of devices, which saves a lot of time.

-

In doing this, only complex maintenance actions need to be escalated to device operators. Empowering device operators with remote access to perform complex software-related maintenance actions, avoids substantial costs and allows all devices in the field to be maintained centrally - reducing the risks.

+
+
+
+
+

Low touch device maintenance

+
+
+

+ Device recovery in the field should be low touch. IoT devices may be deployed at a very large scale, with hundreds or even thousands of devices in a fleet. At this scale, maintenance operations become a significant driver of costs. Automation and remote access are key for low touch maintenance. Basic and repetitive maintenance actions can be performed autonomously by the operating system. This frees up device operators from performing simple maintenance tasks, repeatedly on a large number of devices, which saves a lot of time. +

+

+ In doing this, only complex maintenance actions need to be escalated to device operators. Empowering device operators with remote access to perform complex software-related maintenance actions, avoids substantial costs and allows all devices in the field to be maintained centrally - reducing the risks. +

+
+ +
+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/0adaa000-recovery+copy.jpg", - alt="", - width="400", - height="212", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
-
+ -
-
-

Device recovery on Ubuntu Core

-
-
-
-

ARM and x86

-

Ubuntu Core provides a robust device recovery system on both ARM and x86 SoCs. Devices can be recovered manually or remotely via a REST API.

+
+
+
+

Device recovery on Ubuntu Core

-
-

Free for pre-certified boards

-

Recovery mode is available out of the box on certified devices, like the Raspberry Pi, at no additional cost. An enablement fee is required to fully certify Ubuntu Core on non-certified boards.

+
+
+
+
+
+

ARM and x86

+
+
+

+ Ubuntu Core provides a robust device recovery system on both ARM and x86 SoCs. Devices can be recovered manually or remotely via a REST API. +

+
+
+
-
-
- -
-
-

How it works

-

Ubuntu Core 20 introduces a secure recovery system.

-
-
-
-

Recovery mode

-

Ubuntu Core offers a recovery mode that can be activated manually when booting, or remotely via API call. In recovery mode, Ubuntu Core presents a UI for users to enter recovery options. The operating system then proceeds to fetch the configuration files and snaps associated with a given configuration profile.

+
+
+
+
+
+

Free for pre-certified boards

+
+
+

+ Recovery mode is available out of the box on certified devices, like the Raspberry Pi, at no additional cost. An enablement fee is required to fully certify Ubuntu Core on non-certified boards. +

+
+
+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/f880a3bd-Enterprise+support.svg", - alt="", - width="150", - height="150", - hi_def=True, - loading="lazy" - ) | safe - }} +
+ +
+
+
+
+

How it works

+
+
+

Ubuntu Core 20 introduces a secure recovery system.

+
-
-
-
-
-
-
-

Snapshots

-

Multiple snapshots for the same device can be backed up in the recovery system. These snapshots reflect both configuration settings and the collection of snaps installed on the system. Device operators can create, name and save such snapshots in the recovery system. This enables a swift recovery of a desired system state when needed. Recovery can happen manually through a dedicated UI or remotely via an API call.

+
+
+
+
+
+

Recovery mode

+
+
+

+ Ubuntu Core offers a recovery mode that can be activated manually when booting, or remotely via API call. In recovery mode, Ubuntu Core presents a UI for users to enter recovery options. The operating system then proceeds to fetch the configuration files and snaps associated with a given configuration profile. +

+ +
+
+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/7de21966-snapshot.svg", - alt="", - width="150", - height="150", - hi_def=True, - loading="lazy" - ) | safe - }} +
+
+
+
+
+

Snapshots

+
+
+

+ Multiple snapshots for the same device can be backed up in the recovery system. These snapshots reflect both configuration settings and the collection of snaps installed on the system. Device operators can create, name and save such snapshots in the recovery system. This enables a swift recovery of a desired system state when needed. Recovery can happen manually through a dedicated UI or remotely via an API call. +

+ +
+
+
-
-
+ -
-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/c4b290c8-Contact+us.svg", - alt="", - width="281", - height="200", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
-

Low touch recovery for your devices

-

Get in touch with an Ubuntu security expert to discuss the advanced security requirements of your application.

