Thanks to devices like Raspberry Pi, an IoT prototype is quickly built, but the path to production readiness is challenging: money, certifications, security, and automation make productization complex. New platforms like FoundriesFactory aim to simplify this process.
Easy tinkering: A Raspberry Pi greatly simplifies the prototyping of IoT devices.
(Image: Benjamin Nelan, Pixabay)
We live in a Raspberry Pi world. For developers of connected embedded and IoT devices, it has never been easier or cheaper to configure a hardware platform based on a powerful microcontroller or microprocessor, connect some shield boards for input and output devices like sensors and touchscreens, and then start writing code. Thanks to developer-friendly hardware manufacturers like Raspberry Pi, Arduino, and MIKROE, tools and languages such as VS Code and Python, and libraries with open-source software, including the Linux operating system, anyone with some technical know-how and a groundbreaking product idea can develop a functional prototype faster and more cost-effectively than ever before.
This means there will certainly be no shortage of IoT prototypes. But does that also mean we’ll soon see a wave of market-ready IoT products? Probably not. The process of productization—the step from prototype to mass production—is complex, expensive, and risky. A functioning prototype is far from a marketable product. For this reason, it can be advantageous for developers to become as familiar with tools and frameworks for productization as they are with Raspberry Pi and other tools and frameworks for product development.
The Challenges in Productizing IoT Devices
Developers face financial, technical, organizational, and legal hurdles on the path to mass production. Perhaps the biggest obstacle to the productization of IoT devices is money. Since the aforementioned tools and resources are readily available, a prototype can be created with minimal effort in addition to the salaries of development engineers. Productization, on the other hand, requires capital to finance investments such as tools and machinery needed for product assembly, as well as to pay for upfront costs like certification services.
When the capital is available, the technical challenge follows: a lab setup must become a reproducible, scalable product. Many steps that are performed manually and once in the lab must now be automated and standardized for mass production.
In the development lab, for example, the engineer can take as much time as needed to load the device firmware onto the prototype hardware. In production, however, flashing a "golden image" of the device firmware onto each production unit involves complex requirements, including:
Reliability and error handling: The system must reliably transfer and verify the firmware to prevent devices from becoming inoperative. Robust mechanisms for error detection, logging, and correction are crucial to ensure production efficiency and minimize waste caused by manufacturing defective production units.
Speed and throughput: In high-volume production, flashing must be done quickly. This requires efficient data transfer protocols and the ability to flash multiple devices simultaneously.
Security and Integrity: The production process itself presents a vulnerability to malware and cyberattacks. The system must protect the golden image from unauthorized access or modification and verify the integrity of the flashed firmware on the device. This includes secure boot mechanisms, cryptographic checks, and strict control over access to the programming system itself.
"Security By Design"
Security is indeed one of the greatest challenges in productization: the biggest mistake IoT product developers can make is neglecting the need for IoT device security until the prototype design is finalized. Implementing security features such as secure boot, secure key and data storage, over-the-air (OTA) update capability, and secure connectivity retrospectively can severely disrupt a working product design. We have often seen that the late development of essential security features has led to catastrophic delays and costs because developers were forced to undo and redesign aspects of a functional system that no longer worked after implementing secure boot or other security measures.
But let’s assume the device is secure: before a prototype can be deemed market-ready, it must be certified for compliance with relevant standards and regulations, such as the EU’s Radio Equipment Directive, the CE marking, and RoHS regulations (Regulation on Hazardous Substances). Comparable regulations and requirements apply in most other markets worldwide. The effort required for regulatory compliance and testing of new products can surprise new IoT device developers who have not yet experienced how expensive and time-consuming this process can be.
And it should not be forgotten that productization is not just about bringing a product to mass production. The manufacturer’s responsibility for the product extends well beyond delivery. Some manufacturers have always taken responsibility for the customer’s user experience after delivery, often because they understand the impact on the manufacturer’s brand. With the European Union’s Cyber Resilience Act, post-shipment maintenance has become a necessity for all companies manufacturing or marketing products within the EU. This makes IoT device manufacturers responsible for promptly providing patches for devices in the field that are exposed to known cyber threats.
This requires not only OTA updates but also additional features such as fleet management and the automatic generation of a Software Bill of Materials (SBOM).
Tools And Frameworks for Productization
While there are countless tools, frameworks, and communities for development, productization remains a blind spot. Only a few manufacturers provide support for partial processes like firmware flashing or security provisioning—usually limited to their own chips.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
To be fair, some manufacturers and suppliers do offer support for specific parts of the productization process. In particular, MCU and MPU manufacturers support their products with documentation and guidance to assist processes such as firmware flashing and securing. However, these guidelines are specific to their products and cannot be generalized to the entire category of IoT devices.
Recently, chip manufacturers have also started offering turnkey security services that allow IoT device manufacturers to outsource tasks such as equipping their products with private keys—the Optiga Trust Service from Infineon is one example. Similarly, the secure provisioning of Qualcomm Wireless Edge Services (WES) enables the generation and use of cryptographic keys applied or activated through unique device keys. These keys are used to securely deploy data to the device after sale and over-the-air and to sign data on the device.
