Improving Supply Chain Visibility and Regulatory Compliance for Arm Firmware and Hardware

This 24-minute conference talk explores how OEMs can prepare for mandatory cybersecurity regulations like the EU Cyber Resilience Act (CRA) by improving supply chain visibility for Arm firmware and hardware. Learn about the standards-based approaches being developed by the open source community to enhance supply chain harmonization and regulatory compliance. Discover how to integrate these standards into firmware build pipelines to provide better provenance tracking and compliance status monitoring throughout product lifecycles. The presentation covers relevant standards in a production CI/CD context and explains how supply chain artifacts—including SBOMs, HBOMs, reference measurements, and platform manifests—contribute to creating a CRA-compliant firmware delivery framework. Gain insights into how regulatory requirements are driving greater process transparency and improved visibility of firmware and hardware provenance for various stakeholders.