IN Brief:
- Cambridge-based Microservice Store has launched “Embedded Microservices” as a foundation for an embedded-software marketplace.
- The approach centres on isolated, authenticated, native-code executables, designed to update features without reflashing monolithic firmware.
- Support claims extend down to Cortex-M0-class devices, with a runtime stack built around a micro hypervisor, secure kernel, and security manager.
Microservice Store has launched its “Embedded Microservices” technology, positioning it as the foundational layer for a digital marketplace that sells and deploys software building blocks for embedded and IoT devices. The pitch is straightforward: treat embedded functionality more like modular cloud software, but without the latency, jitter, and overhead penalties that normally arrive when someone tries to import datacentre ideas into a microcontroller.
In the company’s description, Embedded Microservices represent discrete functions — connectivity, cryptography, storage, AI inference — delivered as individually deployable executables that are securely isolated and authenticated. Instead of rebuilding and redeploying an entire firmware image when a single component needs to change, the model aims to support smaller, faster updates at the component level, with clear benefits for field maintenance, long-lived industrial devices, and security patching.
Under the hood, Microservice Store’s “embedded Microservice Runtime” is presented as the execution layer that makes the marketplace deployable on real hardware. The runtime claims broad architecture support, including Arm Cortex-M variants (down to Cortex-M0-class targets), RISC-V, and CHERI, and it explicitly targets MMU-less microcontrollers — the class of device where conventional container strategies fall apart. The runtime architecture is split into an integrated micro hypervisor, a secure kernel that schedules multiple containers and their threads, and a security manager intended to act as a device-wide monitor that can quarantine a compromised block, log incidents, and trigger recovery.
The company is also leaning hard into regulatory and assurance language. Its runtime description frames the security manager as designed to meet global security standards, naming PSA and SESIP, alongside regional regulatory regimes including the UK PSTI and the EU’s Cyber Resilience Act. In practice, engineers will want to separate “designed to meet” from “certified to,” but the direction of travel is obvious: embedded software supply chains are being dragged into the same accountability space as cloud, and reusable components will only scale if provenance, isolation, and update mechanisms are built in.
If Microservice Store can make third-party IP reuse behave like a controlled, verifiable supply chain — rather than a copy-paste tradition followed by a nervous silence — it will land in the right place at the right time. The technical challenge is ensuring isolation and deterministic behaviour remain intact as developers start composing real products from a stack of independently sourced blocks.
