SoM offers out-of-the-box compliance with new EU security law
The CRA specifies a minimum set of security features to be mandatory for all IoT devices marketed in Europe from 2025.
The legislation requires device OEMs to build in functionality to secure each device, its software, and its connections. Under the terms of the law, the OEM must also be able to rapidly identify and fix any exposures to a known vulnerability in any production device in the field, for the full lifespan of those devices.
Developers who use the Portenta X8 SOM can manage device authentication, secure storage, provisioning, a software bill-of-materials (SBOM), and over-the-air (OTA) updating, all in a single, cloud-based user environment. The system is highly secure against all known forms of cyber-attack and malware, and enables rapid, device-specific responses to emerging common vulnerabilities and exposures (CVE) notices.
FoundriesFactory integration for full security protection
Arduino has met the requirements of the EU’s CRA by building the Linux microPlatform (LmP) and FoundriesFactory DevOps product from Foundries.io into the Portenta X8 SoM. This provides Portenta X8 users with a fully maintained Linux distribution – Arduino develops and provides updates to the Linux microPlatform operating system using the secure The Update Framework (TUF) compliant OTA updating utility in the FoundriesFactory product.
The Portenta X8 offers the comprehensive suite of security functions provided by the Linux microPlatform and FoundriesFactory platform, including:
- Secure boot
- A trusted execution environment
- Remote attestation
- Key installation
- Cloud authentication
- TUF-compliant secure OTA updating
- A SBOM that is automatically generated after every software update
The complexity of implementing all these capabilities is overcome with Foundries.io software easily configured and deployed on the Portenta X8. The X8 Board Manager tool provides a visual interface that ensures a user experience familiar to users of the Arduino EE development environment.
John Weil, Chief Marketing Officer of Foundries.io, said: “Normally, SoM manufacturers supply their boards with a sample Linux distribution that is not maintained after shipment to the customer, and with none of the security infrastructure such as an SBOM tool and OTA update utility required to maintain device security for life.
“Thanks to the capabilities of the FoundriesFactory platform implemented by Arduino, the Portenta X8 has become the first SoM to provide a straightforward path to full compliance with the EU’s CRA, right out-of-the-box.”
Fabio Violante, CEO of Arduino, said: “When deploying Linux based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end. This spans from Hardware and Firmware to the Linux distribution and device management with FoundriesFactory technology. This allowed us to be naturally CRA compliant from the very beginning.”