Ocre Comes to Linux: Extended Reach for Portable, Lightweight Containers Powered by WebAssembly
Author: Krisztián Szilvási – Lead Embedded Architect, Atym
For anyone working with embedded devices and systems, software containerization has historically felt out of reach. Traditional container runtimes like Docker bring power and portability—but at a cost of hundreds of megabytes and prohibitive resource consumption. Ocre eliminates that tradeoff.
Built to be radically efficient, Ocre supports OCI-like containers with an overhead thousands of times smaller than traditional containerization technologies like Docker. And now, thanks to community feedback and real-world demand, Ocre is expanding its reach. It’s official: Ocre now also supports Linux!
Rethinking Containers for the Embedded World
Powered by WebAssembly (Wasm), Ocre redefines what containers look like for resource-constrained hardware. Ocre isn’t just a slimmed-down clone of Docker. It’s a container runtime that has been designed from the ground up for embedded-first constraints.
So why Wasm? Because it’s:
- Safe, with strong isolation guarantees
- Portable, across architectures and operating systems
- Mature, with robust toolchains and multi-language support
As Atym’s co-founder and CTO Stephen Berard’s two part series on Wasm explores, WebAssembly is no longer just for the browser – it enables a universal runtime for cloud-native and edge applications. Ocre builds on the core technology to provide true containerization and supporting management hooks for resource-constrained devices. We’re talking hardware with KB’s to MB’s of memory here!
Linux Joins the Party: Driven by Community, Built for Cross-Platform Portability
Atym seeded the Ocre project in LF Edge with code last August to foster vendor-neutral collaboration on the technology. Zephyr was chosen as the base for the original runtime due to its robust architecture, active community, and broad board support, and it continues to be a key choice for MCU-based Ocre deployments.
However, over the past year the Ocre community has seen strong interest in expanding the project scope to support:
- CPU-based platforms with tens or hundreds of megabytes of memory
- More flexible OS options for prototyping and deployment
- Cross-platform container compatibility between MCUs and CPUs
And so, the porting journey began. Thanks to strong developer and community feedback, Ocre now supports Linux platforms, extending containerization to CPU-based edge devices that are capable of running Linux but Docker can be too heavy for. Examples include routers, switches, industrial controllers IoT gateways, set-top boxes, digital signage sticks, and more.
Atym’s contribution of the Ocre Linux port is under the same Apache 2.0 license as the original runtime based on Zephyr. With both the Zephyr and Linux variants, you can now build once and deploy anywhere – a huge win for unifying your embedded development pipelines.
A Deep Dive into the Architecture
The Linux runtime wasn’t just stitched together. We built it with intent, using the same shared core architecture that powers the Zephyr version. Key architectural tenets include:
- Common Codebase: The heart of Ocre is platform-agnostic. Whether you’re running on an MCU or CPU, the same logic drives container lifecycle management, isolation, and execution.
- Platform Abstraction Layer: We implemented a clean, minimal abstraction layer called “core” to bridge the gaps between Zephyr and Linux’s different scheduling models and APIs.
- Modular Runtime Execution: We architected the runtime to execute most efficiently for the target hardware. On MCUs, Ocre runs as a core application integrated with the RTOS firmware, with containerized software running on top. On CPUs, Ocre runs as a standalone Linux service or daemon.
Imagine side-by-side an MCU-based device running Ocre Zephyr as firmware and a CPU-based device running Ocre Linux as a service.
Ocre enables the same container and underlying code to be deployed on these two different targets. This is what true cross-platform portability looks like for embedded!
Important to note is that the Ocre runtime is agnostic to underlying operating system. In fact, Atym originally prototyped Ocre on FreeRTOS before refactoring to Zephyr and contributing it to LF Edge to seed the project. Want to extend support to FreeRTOS, NuttX, ThreadX, or any other RTOS? Just implement your platform bindings and a mini sample main.
On the Linux front, while this initial contribution is built with Ubuntu, we expect to see variants based on other popular distributions such as Raspberry Pi OS and Debian, as well as Yocto-based builds.
