Written by Stephen Berard, Chief Technology Officer at Atym
Introduction
Highly constrained embedded systems play a pivotal role in modern technology, powering everything from consumer applications to industrial and critical infrastructure. This class of device is generally based on microcontrollers (MCUs) which consolidate multiple components and peripherals onto a single chip to optimize power consumption and reduce costs. With their compact design and integrated functionalities, these devices operate under stringent resource constraints and are traditionally programmed using low-level languages such as C or C++. Creating software for these devices is difficult because of their low-level abstractions, diverse hardware configurations, complex debugging, and the requirement for manual performance optimization.
As the demand for smart, interconnected devices increases, so does the challenge of effectively managing and deploying software. While technologies like virtual machines, Docker, and Kubernetes have transformed cloud application development, their adaptation for constrained embedded devices remains elusive. At Atym, we believe it’s time this changes. Our mission is to revolutionize how embedded applications are designed, built, deployed, and managed on highly constrained devices that lack the resources of traditional computing platforms.
We’re excited to announce that we’re contributing the code for our device runtime to seed Project Ocre in LF Edge. Leveraging the Zephyr operating system and the WebAssembly Micro Runtime, Ocre offers a lightweight and efficient container virtualization layer, coupled with robust runtime management and monitoring capabilities. Our goal is to work with the open-source community to make Ocre the de facto standard for supporting containerized apps on highly constrained embedded devices. To give you some perspective, a Linux-based container runtime like Docker typically requires 256MB of system memory; Ocre is around 256KB – 1,000 times lighter.
I’ve written previously about why we chose Zephyr and how we’ve leveraged WebAssembly to enable containerization. In this blog post, we’ll delve into the technical intricacies of Ocre and explore how it addresses the unique challenges of developing software for highly constrained devices.
Containerization for Highly Constrained Devices
Traditional containerization platforms, such as virtual machines, containers, and orchestrators have revolutionized application deployment in the cloud and data center and have recently made their way into more capable edge hardware. However, adapting these solutions to highly constrained embedded devices poses significant challenges due to limited resources and diverse hardware architectures. Containerization solutions, such as Docker and Podman, require the support of a traditional operating system. Typically, this is fulfilled via Linux. However, the billions of constrained devices are unable to run Linux or lack sufficient resources to run it well. We’re talking about a class of devices that have 1MB of memory, often less, vs. a typical gateway-class device that typically has 512MB or more of memory.
Ocre bridges this gap by providing a resource-efficient containerization solution in a footprint of 256KB and tailored specifically for embedded devices. Ocre utilizes WebAssembly in order to provide containerization within the resource limitations of these highly constrained embedded systems. Built upon the Zephyr OS, the Ocre runtime benefits from its robust foundation. Zephyr not only offers essential real-time operating system services but also boasts excellent hardware and peripheral support, enhancing the portability of the Ocre runtime.
Open Source and Open Standards
Ocre is built upon a foundation of open-source and open standards principles. In the fast-paced world of software development, open source is not just a preference but a necessity, driving progress and propelling the industry forward.
By embracing an open, vendor-neutral approach, Project Ocre will ensure transparency, accessibility, and interoperability. This empowers developers to build innovative solutions on Project Ocre and also to extend Ocre to meet their unique requirements.
As mentioned above, Ocre leverages the Linux Foundation’s open-sourced Zephyr OS to provide core operating system services and hardware support.
Ocre’s virtualization capabilities are based on the W3C standard, WebAssembly (WASM) where it employs the WebAssembly Micro Runtime, itself another open-source project. Ocre builds on these two core pillars to provide a hardware abstraction layer, enables isolated OCI-like app containers, and supports inter-container communication. It also provides key security features such as a fine-grained permissions model and image validation. Deployment and management follow the same paradigm as traditional OCI-container solutions; something familiar to DevOps and IT teams. Project Ocre will be released under the permissive Apache-2 open-source license.
Containerization with WebAssembly
Specifically, the Ocre containerization engine is built around the WebAssembly Micro Runtime (WAMR), a Bytecode Alliance project. Initially designed for web browsers, WebAssembly has recently found broad success outside the browser through the WebAssembly System Interface because it provides a lightweight, sandboxed execution environment. WAMR is a compact and high-performance WASM runtime that is ideally suited for resource-constrained embedded systems.
While WebAssembly can be used to safely execute code, it does not provide a containerization solution on its own. That is where Ocre comes into play. The Ocre runtime manages the full container lifecycle including container creation, execution, monitoring, stopping, and removal. In addition, it provides a standard set of APIs for system, storage, network, and hardware operations. This ensures compatibility with a wide range of existing embedded software and libraries. The choice of Zephyr as the foundation provides users with a broad base of supported hardware due to the strong momentum of the community.
Multilingual Support and Extensibility
One of the key distinguishing features of the Ocre containerization solution is its comprehensive support for multiple programming languages beyond C and C++ which accounts for the overwhelming majority of embedded applications today. While these languages remain foundational in embedded development, Project Ocre goes a step further by providing first-class support for languages such as C/C++, GoLang, RUST, Zig, JavaScript, and more.
By supporting a diverse set of programming languages, Ocre empowers developers to choose the tools and languages that best suit their project requirements. One can even mix and match containers written in different languages, run them simultaneously on the same device, and enable communication between these containers based on policy. This is a great way to introduce code in a new technical stack while preserving existing code. For example, an existing C-based application can be deployed in an isolated container with a new application written in RUST deployed alongside it. Furthermore, the solution is designed with extensibility in mind, allowing for the integration of additional languages and technical stacks as needed. This flexibility ensures that developers can easily adapt and extend our solution to meet the unique demands of their embedded projects.
Developer Workflow
Ocre streamlines the developer workflow, offering a familiar paradigm to existing containerization solutions such as Docker, Podman, and OCI containers. As such, developers build their applications using their preferred development language and toolchain. Any toolchain that can target WebAssembly can be used. To date this includes C/C++, Golang, Rust, JavaScript, and many others. A list of these can be found here.
The next step is to package the application into one or more container images using Ocre tools. This creates an immutable container image artifact. Once packaged, images can be pushed to any OCI-compliant container repository and deployed to target devices.
At Atym, we have a feature-rich commercial implementation called the Atym Hub. The Atym Hub includes a container repository with support for public and private images. It also features advanced capabilities for deployment, deployment optimization, management, and monitoring capabilities – all of which are accessible through a command line interface, web user interface, or API endpoint. The Atym Hub abstracts the complexities of embedded deployment, providing a consistent and intuitive interface for managing containerized applications. Whether deploying a single container or orchestrating complex multi-container applications across large fleets of devices, developers can rely on Atym to streamline the deployment process and maximize productivity.
Conclusion
In conclusion, the Ocre container runtime represents a paradigm shift in software development for embedded systems by offering a powerful and flexible containerization solution tailored specifically for resource-constrained environments. By leveraging Zephyr and WebAssembly, along with comprehensive language support and runtime management capabilities, Ocre provides a robust foundation for developers to build and deploy complex applications on embedded devices with ease.
Stay tuned for more details and our code drop to seed Project Ocre in LF Edge in the coming month. We welcome you to join the Ocre community to evolve the runtime, unlock new possibilities for embedded systems development, and usher in a new era of connected intelligent devices.
Atym’s CEO, Jason Shepherd, and I will be introducing Project Ocre at the Embedded Open Source Summit, taking place in Seattle from April 16th through the 18th. Whether you attend in person or watch online, don’t miss this opportunity to discover how Project Ocre will reshape the landscape of software development for highly constrained devices. Together, let’s shape the future of embedded!