Any embedded computing system-on-module (SoM) designed for the Linux® operating system (OS) typically provides multiple high-speed wired and wireless interfaces. This presents a large surface for cyber-attackers to aim at, so product manufacturers are becoming more aware of the need to implement watertight security – even more so with the imminent introduction of the European Union’s (EU) Cyber Resilience Act (CRA), legislation that threatens to impose substantial fines for non-compliance.
An embedded computing SoM based on a processor architecture such as Arm® Cortex®-A is typically supplied with a rich set of hardware security capabilities, supporting functions such as secure boot, random number generation, advanced cryptography and TrustZone secure partitioning.
The problem for developers, however, is that the security system supplied out-of-the-box by most SoM manufacturers is a once-only implementation, frozen in time, whereas the CRA calls for lifetime security – the ability to resist new and emerging threats and to update a device’s security protection in the field for as long as it is in use.
Even for manufacturers that do not sell into the European market, compliance with security regulations is set to be as relevant as it is for Europeans, with legislation such as the Strengthening American Cybersecurity Act working its way through Congress.
Now Arduino, the maker of open-source electronics platforms based on easy-to-use hardware and software, has become the first SoM supplier to provide a board that is CRA-ready right out-of-the-box, thanks to its provision of a security update and fleet management capability based on the FoundriesFactory® DevSecOps product. Arduino’s new board, the Portenta X8, gives OEMs a way to make CRA compliance a normal and straightforward part of the product development process, rather than an extended and draining distraction.
Why Linux-based systems need timely updates
Among the many benefits of using the Linux OS in embedded systems is the vast community of engineers in the open-source community, which feeds a regular stream of updates and patches that maintain its very high security and integrity. This means that every device shipped with a version of the Linux OS needs to be capable of continuously receiving and installing updates in the field to fix bugs and eliminate exposure to vulnerabilities.
But the connections - which are often left open or become exposed to vulnerabilities over time - provided by a Linux OS-based SoM mean that all the software on it can be compromised in ways that cannot be predicted. Mechanisms are therefore required to update a SoM’s operating and application software over its useful lifetime in the field, in response to common vulnerabilities and exposures (CVE) notices or other security problems. Manufacturers also need to be able to identify in a timely way which products are exposed to specific threats, and to report vulnerabilities to users and authorities.
The effect of the CRA is to make this kind of lifetime security for embedded devices a legal requirement, and not just a prudent step that any responsible OEM would be taking in any case to protect its finances, operational stability and reputation.
Most SoMs shipped today fail to provide built-in support for this kind of lifetime security. The basic hardware security functions are there. But the Linux image with which the board is shipped is intended for board enablement, to get the developer started quickly: it is not supplied with a guarantee of lifetime support and with the infrastructure required for timely updating. And the SoM will have none of the other supporting functions required to keep firmware and application software continually secure for life.
This means that, to comply with the CRA, the SoM user has to take on the project of implementing the software and operational functions of field-upgradable security such as:
- Device provisioning (secure boot, keys and certificates)
- Support for secure over-the-air (OTA) updating
- A software bill-of-materials (SBOM)
- Remote maintenance and fleet management
This project, when performed in-house, is technically difficult, time-consuming, and drains engineering resources away from the development of valuable applications and features.
Portenta X8 with X8 Board Manager software has CRA readiness built-in
This is why the introduction of the Arduino Portenta X8 is so significant. Arduino supplies the Portenta X8 with optional X8 Board Manager software: the X8 Board Manager is a special version of the FoundriesFactory platform, configured for smooth integration with the Arduino EE development environment and other Arduino developer resources.
The X8 Board Manager provides a complete toolchain for device provisioning, for implementing software updates via The Update Framework – the TUF utility for delivering OTA updates - and for automatically generating an SBOM tied to individual production units. In the X8 Board Manager, all the tools for device provisioning, updating and the SBOM are tied at the front end to the development and CI/CD process flow, and at the back end to comprehensive fleet management tools to enable, for instance, reporting on exposure to CVE notices, or selecting exposed devices for specific updates.
Over the SoM’s entire lifetime, from the start of proof-of-concept development through to disposal and decommissioning, the X8 Board Manager based on the FoundriesFactory product provides an automated, easy and intuitive workflow and toolchain for maintaining device security.
The lesson is clear: the fastest and easiest route to compliance with security regulations is by using the FoundriesFactory platform that Arduino has chosen for its X8 Board Manager.