treVM: Tiny Rust Embedded Virtual Machines with WASM on Variable Resource-Constrained Hardware
For developers of low-power networked embedded devices, treVM provides a framework for secure continuous deployment, bridging the gap between resource-constrained microcontrollers and more capable systems.
treVM enables hosting WebAssembly capsules on 32-bit microcontrollers, allowing secure over-the-network updates of business logic on deployed devices. Benchmarks on Arm Cortex-M, RISC-V, and Xtensa architectures demonstrate feasibility across heterogeneous hardware.
Software stacks embedded on microcontroller-based hardware typically provide rudimentary APIs programmed in C/C++, basic connectivity and, sometimes, a firmware update mechanism. Such coarse mechanisms contrast with widely used APIs and more advanced networked interaction expected from software stacks deployed on less resource-constrained hardware (microprocessor-based). In this paper, we aim to bridge this gap by designing treVM, a generic scheme to host high-level WebAssembly code capsules, bolted on a general-purpose Rust embedded software platform, able to run on a large variety of 32-bit microcontrollers. Not only can treVM capsules host highly customizable business logic, but capsules can also be securely updated on demand over the network, on devices already deployed in the field. We implement treVM in Rust, on top of Ariel OS, a general-purpose RTOS, and we publish the code as open source. Based on our implementation, we validate the feasibility of treVM on commonly available boards, and we report on extensive benchmarks we performed on heterogeneous hardware including Arm Cortex-M, RISC-V, and Xtensa microcontroller architectures. As such, treVM provides a promising new framework to secure continuous deployment of embedded software on low-power networked devices.