
First system on module to meet new EU IoT security law

Security software from Foundries.io has been ported to the Arduino Portenta X8 board to create the industry’s first system-on-module (SoM) to meet all the requirements of the European Union’s Cyber Resilience Act (CRA).
The CRA specifies a minimum set of features to be mandatory for IoT security for devices marketed in Europe from 2025. The legislation requires device OEMs to build in functionality to secure each device, its software and its connections.
An OEM must also be able to rapidly identify and fix any exposures to a known vulnerability in any production device in the field, for the full lifespan of those devices.
The Foundries.io software allows developers using the Portenta X8 SOM can manage device authentication, secure storage, provisioning, a software bill-of-materials (SBOM), and over-the-air (OTA) updating, all in a single, cloud-based user environment. The system is highly secure against all known forms of cyber-attack and malware, and enables rapid, device-specific responses to emerging Common Vulnerabilities and Exposures (CVE) notices.
- Arduino launches nine core module for edge AI .
- Unifying the fragmented embedded product lifecycle
- Arduino joins AWS Partner Network to bridge hardware and cloud
The Linux microPlatform (LmP) and FoundriesFactory DevOps software provides a fully maintained Linux distribution where Arduino develops and provides updates to the Linux microPlatform operating system using the secure The Update Framework (TUF) compliant OTA updating utility in FoundriesFactory.
This provides secure boot, a trusted execution environment, remote attestation, key installation, cloud authentication and TUF-compliant secure OTA updating, automatically generating a software bill of materials after every update for enhanced IoT security.
The X8 Board Manager tool provides a visual interface that ensures a user experience familiar to users of the Arduino EE development environment.
‘Normally, SoM manufacturers supply their boards with a sample Linux distribution that is not maintained after shipment to the customer, and with none of the security infrastructure such as an SBOM tool and OTA update utility required to maintain device security for life,” said John Weil, Chief Marketing Officer of Foundries.io.
“Thanks to the capabilities of the FoundriesFactory platform implemented by Arduino, the Portenta X8 has become the first SoM to provide a straightforward path to full compliance with the EU’s CRA, right out-of-the-box.”
Fabio Violante, CEO of Arduino, said: “When deploying Linux based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end. This spans from Hardware and Firmware to the Linux distribution and device management with FoundriesFactory technology. This allowed us to be naturally CRA compliant from the very beginning.”
foundries.io/; www.arduino.cc/pro/hardware-product-portenta-x8.
