Ubuntu Core is based on “snaps” which are readonly squashfs images with signed metadata. Everything on the system is a snap. This includes applications and the kernel. Snaps run in a lightweight container like environment with apparmor confinement and are isolated from each other and can only communicate via well defined security boundaries (“interfaces”).

Then the main system is composed of a kernel snap, a bootloader snap, a base (rootfs) snap, and a snapd daemon snap. This granularity is useful to handle IoT hardware since much of the hardware needs custom kernels or bootloaders. Here a new initrd was developed and is presented in the talk. Some hurdles (like how to deal with /etc in a readonly image world) are also presented.