London, September 12, 2023 — Foundries.io has revealed that its security technology provides capabilities making the Arduino Portenta X8 the industry’s first system-on-module (SoM) to meet all the requirements of the European Union’s Cyber Resilience Act (CRA) on shipment to a customer.
The Cyber Resilience Act specifies a minimum set of security features to be mandatory for all IoT devices marketed in Europe from 2025. The legislation requires device OEMs to build in functionality to secure each device, its software and its connections. Under the terms of the law, the OEM must also be able to rapidly identify and fix any exposures to a known vulnerability in any production device in the field, for the full lifespan of those devices.
Foundries.io, a provider of cloud-native development and deployment DevOps solutions for secure IoT and Edge devices, has teamed up with Arduino to give users of the Portenta X8, a SoM for high-performance embedded computing applications, a ready-made system that offers the full set of hardware and software security and operational features required for compliance with the CRA for the lifetime of each device.
Developers who use the Portenta X8 SOM can manage device authentication, secure storage, provisioning, a software bill-of-materials (SBOM), and over-the-air (OTA) updating, all in a single, cloud-based user environment. The system is highly secure against all known forms of cyber-attack and malware, and enables rapid, device-specific responses to emerging Common Vulnerabilities and Exposures (CVE) notices.
FoundriesFactory integration for full security protection
Arduino has met the requirements of the EU’s Cyber Resilience Act by building the Linux microPlatform™ (LmP) and FoundriesFactory® DevOps product from Foundries.io into the Portenta X8 SoM. This provides Portenta X8 users with a fully maintained Linux® distribution – Arduino develops and provides updates to the Linux microPlatform operating system using the secure The Update Framework (TUF) compliant OTA updating utility in the FoundriesFactory product.
The Portenta X8 offers the comprehensive suite of security functions provided by the Linux microPlatform and FoundriesFactory platform, including:
- Secure boot
- A trusted execution environment
- Remote attestation
- Key installation
- Cloud authentication
- TUF-compliant secure OTA updating
- A SBOM that is automatically generated after every software update
The complexity of implementing all these capabilities is overcome with Foundries.io software easily configured and deployed on the Portenta X8. The X8 Board Manager tool provides a visual interface that ensures a user experience familiar to users of the Arduino EE development environment.
John Weil, Chief Marketing Officer of Foundries.io, said: ‘Normally, SoM manufacturers supply their boards with a sample Linux distribution that is not maintained after shipment to the customer, and with none of the security infrastructure such as an SBOM tool and OTA update utility required to maintain device security for life.
‘Thanks to the capabilities of the FoundriesFactory platform implemented by Arduino, the Portenta X8 has become the first SoM to provide a straightforward path to full compliance with the EU’s CRA, right out-of-the-box.’
Fabio Violante, CEO of Arduino, said: “When deploying Linux based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end. This spans from Hardware and Firmware to the Linux distribution and device management with FoundriesFactory technology. This allowed us to be naturally CRA compliant from the very beginning.”
Get more information about the FoundriesFactory platform and LmP, Explore Our IoT Management Platform.
Learn more about about Arduino Portenta X8 SoM.
About Foundries.io
Foundries.io helps organizations bring IoT and Edge devices to market faster.
The FoundriesFactory subscription service reinvents IoT by delivering a secure, customizable, Linux platform with fleet management services for the world's connected devices. Now, product teams gain enhanced data security while reducing the cost of developing, testing, deploying and maintaining devices across their installed lifetime. Our open-source Linux microPlatform interfaces to any cloud and supports market leading microprocessors, SBCs and SoMs, enabling developers to focus on their applications, and not have to worry about the firmware platform and operating system.