Ocre leverages WebAssembly (Wasm) to extend OCI-like software containerization to resource-constrained edge devices that have historically run firmware or embedded Linux. The Ocre runtime abstracts hardware complexity and enables code written in choice of programming language to be broken out into containerized applications that are developed and managed independently and have a footprint up to 2000X lighter than traditional container binaries.

The Ocre Runtime Supports Lightweight OCI-Type Containers

TWO VERSIONS ADDRESS DIVERSE HARDWARE

The Ocre runtime is available in two foundational versions to address a diverse landscape of resource-constrained edge hardware.
  • An RTOS version for MCU-based devices with as little as 256KB of memory. The reference design includes the Zephyr RTOS and runs as firmware with containerized applications deployed on top.
  • A Linux version for CPU-based devices which runs as a Linux service with a footprint of less than 1MB.
The exact same code and container binaries are portable across each environment, providing the target hardware has the required physical resources. The Ocre architecture is compatible with any silicon (e.g. M3 to A9 class Arm, RISC-V, ESP32, x86).  Specific compatibility is driven by choice of RTOS or underlying Linux build, in addition to the availability of necessary device drivers.   Ocre leverages Zephyr as the reference RTOS for the MCU runtime due to the modern architecture, engaged community, and broad hardware support, but we welcome the community to port to other RTOS flavors such as FreeRTOS and NuttX.  Similarly, we encourage the community to port Ocre to various Linux distributions and Yocto-based builds.

Ocre RTOS Architecture with Zephyr

THE OCRE ADVANTAGE

The two Ocre runtime variants and available commercial orchestration tools bring benefits that we take for granted in the cloud.  These benefits include:
  • Portability/reusability of both legacy and new code across diverse hardware architectures and operating systems
  • Simplified code integration, including edge AI models. Developers with backgrounds in embedded, AI, cloud, IoT, web and mobile don’t need to learn new skills sets to collaborate effectively.
  • Better IP protection when collaborating with partners because valuable source code IP is obfuscated in container binaries
  • Improved security and ability to comply with regulations like SBOM, Cyber Resilience Act (CRA) and memory safe code
  • Support for remote management at scale, including fractional updates

Ocre RTOS turns firmware into containerized software

  Ocre is set to transform how software is built for MCU-based devices and provides an attractive alternative to traditional container technologies for resource-constrained hardware running Linux. The Ocre Linux runtime provides developers with a very similar experience to Docker while enabling them to deploy more functionality within the same memory footprint or decrease their overall memory BOM cost. A common interest for this benefit is reclaiming memory space to run more sophisticated AI models.

Ocre Linux frees up hundreds of MBs of memory compared to Docker (example breakout with 512GB of memory)

  The Ocre community believes software containerization for embedded devices and systems such as sensors, smart cameras, appliances, controllers, robots, drones and cars is critical as they continue to get more complex to develop and maintain, are increasingly software-defined and leverage onboard AI, and are faced with growing security challenges.

Ocre use cases span single sensors to embedded systems and general-purpose edge infrastructure

KEY FEATURES

  • Support for containers written in any programming language (e.g. C/C++, Go, Rust)
  • Full management API for use with CLI or choice of 3rd-party console
  • Hardware abstraction accelerates silicon swaps from months to weeks or even days
  • Baseline support for thousands of boards with Zephyr as the reference RTOS for the MCU runtime and Linux for CPUs
  • Containerized apps sandboxed from each other and the host hardware by default
  • Access between apps and hardware only possible based on permissions established through the management API
  • Apps can only access specified device memory, preventing callstack jumps and buffer overruns
  • Individual containers can be terminated if abnormal behavior is detected
Ocre RTOS
  • Runs as firmware
  • Minimum deployment footprint of 128KB of memory and flash
  • Application containers can be as small as 300 bytes
  • Near-native performance with AOT compilation
Ocre Linux
  • Runs as a Linux service with a footprint of <1MB
  • Individual container binaries have up to 2000X less overhead than Docker

MISSION STATEMENT

Our mission is to revolutionize how applications are developed, deployed, and managed for the billions of resource-constrained edge devices and systems in the physical world. Developing applications for constrained edge devices with Ocre should be as easy as building cloud-native applications.   The Ocre project is managed with vendor-neutral governance, and all code is licensed as Apache 2.0. The Ocre community is also committed to collaborating with other related standards efforts. For example, we are working with the Embedded Special Interest Group (e-SIG) in the Bytecode Alliance with regards to standards and best practices for WebAssembly (Wasm) and the WebAssembly Systems Interface (WASI) in the embedded and industrial spaces.
Get Started With Ocre