Arduino Portenta X8 achieves EU’s Cyber Resilience Act (CRA) compliance

Foundries.io, in collaboration with Arduino, has integrated its security software into the Portenta X8, making it the first system-on-module (SoM) to achieve CRA Compliance with the European Union’s Cyber Resilience Act (CRA).

Last year, we covered the Portenta X8, Arduino’s first board with an Arm processor running Linux with expansion capabilities with add-ons such as the Portenta HAT Carrier Board, and you’ll find more details about the hardware in those posts.

Foundries.io has successfully integrated its security software with the Arduino Portenta X8, creating the first system-on-module (SoM) compliant with the European Union’s Cyber Resilience Act (CRA).

This new EU’s CRA specifies minimum security for all IoT devices in Europe from 2025. This includes:

  • Establish standards for secure products with digital elements throughout the EU.
  • Require manufacturers to focus on security at every stage of a product’s life.
  • Increase user awareness of a product’s cybersecurity features.
  • Demand that Original Equipment Manufacturers (OEMs) quickly address vulnerabilities in devices already in use.
  • All these rules will be applicable for the full lifespan of the devices.

Under the upcoming EU regulations, all digital products must meet new security standards, except for specific categories like certain medical devices, aviation equipment, and motor vehicles. Depending on their risk levels, some products will require an independent security check. Additionally, OEMs need to ensure these products pass these security assessments. The EU countries will oversee the enforcement of these rules with support from the Commission. Moreover, there’s a special cybersecurity certificate for products that are labeled “highly critical” and need extra security. EU estimates that this new rule could save €180-290 billion each year by cutting down on cyberattacks.

To ensure that the Arduino Portenta X8 CRA is compliant with all these new EU rules, Foundries.io and Arduino have collaborated to implement security improvements to the Portenta X8 SoM. Foundries.io provides cloud-native development and deployment solutions for secure IoT and edge devices and Arduino provides the hardware. With this, users of Portenta X8 SoM can easily handle device security, data protection, and software management efficiently in a single, cloud-based environment. It will also offer additional security against all known forms of cyber-attack and malware, and ensure quick responses to new security vulnerabilities.

The Portenta X8 offers a suite of security functions provided by the Linux micro Platform and FoundriesFactory platform, including:

  • Secure boot
  • A trusted execution environment
  • Remote attestation
  • Key installation
  • Cloud authentication
  • TUF-compliant secure OTA updating
  • A SBOM that is automatically generated after every software update

The complexity of implementing all these capabilities is made easier with Foundries.io’s software interface and the X8 Board Manager tool offers a user-friendly visual interface, compatible with the familiar Arduino IDE.

Fabio Violante, CEO of Arduino, said: “When deploying Linux-based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end. This spans from Hardware and Firmware to the Linux distribution and device management with FoundriesFactory technology. This allowed us to be naturally CRA compliant from the very beginning.”

You can learn more about the features of the FoundriesFactory platform and the Linux micro platform at the Foundries.io website. Information about the Cyber Resilience Act and the whole EU Cybersecurity Regulation Proposal for Digital Products can also be found online.

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX RK3588 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
4 Comments
oldest
newest
Upgrade pi-top [3]
Upgrade pi-top [3]
10 months ago

Looks like the alternative approach to security that avoids “cloud nativism” is using Nix OS or GUIX SD.

jack
jack
10 months ago

scary, EU is becoming a dictatorship…

Upgrade pi-top [3]
Upgrade pi-top [3]
10 months ago

Try the UK

Midgy
10 months ago

Because they want more security for the end user ? Nice troll

Khadas VIM4 SBC