MontaVista Embraces Embedded Security: CGX Enablement for ARM SystemReady & Solutions Addressing EU Cybersecurity Act


MontaVista’s Carrier Grade eXpress Linux (CGX) now supports ARM SystemReady to enable ARM-platform -agnostic secure embedded implementations. MontaVista also announces the intent to provide EU Cybersecurity Act-compatible services through MVSecure and CGX.


Nuremberg, Germany, 14 March 2023 –– MontaVista® Software, LLC, a leader in commercial Embedded Linux® products and engineering services, announces an extension to their existing capabilities for helping customers build secure products with MontaVista solutions.

CGX, the leading commercial embedded Linux solution, now supports a reference BSP for ARM SystemReady that allows all SystemReady compliant hardware platforms to utilize CGX. Currently, CGX is enabled to run on reference BSPs across a multitude of System-on-Chip (SoC) platforms across the x86/IA, ARM, PowerPC, and MIPS architectures. The ARM SystemReady approach allows multiple platforms that use ARM to share an operating system binary image – which in turn greatly increases the synergy effects customers can gain from CGX.

One key aspect of ARM SystemReady is security, building on the root of trust setup in the hardware. To help our customers leverage this, MontaVista is building a specific service package to address the EU Cybersecurity Act with our previously announced MVSecure productized service offering.

The MVSecure Services for the EU Cybersecurity Act allow MontaVista and the customer to collaboratively review all the use-cases and the explicit security requirements on the platform. These Services also provide a plan based on known good practices for addressing the security requirements and the EU Cybersecurity Act.

Customers choosing the CGX ARM SystemReady BSP and/or the MVSecure Services also benefit from the generic values of the CGX distribution built over 20 years of development:

  • Use-case specific optimizations/customization by using the Yocto Project approach for building from source for maximum flexibility
  • Long-term support, CVE and defect support and maintenance
  • Advanced features, expert support, and architecture partnership

Both the CGX ARM SystemReady reference BSP and the MVSecure process for the EU Cybersecurity Act are available for customers immediately.


Supporting Quotes:

“It’s a milestone for the ARM ecosystem to be able to reuse the binary content between embedded platforms, and it provides great synergy to our customers together with CGX”, said Iisko Lappalainen, Director of Product Management at MontaVista Software. “With the long-term security maintenance lifecycle and the MVSecure Services we continue to push further on the path to make embedded Linux the most secure choice in the marketplace. The EU Cybersecurity Act provides a fantastic initiative to the market, and we are ready to help our customers though the challenge.”

MontaVista is inviting interested parties to contact MontaVista at and/or visit for more information.