-

- Get in touch -

+
+
+
+
+

Low touch recovery
for your devices

+
+
+
+
+ +
+
+

Get in touch with an Ubuntu security expert to discuss the advanced security requirements of your application.

+
+

+ Get in touch +

+
-
-
+ -
-
- +
{% endblock content %} diff --git a/templates/core/features/secure-boot.html b/templates/core/features/secure-boot.html index b99093fc600..c86f6cd7f55 100644 --- a/templates/core/features/secure-boot.html +++ b/templates/core/features/secure-boot.html @@ -1,150 +1,199 @@ {% extends "core/base_core.html" %} {% block title %}Secure boot | Ubuntu Core{% endblock %} -{% block meta_copydoc %}https://docs.google.com/document/d/1ltH7T2boIJ7VcUni4Kmc0XGlmmxWAf5u82LEwkEGP24/edit#{% endblock meta_copydoc %} -{% block content %} +{% block meta_copydoc %} + https://docs.google.com/document/d/1ltH7T2boIJ7VcUni4Kmc0XGlmmxWAf5u82LEwkEGP24/edit# +{% endblock meta_copydoc %} + +{% block body_class %} + is-paper +{% endblock body_class %} -
-
-
-

Secure boot

-

Protect against vulnerabilities at boot time

-

Computers are vulnerable during the boot process if they are not secured. The kernel, hardware peripherals and user space processes are all initiated at boot and any vulnerability in the boot firmware can have cascading effects on the entire system.

-

In the case of an attack on boot firmware, damages are so profound that often hardware replacement is the only fix. In an industrial IoT scenario, this means considerable downtime, manual maintenance, possibly at several locations and CapEx for hardware replacement. An utterly undesirable outcome.

-

- Learn about security and sandboxing in Ubuntu Core › -

+{% block content %} +
+
+
+

Secure boot

+
+
+

Protect against vulnerabilities at boot time

+

+ Computers are vulnerable during the boot process if they are not secured. The kernel, hardware peripherals and user space processes are all initiated at boot and any vulnerability in the boot firmware can have cascading effects on the entire system. +

+

+ In the case of an attack on boot firmware, damages are so profound that often hardware replacement is the only fix. In an industrial IoT scenario, this means considerable downtime, manual maintenance, possibly at several locations and CapEx for hardware replacement. An utterly undesirable outcome. +

+
+

+ Learn about security and sandboxing in Ubuntu Core  › +

+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/6ed19d21-UC20_Secure_boot.svg", - alt="Secure boot", - width="190", - height="190", - hi_def=True, - loading="lazy" - ) | safe - }} +
+
+ Advanced security features +
-
-
+
-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/720e50fa-UC20_advanced_security_features.svg", - alt="Advanced security features", - width="900", - height="264", - hi_def=True, - loading="lazy" - ) | safe - }} -
-
- -
-
-

Integrity verification

-

The integrity of the boot firmware must be proven before trust is established in user space processes. This requires a secure mechanism to establish integrity.

-

Such a mechanism should be implemented into low level computer initialisation firmware like UEFI, as validating the boot process integrity at this low level assures that a device has started up in a secure state.

-

Standard requirements and recommendations for boot integrity measurement are following (NIST 800-155):

- -

The root of trust is the most critical element for integrity determination. It can be implemented in hardware through secure elements or Trusted Platform Module (TPM) or coded in software using cryptographic libraries (Trusted Execution Environment).