Our Porting Journey: Insights from the Inside
When the Atym team took on the challenge of enabling the Ocre community with a Linux version of the runtime, it wasn’t just a matter of refactoring— we worked to thoughtfully decouple it from Zephyr-specific integrations and architect a foundation built for long-term portability and resilience. In the process, we had to overcome several technical challenges and made strategic architectural decisions.
Zephyr has great libraries that integrate closely with its kernel. That’s a gift when working inside Zephyr—but it became a hurdle during the port. Many components relied on Zephyr-specific constructs: threads, message queues, mutexes, etc. We had to rewire these using POSIX abstractions to match Linux semantics.
We had to port Zephyr’s state machine framework. Fortunately, this was possible with minimal tweaks and now it runs the same code on both platforms.
The build system posed its own challenge. We needed to restructure it to separate platform logic, allowing shared modules to compile cleanly across environments.
We introduced new logic to securely manage container storage across both environments to account for the differences between flash- and filesystem-based deployments.
Unprecedented Portability
The biggest challenge wasn’t just making Ocre run on Linux. It was building something scalable, something that could grow with the ecosystem. We debated using existing OS abstraction layers, but they didn’t give us the precision we needed. So, we created a custom abstraction.
This optimized abstraction layer keeps things lean, configurable, and highly portable. It’s how we preserved a single codebase while unlocking deployment on completely different OS’es. We love wordplay at Atym — and this “core” module is the beating heart of Ocre’s portability.
The screenshots below show a Hello World container — a tiny WASM binary — being compiled and deployed on three very different platform architectures:
- Raspberry Pi 5 running Raspberry Pi OS
- Intel x64 machine running Ubuntu 24 Linux
- STM32 Cortex-M33 running Zephyr 3.7
Same binary. Same behavior. Different platforms. Imagine what you can do with this level of portability!
Why Ocre Matters
Ocre isn’t just a runtime—it’s a catalyst for revolutionizing the embedded space. By bringing containerization and cloud-native principles to embedded development, it opens up new possibilities and transforms how engineers build, test, and deploy software on resource-constrained hardware. Embedded developers now have access to modern tools and workflows that were once limited to cloud and desktop environments. By the same token, cloud developers familiar with Linux and Docker can deploy workloads to resource-constrained devices without having to learn new tools and workflows.
For Developers
- Utilize Linux for rapid prototyping and CI workflows
- Develop and debug once — deploy on your platform of choice
- Share container artifacts between teams targeting different hardware
- Reduce the pain of managing heterogeneous platforms
- Prevent lock-in by building on open standards, not proprietary silos
For OEMs, Integrators, and End Users
- Free up hundreds of MBs of memory headroom for apps
- Lower BOM cost by specifying less memory
- Reduce device power consumption
- Scale deployments across diverse OS and hardware fleets with ease
Example software breakout on a device with 512MB of available memory
This isn’t theory. It’s real and running today — lean and fast — across Zephyr and Linux.
Looking Ahead
Ocre’s evolution has been shaped by real-world needs, and the addition of Linux support unlocks a new chapter for the project. We welcome community contribution in all areas, with examples being expanded OS support (both other RTOS and Linux flavors), further integration into traditional OS platforms with embedded-style containerization, runtime extensions, and community-powered tooling for CI/CD, debugging, and deployment.
Wrapping Up
The embedded world doesn’t have to live in the shadows of cloud-native innovation. Ocre’s mission is to make containers simple, portable, and radically efficient for resource-constrained devices. Now that the project also supports Linux, it addresses a full range of MCU to CPU-based hardware, from real-time firmware to standard OS environments. Same format, same runtime model, radically different hardware — all connected through a shared architecture.
We look forward to working with the open-source community to refine both versions of the runtime and help standardize the Ocre container format as the “Docker for Embedded.”
So, what’s next? Take the code for a spin, join the Ocre community, or best of all, contribute code to help shape a world where containers aren’t a niche, but a standard for embedded devices and systems!
Also feel free to drop us a line at Atym – we’re glad to help you get started with Ocre and would love to hear what you’re building if you’ve already gotten hands-on with it.
Ocre Resources
