MYC-LF25X: Built-in Full-Stack Security for Seamless CRA & IEC 62443 Compliance
2025-12-25
18
As cybersecurity threats intensify, new regulations are redefining compliance for equipment manufacturers. The EU's Cyber Resilience Act (CRA) and the industrial security standard IEC 62443 have made security a non-negotiable foundation of product design, no longer just an option.
To address this critical industry need, MYIR introduces the MYC-LF25X System-On-Module. Built on STMicroelectronics' STM32MP257F processor, which has achieved SESIP Level 3 certification and delivers a full-stack, verifiable security architecture. From a hardware-based Root of Trust to application-level protection, every layer is purpose-built to mitigate risks and simplify compliance. The MYC-LF25X provides developers with a robust and efficient solution for creating safety-critical applications that meet international regulations and industry standards, accelerating time-to-market without compromising security.
1. The Foundation of Compliance: Why the MYC-LF25X is Your Smart Choice?
The CRA mandates that connected products must feature "built-in security," manageable vulnerabilities, and sustainable update capabilities. The IEC 62443 standard, particularly IEC 62443-4-2 (Component Safety Requirements), provides a concrete, actionable technical framework for achieving these objectives. The design and ecosystem of MYC-LF25X directly address these core requirements:
Hardware-Based Trust Anchor
At the heart of the MYC-LF25X lies the STM32MP257F processor, which is certified to SESIP Level 3. This means its hardware and Root of Trust firmware have undergone rigorous white-box vulnerability analysis by independent laboratories, providing a solid foundation for your product's overall certification (e.g., for CRA, RED) and significantly simplifying the compliance process.
Security Features Mapped to Standards
Every security feature of the MYC-LF25X is designed with IEC 62443-4-2 in mind. The module's capabilities directly map to key Component Requirements (CR) and Embedded Device Requirements (EDR), transforming compliance from a theoretical paper exercise into a practical, implementable reality. This alignment helps manufacturers build certified products faster, with confidence.
2. How the MYC-LF25X Security Architecture Meets Key Compliance Requirements
Regulatory / Standards Core Requirements | MYC-LF25X Corresponding Function | Technical Summary & Compliance Value |
CRA/IEC 62443 FR 3: System Integrity | Secure Boot Chain | Starts from immutable ROM code, performing step-by-step ECDSA digital signature verification for TF-A, U-Boot, and the OS kernel, ensuring only authorized firmware can execute. Satisfies IEC 62443-4-2 CR 3.4 (Integrity) and EDR 3.14 (Boot Integrity). |
CRA/IEC 62443 FR 4: Data Confidentiality | Hardware Crypto Engines & Secure Storage | Integrates SAES, PKA, HASH, and RNG hardware accelerators, providing high-performance assurance for encryption, signing, and key generation. Combined with OP-TEE secure storage (REE-FS) and a multi-layered key hierarchy derived from the Hardware Unique Key (HUK), it protects sensitive data. Satisfies CR 4.1 (Information Confidentiality). |
CRA/IEC 62443 FR 5: Restricted Data Flow | Arm TrustZone & Resource Isolation Framework (RIF) | Hardware-based partitioning into Secure and Non-secure worlds. RIF provides granular access control over peripherals and memory, enforcing the principle of least privilege. (e.g., a specific GPIO can be configured for Secure-world access only). Satisfies isolation and access control requirements. |
CRA/Vulnerability Management & Updates | Secure OTA Updates | Integrates RAUC client and HawkBit server support, enabling signed and verified remote secure updates and rollback, ensuring timely vulnerability patching. Aligns with the Security Update Management (SUM) practice in IEC 62443-4-1. |
IEC 62443-4-1 Secure Development Lifecycle | Complete Development Toolchain & Guides | Provides comprehensive practical guides and Yocto integration support covering key generation, manual/automated signing & encryption, OTP programming, and secure image updates, helping teams implement secure development processes. |
IP Protection & Secure Production | Secure Provisioning (SSP) Support | Supports secure OEM key injection in untrusted production environments via the STM32HSM-V2 hardware security module, preventing overproduction and IP leakage. Aligns with the "Secure Manufacturing" function within the STM32Trust framework. |
3. Choose the MYC-LF25X, Get Far More Than Just a Chip
Choosing the MYC-LF25X means selecting a certified, ecosystem-ready security foundation.
1) Accelerated time-to-market:
Pre-integrated security features and automated toolchain (STM32CubeProgrammer, Yocto) dramatically reduce the development cycle for in-house security infrastructure.
2) Reduces Risk & Cost:
The SESIP Level 3 certified hardware foundation streamlines end-product certification, while the mature SSP solution ensures long-term protection of your production investment.
3) Trust That Lasts:
With an architecture built on open standards like OP-TEE and secure OTA updates, your product stays maintainable and adaptable across its entire lifecycle.
In an era when cybersecurity compliance is a market entry requirement, the MYC-LF25X gives you a strategic head start. By embedding security at the hardware level, this comprehensive solution integrates the STM32 Trust framework, meets IEC 62443 technical specifications, and upholds the legislative intent of the CRA. Choose the MYC-LF25X as the trusted core for your next-generation smart devices and turn compliance complexity into confidence, so you can focus on delivering greater product value.
For more information about the MYC-LF25X System-On-Module, visit the product page:
https://en.myir.cn/STM32MP257/146.html
2026-03-04
MYIR Launches Low-Power TI AM62Lx-based SoM for Industrial & IoT, Featuring 3x CAN-FD and 8x UART
MYIR has launched the MYC-YM62LX System-on-Module (SoM) based on the Texas Instruments AM62Lx processor (AM62L32BOGHAANBR), alongside its development board, the MYD-YM62LX.
2026-01-04
MYIR Launches Upgraded ARM+FPGA System-On-Module Based on AMD Zynq UltraScale+ MPSoC
MYIR launches its new high-performance MYC-CZU3EG-V3 System-On-Module (SOM), powered by the AMD Zynq UltraScale+ ZU3EG MPSoC.
2025-11-07
SDK Updates: MYC-YF13X/MYC-LD25X
SDK Update Notice for STM32MP135 and STM32MP257 SOMs
2025-10-20
SDK Updates: MYC-LR3568/MYC-LR3576/MYC-Y7Z010/20-V2
SDK Updates for Xilinx Zyqn-7010/20 and Rockchip RK3568/3576 SOMs
2025-08-14
SDK Updates: MYC-C7Z010/20-V2 and MYC-YT113i
SDK Update Notice for AMD/Xilinx Zynq-7010/20 and Allwinner T113-i SOMs
2025-08-05
SDK Updates: MYC-LR3576/MYC-YR3562/MYC-YR3506
SDK Update Notice for Rockchip RK3576/3562/3506 based SOMs and Development Boards
2025-05-27
MYIR Unveils i.MX 91-Based SOM to Power Next-Gen Smart Devices
MYIR today announces the launch of its latest embedded computing solution, the MYC-LMX91 SOM, powered by NXP's i.MX 91 processor.
2025-05-19
T527 IPC BOX: Elevating Edge Computing Solutions
MYIR has unveiled the MYD-LT527-GK-B IPC Box, following the launch last year in early July of the MYC-LT527 System-on-Module (SoM). This IPC Box presents an exceptional solution for edge computing applications.
2025-05-12
T113-i IPC BOX:Your Reliable Gateway Solution with Isolation Protection
MYIR has introduced the MY-EVC700S-V2 IPC Box, which is using Allwinner’s T113-i MPU to offer a cost-effective solution for industrial gateway applications require stringent operating conditions, stable reliability, and isolation protection performance.