-
-
+
+
+
+
+

Integrity verification

+
+
+

+ The integrity of the boot firmware must be proven before trust is established in user space processes. This requires a secure mechanism to establish integrity. +

+

+ Such a mechanism should be implemented into low level computer initialisation firmware like UEFI, as validating the boot process integrity at this low level assures that a device has started up in a secure state. +

+

+ Standard requirements and recommendations for boot integrity measurement are following (NIST 800-155): +

+
+
    +
  • + Enable endpoints to measure the integrity of all executables and configuration metadata at boot time +
    • +
  • Securely transmit measurements of integrity
    • +
  • + Provide the hardware support necessary to implement credible root of trust for integrity measurements +
    • +
+
+

+ The root of trust is the most critical element for integrity determination. It can be implemented in hardware through secure elements or Trusted Platform Module (TPM) or coded in software using cryptographic libraries (Trusted Execution Environment). +

+
+
+
-
-
-

Secure boot on Ubuntu Core

-
-
-
-

ARM and x86

-

Ubuntu Core abstracts the root of trust implementation for its secure boot process. As a consequence, Ubuntu Core secure boot can be enabled for both ARM and x86 SoCs.

+
+
+
+

Secure boot on Ubuntu Core

-
-

Free for pre-certified boards

-

Secure boot is available out of the box on certified devices at no additional cost. An enablement fee is required to fully certify Ubuntu Core on non-certified boards.

+
+
+
+
+
+

ARM and x86

+
+
+

+ Ubuntu Core abstracts the root of trust implementation for its secure boot process. As a consequence, Ubuntu Core secure boot can be enabled for both ARM and x86 SoCs. +

+
+
+
-
-
- -
-
-

How it works

-

Since Ubuntu Core 20, the boot process is authenticated by default. Authentication is based on the verification of digital signatures.

-
-
-
-

Chain of Trust

-

Each component in the boot sequence cryptographically validates the authenticity of the subsequent component in the boot sequence. Every component is measured before it is loaded in the runtime memory space. If an improper or unsigned component is detected, the boot process is stopped.

+
+
+
+
+
+

Free for pre-certified boards

+
+
+

+ Secure boot is available out of the box on certified devices at no additional cost. An enablement fee is required to fully certify Ubuntu Core on non-certified boards. +

+
+
+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/146a6eba-2+assessment_AW.svg", - alt="Assessment", - width="263", - height="150", - hi_def=True, - loading="lazy" - ) | safe - }} +
+ +
+
+
+
+

How it works

+
+
+

+ Since Ubuntu Core 20, the boot process is authenticated by default. Authentication is based on the verification of digital signatures. +

+
-
-
-
-
-
-
-

Digital keys

-

Ubuntu Core supports both hardware and software root of trust for secure boot. Security admins can create and store the digital keys used to validate the boot sequence in either a secure element, a TPM device or a software TEE

+
+
+
+
+
+

Chain of Trust

+
+
+

+ Each component in the boot sequence cryptographically validates the authenticity of the subsequent component in the boot sequence. Every component is measured before it is loaded in the runtime memory space. If an improper or unsigned component is detected, the boot process is stopped. +

+ {{ image(url="https://assets.ubuntu.com/v1/93fde248-chain-of-trust.png", + alt="", + width="300", + hi_def=True, + loading="lazy") | safe + }} +
+
+
-
- {{ image ( - url="https://assets.ubuntu.com/v1/2131b805-We+transfer+control.svg", - alt="Transfer control", - width="150", - height="150", - hi_def=True, - loading="lazy" - ) | safe - }} +
+
+
+
+
+

Digital keys

+
+
+

+ Ubuntu Core supports both hardware and software root of trust for secure boot. Security admins can create and store the digital keys used to validate the boot sequence in either a secure element, a TPM device or a software TEE. +

+ Digital keys +
+
+
-
-
+ -
-
-
- {{ image ( - url="https://assets.ubuntu.com/v1/c4b290c8-Contact+us.svg", - alt="", - width="281", - height="200", - hi_def=True, - loading="lazy" - ) | safe - }} +
+
+
+
+

Secure your devices

+
+
+
+
+ +
+
+

Get in touch with a Ubuntu security expert to discuss the advanced security requirements of your application.

+
+

+ Get in touch +

+
-
-

Secure your devices

-

Get in touch with a Ubuntu security expert to discuss the advanced security requirements of your application.

