Green Hills Software announced at this month’s Embedded World in Nuremberg a production-proven set of foundational software components to help manufacturers of digital products comply with regulations for the EU’s Cybersecurity Resilience Act (CRA).

The platform not only supports compliance with CRA requirements but also enables cost savings by reducing the number of security-related updates in deployed products over their operational lifetimes.

The platform can help manufacturers address core principles of CRA regulations across the entire product lifecycle, including security by design, cyber-security risk assessment, vulnerability handling and reporting, secure updates over the product lifetime, and software bill of materials (SBoM) and third-party components.

At the core of the platform is the Integrity real-time operating system (ghs.com/products/rtos/integrity.html), architected from its inception to meet stringent security requirements. Its separation kernel has undergone penetration testing and is independently proven to isolate software components securely.

By reducing code that executes in kernel space, Integrity shrinks the attack surface while providing provable separation and freedom-from-interference for applications, drivers, the Integrity kernel and guest operating systems such as Linux. As a result, no vulnerabilities have been reported for the Integrity kernel in its 28 years of deployments.

Integrity has been deployed in millions of products across automotive, avionics, mobile, industrial, IoT, medical and railway sectors. It has been certified for ISO 26262, DO-178B, ISO/SAE 21434, IEC 61508 and EN 50128/50657, and is supported by cyber-security and safety manuals for system developers.

The platform integrates secure boot and cryptographically verified image signing to protect devices from the first instruction executed. Based on the Cypherbridge integrated suite of products for device lifecycle management, the platform for CRA includes image signing (Cypherbridge WSLAM), over-the-air updates via CDX server and client, and image verification and secure boot with uLoadXL.

Together, these components, and optionally other partners in the Green Hills ecosystem, provide secure device lifecycle management, enabling safe updates and maintenance over the product’s operational life.

Green Hills’ internal product security incident response team handles security advisories and manages responses and customer communications.

Manufacturers benefit from the company’s flexible long-term maintenance options, including feature updates and security patches for the life of the product, ongoing vulnerability reporting and remediation, and detailed security change logs and patch documentation

To address CRA regulation requirements related to Integrity and third-party components, Green Hills provides an SBoM for Integrity and a framework to isolate middleware and third-party software from security-critical components. Configuration tools for Integrity-based systems provide an auditable security policy governing the capabilities of each software component in the system.

Green Hills offers security analysis tools for developers to use while writing their C, C++ and Rust application code.

Founded in 1982, Green Hills Software (www.ghs.com) specialises in embedded safety and security. It is headquartered in Santa Barbara, California, with European headquarters in the UK.