Arduino Board with Foundries.io Security Technology Offers Out-of-the-Box Compliance with EU Cyber Resilience Act

The Arduino Portenta X8, a system-on-module (SoM) for high-performance embedded computing applications, is now the world's first SoM to offer out-of-the-box compliance with the European Union's Cyber Resilience Act (CRA). Foundries.io, a provider of cloud-native development and deployment DevOps solutions for secure IoT and Edge devices, has teamed up with Arduino to provide users of the Portenta X8 with a ready-made system that offers the full set of hardware and software security and operational features required for compliance with the CRA for the lifetime of each device. Developers who use the Portenta X8 SOM can manage device authentication, secure storage, provisioning, a software bill-of-materials (SBOM), and over-the-air (OTA) updating, all in a single, cloud-based user environment. The system is highly secure against all known forms of cyber-attack and malware, and enables rapid, device-specific responses to emerging Common Vulnerabilities and Exposures (CVE) notices.

FoundriesFactory integration for full security protection. Arduino has met the requirements of the EU's CRA by building the Linux microPlatform™ (LmP) and FoundriesFactory® DevOps product from Foundries.io into the Portenta X8 SoM. This provides Portenta X8 users with a fully maintained Linux distribution – Arduino develops and provides updates to the Linux microPlatform operating system using the secure The Update Framework (TUF) compliant OTA updating utility in the FoundriesFactory product. The Portenta X8 offers the comprehensive suite of security functions provided by the Linux microPlatform and FoundriesFactory platform, including: Secure boot, A trusted execution environment, Remote attestation, Key installation, Cloud authentication, TUF-compliant secure OTA updating, A SBOM that is automatically generated after every software update. The complexity of implementing all these capabilities is overcome with Foundries.io software easily configured and deployed on the Portenta X8. The X8 Board Manager tool provides a visual interface that ensures a user experience familiar to users of the Arduino EE development environment. John Weil, Chief Marketing Officer of Foundries.io, said: 'Normally, SoM manufacturers supply their boards with a sample Linux distribution that is not maintained after shipment to the customer, and with none of the security infrastructure such as an SBOM tool and OTA update utility required to maintain device security for life. Thanks to the capabilities of the FoundriesFactory platform implemented by Arduino, the Portenta X8 has become the first SoM to provide a straightforward path to full compliance with the EU's CRA, right out-of-the-box.' Fabio Violante, CEO of Arduino, said: "When deploying Linux based edge devices, security cannot be an afterthought. That's why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end. This spans from Hardware and Firmware to the Linux distribution and device management with FoundriesFactory technology. This allowed us to be naturally CRA compliant from the very beginning."