-

- Get in touch -

-
-
-
+ -
-
- +
{% endblock content %} diff --git a/templates/core/services/thank-you.html b/templates/core/services/thank-you.html index 42f7a4642d1..d3d804ea960 100644 --- a/templates/core/services/thank-you.html +++ b/templates/core/services/thank-you.html @@ -2,49 +2,50 @@ {% block title %}Thank you | AWS{% endblock %} -{% block head_extra%}{% endblock %} +{% block head_extra %}{% endblock %} {% block content %} -
-
-
-

Thank you for your interest in SMART START

-

A member of our team will be in touch within one working day.

-
-
- {{ - image( - url="https://assets.ubuntu.com/v1/52d53696-picto-thankyou-midaubergine.svg", - alt="", - width="200", - height="200", - hi_def=True, - loading="auto" - ) | safe - }} +
+
+
+

Thank you for your interest in SMART START.

+

A member of our team will be in touch shortly.

+
+
+
+ +
+
-
-{% include "shared/_thank_you_footer.html" %} + {% include "shared/_thank_you_footer.html" %} {% endblock content %} + {% block footer_extra %} - - - - + + + + {% endblock footer_extra %} diff --git a/templates/core/thank-you.html b/templates/core/thank-you.html index 2fde7d5759d..470def558f5 100644 --- a/templates/core/thank-you.html +++ b/templates/core/thank-you.html @@ -4,47 +4,52 @@ {% block head_extra %}{% endblock %} +{% block body_class %} + is-paper +{% endblock body_class %} + {% block content %} -
-
-
-

Thank you for contacting our team.

-

We will be in touch shortly.

-
-
- {{ - image( - url="https://assets.ubuntu.com/v1/52d53696-picto-thankyou-midaubergine.svg", - alt="", - height="200", - width="200", - hi_def=True, - loading="auto" - ) | safe - }} +
+
+
+

Thank you for contacting our team.

+

We will be in touch shortly.

+
+
+
+ +
+
-
-{% include "shared/_thank_you_footer.html" %} + {% include "shared/_thank_you_footer.html" %} {% endblock content %} + {% block footer_extra %} - - - - + + + + {% endblock footer_extra %} diff --git a/templates/shared/_thank_you_footer.html b/templates/shared/_thank_you_footer.html index d71e5882227..6fbca05ac58 100644 --- a/templates/shared/_thank_you_footer.html +++ b/templates/shared/_thank_you_footer.html @@ -1,26 +1,61 @@ -
-
-
-

More about our enterprise services

-
+
+
+
+

More about our enterprise services

-
-
-

Fully managed infrastructure

-

Canonical offers fully managed infrastructure, including Kubernetes, OpenStack, Ceph and SWIFT storage and the recommended LMA stack.

-

Managed open infrastructure ›

-
-
-

Consulting and deployment

-

Open infrastructure consulting and training is also provided by Canonical, with optimal and custom architecture design and deployment.

-

Consulting, deployment from Canonical ›

-

OpenStack, K8s, Kubeflow consulting & training ›

-
-
-

Infrastructure support & security

-

Access critical security fixes, legal assurance and phone and ticket support for OpenStack, K8s, Docker, Ceph and more through UA Infrastructure.

-

Security maintenance and support ›

-

Purchase from our store

+
+
+
+
+
+

Fully managed infrastructure

+

+ Canonical offers fully managed infrastructure, including Kubernetes, OpenStack, Ceph and SWIFT storage and the recommended LMA stack. +

+
+
+

+ Managed open infrastructure › +

+
+
+
+

Consulting and deployment

+

+ Open infrastructure consulting and training is also provided by Canonical, with optimal and custom architecture design and deployment. +

+
+
+

+ Consulting, deployment from Canonical › +

+
+
+
+

+ OpenStack, K8s, Kubeflow consulting & training › +

+
+
+
+

Infrastructure support & security

+

+ Access critical security fixes, legal assurance and phone and ticket support for OpenStack, K8s, Docker, Ceph and more through UA Infrastructure. +

+
+
+

+ Security maintenance and support › +

+
+
+
+

+ Purchase from our store › +

+
+
+
-
+
\ No newline at end of file