top of page

embedded Microservice Runtime 

The Microservice Store Embedded Runtime is the execution layer that makes the Store real on real hardware. It runs on microcontrollers, supports almost all architectures, including Arm Cortex-M (Armv6-m, Armv7-m, TrustZone for Armv8-m), RISC-V, and CHERI. It is engineered to operate even on the smallest devices, down to Cortex-M0-class targets.

 

At its core, the Runtime combines an integrated Micro Hypervisor, a Secure Kernel, and a Security Manager, so you can deploy isolated, updateable functionality on real devices without turning your firmware into a monolith.

This foundation is only the beginning. For decades, edge devices have been held back by a 1970s mindset, one giant firmware image, tightly coupled components, and risky updates, but we are breaking that cycle. We are building a modern future on this core technology, where embedded devices evolve safely in the field, component by component, with cloud-style modularity and embedded-grade determinism, built around a Digital Marketplace, where individuals or inventors become entrepreneurs to fuel the innovation in Embedded Systems.

​​

The architecture

The Runtime integrates three tightly coupled layers, each designed specifically for embedded constraints and real-time requirements.

Secure_OS_Diagram_upd.png

1) Integrated Micro Hypervisor

Integrated Micro Hypervisor brings Docker-style containers and Cloud Microservices to MMU-less Microcontrollers.

Microservices are a plug-and-play version of Microcontainers. Microcontainers & Microservices are isolated, language- and toolchain-independent executables that can even be deployed individually.

Micro Hypervisor is designed for Real-Time performance requirements. Containers are native machine code with no interpretation, so there's no runtime overhead.

2) Integrated Secure Kernel

The platform supports the simultaneous execution of multiple containers, each capable of managing its own multi-threaded workloads. Our Integrated Secure Kernel serves as the foundation for this architecture, securely scheduling both the containers and their private threads across the system. Beyond scheduling, the Secure Kernel provides essential operating system services, including Inter-Process Communication (IPC), Mutexes, and Semaphores, ensuring robust resource management and synchronisation.

3) Integrated Security Manager

The Integrated Security Manager provides proactive protection by acting as a dedicated Security Monitor for the entire device. It is designed to meet rigorous global security standards, including PSA (Platform Security Architecture) and SESIP, as well as regional regulations such as UK PSTI, the EU Cybersecurity Act, and applicable US and Asian mandates.

In the event of a security violation or system malfunction, the Security Manager automatically quarantines the compromised block, logs the incident to the vendor, and initiates system recovery.

This protection extends down to the individual level: each Microcontainer and Microservice is treated as an independent virtual environment with its own dedicated lifecycle, authentication&confidentiality, access policies, and attestation.

👉 Try Now!
"Build a Secure IoT Device In Seconds"

 

All you need is your web browser!

Subscribe to Our Newsletter

  • LinkedIn
  • NS

Contact:

Email: info@microservicestore.com

Phone: +44 7770 110 293

© 2025 Microservice Store | All Rights Reserved | Privacy Policy  | Vulnerability Disclosure

bottom of page