Arduino Portenta X8 achieves EU's Cyber Resilience Act (CRA) compliance

Foundries.io, in collaboration with Arduino, has integrated its security software into the Portenta X8, making it the first system-on-module (SoM) to achieve CRA Compliance with the European Union’s Cyber Resilience Act (CRA).

Last year, we covered the Portenta X8, Arduino’s first board with an Arm processor running Linux with expansion capabilities with add-ons such as the Portenta HAT Carrier Board, and you’ll find more details about the hardware in those posts.

This new EU’s CRA specifies minimum security for all IoT devices in Europe from 2025. This includes:

Establish standards for secure products with digital elements throughout the EU.
Require manufacturers to focus on security at every stage of a product’s life.
Increase user awareness of a product’s cybersecurity features.
Demand that Original Equipment Manufacturers (OEMs) quickly address vulnerabilities in devices already in use.
All these rules will be applicable for the full lifespan of the devices.

Under the upcoming EU regulations, all digital products must meet new security standards, except for specific categories like certain medical devices, aviation equipment, and motor vehicles. Depending on their risk levels, some products will require an independent security check. Additionally, OEMs need to ensure these products pass these security assessments. The EU countries will oversee the enforcement of these rules with support from the Commission. Moreover, there’s a special cybersecurity certificate for products that are labeled “highly critical” and need extra security. EU estimates that this new rule could save €180-290 billion each year by cutting down on cyberattacks.

To ensure that the Arduino Portenta X8 CRA is compliant with all these new EU rules, Foundries.io and Arduino have collaborated to implement security improvements to the Portenta X8 SoM. Foundries.io provides cloud-native development and deployment solutions for secure IoT and edge devices and Arduino provides the hardware. With this, users of Portenta X8 SoM can easily handle device security, data protection, and software management efficiently in a single, cloud-based environment. It will also offer additional security against all known forms of cyber-attack and malware, and ensure quick responses to new security vulnerabilities.

The Portenta X8 offers a suite of security functions provided by the Linux micro Platform and FoundriesFactory platform, including:

Secure boot
A trusted execution environment
Remote attestation
Key installation
Cloud authentication
TUF-compliant secure OTA updating
A SBOM that is automatically generated after every software update

The complexity of implementing all these capabilities is made easier with Foundries.io’s software interface and the X8 Board Manager tool offers a user-friendly visual interface, compatible with the familiar Arduino IDE.

Fabio Violante, CEO of Arduino, said: “When deploying Linux-based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end. This spans from Hardware and Firmware to the Linux distribution and device management with FoundriesFactory technology. This allowed us to be naturally CRA compliant from the very beginning.”

You can learn more about the features of the FoundriesFactory platform and the Linux micro platform at the Foundries.io website. Information about the Cyber Resilience Act and the whole EU Cybersecurity Regulation Proposal for Digital Products can also be found online.

Debashis Das

Debashis Das is a technical content writer and embedded engineer with over five years of experience in the industry. With expertise in Embedded C, PCB Design, and SEO optimization, he effectively blends difficult technical topics with clear communication