Arduino board meets EU Cyber Resilience Act requirements
The Arduino Portena X8 is claimed to be the first system on module (SoM) to meet all the requirements of the EU’s Cyber Resilience Act, on receipt.
It uses Foundries.io’s security technology to meet provisions such as provides capabilities making the Arduino Portenta X8 the industry’s first system-on-module (SoM) to meet all the requirements of the European Union’s Cyber Resilience Act (CRA) on shipment to a customer.
The CRA mandates a minimum set of security features for all IoT devices marketed in Europe from 2025. The legislation requires device OEMs to build in functionality to secure each device, its software and its connections. The OEM must also be able to rapidly identify and fix any exposures to a known vulnerability in any production device in the field, for the full lifespan of those devices.
Foundries.io provides cloud-native development and deployment DevOps solutions for secure IoT and edge devices and has provided hardware and software security and operational features required for compliance with the CRA for the lifetime of each device for the Portenta X8 SoM.
Developers who use the Portenta X8 SoM can manage device authentication, secure storage, provisioning, a software bill of materials (SBoM) and over-the-air (OTA) updating, in a single, cloud-based user environment. The system is secure against all known forms of cyber-attack and malware, said foundries.iom and enables rapid, device-specific responses to emerging common vulnerabilities and exposures (CVE) notices.
Arduino said it has met the requirements of the CRA by building the Linux microPlatform (LmP) and FoundriesFactory DevOps product from Foundries.io into the Portenta X8 SoM. To maintain Linux distribution Arduino develops and provides updates to the Linux microPlatform operating system using the secure The Update Framework (TUF) -compliant OTA updating utility in the FoundriesFactory product.
The Portenta X8 offers secure boot, a trusted execution environment, remote attestation, key installation, cloud authentication, TUF-compliant secure OTA updating and an SBoM that is automatically generated after every software update.
The X8 Board Manager tool provides a visual interface that ensures a user experience familiar to users of the Arduino EE development environment.
Fabio Violante, CEO of Arduino, said: “When deploying Linux-based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end. This spans from hardware and firmware to the Linux distribution and device management with FoundriesFactory technology. This allowed us to be naturally CRA-compliant from the very beginning.”
John Weil, chief marketing officer of Foundries.io, said: ‘Normally, SoM manufacturers supply their boards with a sample Linux distribution that is not maintained after shipment to the customer, and with none of the security infrastructure such as an SBoM tool and OTA update utility required to maintain device security for life.
“The Portenta X8 has become the first SoM to provide a straightforward path to full compliance with the EU’s CRA, right out-of-the-box”.
