Designing cyber resilience at the hardware edge

A collaborative reference architecture for secure industrial devices

Cybersecurity has become a foundational requirement for industrial devices and connected systems. 
Beyond protecting data and ensuring compliance, manufacturers are increasingly expected to design devices that are resilient by construction: able to start securely, preserve integrity, and maintain trust throughout their operational lifecycle. 
With this objective, Exor International, Corvina, Lattice Semiconductor and TrustiPhi collaborated to develop a Cyber Resilience Reference Kit: a complete, working security architecture that brings together hardware-level resilience, secure boot, device identity and lifecycle security management. 
The intent was pragmatic and technical: demonstrate how cybersecurity principles can be engineered into real industrial devices, starting from hardware and extending up to system operation.

Cyber resilience as a hardware-first design principle

Today’s industrial threat landscape increasingly targets the lowest layers of the system:

• firmware manipulation and rollback attacks

• unauthorised Flash access

• cloned or impersonated devices

• compromised update paths

• supply-chain insertion of malicious code

Mitigating these risks requires security enforcement before software execution begins.
This makes hardware-rooted trust, deterministic boot behavior and controlled recovery mechanisms essential design elements.
The Cyber Resilience Reference Kit was therefore built around a hardware-centric security model, aligned with Exor International’s embedded system DNA and the FPGA-based security capabilities of Lattice Semiconductor.

Lattice Semiconductor enforces resilience through FPGA-based security

Lattice Semiconductor provides the hardware root of trust and resilience mechanisms at the core of the architecture. 
Within the kit, the FPGA is used to:

• Verify signed firmware during secure boot: The processor is held in reset until the firmware signature is validated, preventing execution of unauthorised code.

• Implement a dual-Flash boot architecture: Two independent Flash memories enable automatic fallback: if the primary image fails verification, the system reverts to a known-good firmware.

• Continuously monitor Flash access at runtime: The FPGA supervises memory activity to detect unauthorized access attempts during operation.

• Anchor cryptographic trust at hardware level: Keys and security primitives are protected within the FPGA, isolated from software attack surfaces.

This approach ensures that system integrity is enforced from power-on, creating a robust foundation for all subsequent security layers.

TrustiPhi manages device identity and security over the full lifecycle

While hardware resilience establishes trust, that trust must be managed, validated and managed over time. 
TrustiPhi contributes its expertise in security lifecycle management, enabling:

• Secure provisioning of device identities linked to hardware roots of trust

• Proper handling and storage of cryptographic keys

• Centralised management of certificate issuance, authentication and validation, and revocation in case of compromise

• Ongoing control of security posture across device lifecycles

Within the Cyber Resilience Reference Kit, a dedicated demo highlights key and certificate management flows, showing how secure devices are provisioned and continuously validated during operation. 
This lifecycle perspective is essential to move from isolated secure devices to trusted device fleets.

Exor International: from hardware security to industrial-grade implementation

In the Cyber Resilience Reference Kit, Exor International’s contribution focuses on turning hardware security concepts into a usable industrial system. 
EXOR has developed the microSOM uS10, an embedded module designed to simplify application development and reduce time to market. 
 
The module integrates, in a very compact form factor, an NXP i.MX8M Max combined with a Lattice FPGA connected via PCI Express. 
The uS10 solution is delivered with a complete Linux BSP including real-time patch and development environments such as JMobile (HMI software and industrial protocol connectivity) and Corvina XPLC (IEC 61131-3 SoftPLC). 
Using the uS10 module accelerates application development and helps streamline product certification for cybersecurity, in compliance with IEC 62443-4-1 / 4-2 standards. 
  
The microSOM uS010 SOM by Exor International is an ideal platform for Industrial Edge computing applications, delivering high performance, reliability, and scalability at the edge.  
 
Designed to meet the demands of modern industrial and embedded systems, the uS010 enables real-time data processing close to the machine, reducing latency and optimizing system efficiency. 
 
When combined with Corvina Platform, the microSOM uS010 offers full end-to-end integration, from the edge device to the cloud. Corvina Platform ensures a secure, encrypted connection that enables advanced remote monitoring and remote servicing, allowing operators and OEMs to access devices anytime, anywhere, in complete safety. 
 
Beyond connectivity, Corvina Platform extends the capabilities of the microSOM uS010 to comprehensive IoT services, including device management, application management, and lifecycle control. This seamless integration simplifies deployment, maintenance, and scaling of distributed edge devices, transforming the uS010 into a future-ready IoT and edge computing solution for real-time industrial applications.

Corvina and JMobile: applying hardware-rooted trust to industrial operation

While security originates at the hardware level, its value becomes tangible only when it is applied to real operational workflows. This is where JMobile and Corvina complete the Cyber Resilience Reference Kit architecture. 
JMobile acts as the operational runtime through which hardware-rooted trust is enforced during system operation. Within the kit, JMobile demonstrates how:

• devices are onboarded only after successful hardware identity verification

• communication is enabled exclusively for authenticated devices

• access to operational functions depends on the device’s trust status

A key element in this context is JMobile’s native support for more than 200 industrial communication protocols, including widely adopted standards such as OPC UA. This allows security policies based on hardware trust to be applied consistently across heterogeneous industrial environments, without requiring protocol-specific adaptations. 

Corvina extends this approach by providing centralised management and contextual visibility, enabling trusted devices and secure communications to be governed coherently over time. 

Together, JMobile and Corvina show how cyber resilience moves beyond boot and provisioning to become an integral part of everyday industrial operation, even in complex, multi-protocol industrial systems.

From secure devices to trusted industrial systems

For OEMs and system integrators alike, the real challenge today is not implementing isolated security features, but designing systems where trust can be established, verified and maintained end to end.
The Cyber Resilience Reference Kit addresses this challenge by providing a coherent architectural flow: 

• hardware-enforced system integrity at boot 

• strong, hardware-rooted device identity 

• managed certificates and security lifecycle 

• secure, authenticated communication during operation

This allows both device manufacturers and system designers to consider cybersecurity as a system property, rather than as a collection of defensive measures.
In practical terms, the architecture demonstrated by the kit enables industrial stakeholders to:

• evaluate secure-by-design approaches early in the development cycle

• reduce uncertainty when introducing hardware-based root of trust mechanisms

• align device security with operational and compliance requirements

• scale security concepts from single devices to distributed systems 

Rather than prescribing a fixed solution, the kit acts as a technical reference that supports informed design decisions across different roles and responsibilities.

A collaborative foundation for future secure applications

The Cyber Resilience Reference Kit is the result of a technically driven collaboration between partners with complementary expertise:

• FPGA-based hardware resilience and root of trust

• security lifecycle and identity management

• industrial embedded system design

• secure operational software and connectivity

Together, these elements form a shared technical foundation that can be adapted to different industrial contexts and requirements. 

Rather than positioning cybersecurity as a constraint, this approach enables it to become an architectural enabler—one that supports resilient devices, trusted systems and future-ready industrial applications.