The range of challenges in productization described above requires a broader environment that provides a framework for managing the transition of a product idea from development to production, device management, updates, and even secure decommissioning.
This overarching framework requires more than what a single tool or service can provide: this was the goal behind the creation of the FoundriesFactory platform by Foundries.io for Linux OS-based embedded devices. The platform orchestrates a range of open-source tools, such as Docker for container development and The Update Framework (TUF) for OTA updates, around a comprehensive and granular database for code and device identities. This enables a CI/CD process (Continuous Integration/Continuous Development process) supported by rollback functions and the automatic generation of SBOMs for each production unit.
At every step along the way from prototype development to decommissioning, the codebase, security, and update status of the product are automatically recorded. This information is readily available to support the automation of processes such as firmware flashing, exposure assessment, and OTA updates.
And a practical interface between the FoundriesFactory software and the Edge Impulse platform for the development, compilation, and installation of edge AI models ensures that the growing number of AI-enabled IoT products can equally benefit from productization support.
Such a platform to support productization does not completely eliminate the challenges described above. Productization is and will always remain a challenge. However, a device data framework integrated with a coherent set of tools for essential security, device management, and production functions allows security to be built into the development process right from the beginning, ensuring that the prototype—the expression of the developer's brilliant idea—can be brought to market as smoothly and quickly as possible. (mc)
* Mike Scott is a senior engineer at the Qualcomm Innovation Center and a member of the Foundries.io team. Louis Moreau is an engineer and manager at Qualcomm France S.A.R.L.
Future-Proof Authentication with Universal RFID Readers
:quality(80)/p7i.vogel.de/wcms/af/1e/af1ec4fca4636f521f780ba0ae009c8e/bild3-werkst-c3-bcck-20und-20werkzeug-5204x2928v1v1.jpeg "The main area of application for the new axial gear cutting machine is the production of rotor shafts for electric vehicles. (Image:Profiroll Technologies)")
:quality(80)/p7i.vogel.de/wcms/d1/ab/d1ab452217529e5c29a81add9aca7c22/0128871322v1.jpeg "Only one year to go: the new EU Machinery Regulation makes cybersecurity mandatory. Companies should act now. (Picture: ©Pisit - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/88/53/8853f7df2fe47a3d2c6f1879f6ac38e6/newsimage417073-1500x843v1v1.jpeg "Measuring setup for friction stir welding: Modular acoustic measuring system with flexibly positioned microphones for recording tool wear and process deviations in real time. (Image:Fraunhofer IDMT)")
:quality(80)/p7i.vogel.de/wcms/28/75/28751a17e2bcca46e53a1e7b8a84c433/schmersal-tiepner-029-6749x3796v1v1.jpeg "Tiepner's compact system produces ID cards made of laminated plastic, which are used as customer cards, ID cards or cheque cards, among other things. Left in the picture: Christian Höltge, Managing Director of Tiepner GmbH. (Image:Tiepner GmbH)")
:quality(80)/p7i.vogel.de/wcms/cd/fe/cdfe212a3b3206e2ff09dcdf71c11240/0129219561v1.jpeg "Extended S-series: The new Cobot models from Omron lift up to 30 kilograms and are now also protected against dust and water thanks to protection class IP65. (Image:Omron)")
:quality(80)/p7i.vogel.de/wcms/c3/6d/c36d161e7709095fd1de4cb9de27d927/0129133682v1.jpeg "Nanjing is Siemens' largest research and production center for CNC systems, drives and electric motors outside Germany. (Image:Siemens)")
:quality(80)/p7i.vogel.de/wcms/70/dc/70dc2fbc09e6958a72c63bd15e986e14/0129206156v1.jpeg "The global shoe machine manufacturer Desma relies on automation and has been revolutionizing shoe production—together with ABB Robotics for over 40 years. (Image:ABB Robotics)")
:quality(80)/p7i.vogel.de/wcms/60/fd/60fd12ddfe1fb623568736f27d1cfe61/0128606899v1.jpeg "The future of supply chains: AI and dashboards to ensure optimal OTIF values (Picture: ©immimagery - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/39/38/393873c2ed943bb715a6419d94049b63/geralt-entrepreneur-1340649-1280-1280x720v1v1.jpeg "Visual Components presents its forecast for production simulation in 2026. (Image:Pixabay)")
:quality(80)/p7i.vogel.de/wcms/60/4e/604e2a1ce26f177c5f28c2bff94c2f7d/der-20rotor-20mit-20aktiv-20verwindbaren-20rotorbl-c3-a4ttern-20im-20windkanal-1920x1079v1v1.jpeg "The rotor with actively twistable rotor blades in the wind tunnel: The open measuring section and sound-absorbing wall and model fuselage cladding enable high-quality acoustic measurements. (Image:DLR)")
:quality(80)/p7i.vogel.de/wcms/a8/9a/a89aef1cba3843fa06a1ec1f07cf659b/adobestock-95634179--c2-a9-20crazyforanimeart-20-e2-80-93-20stock-adobe-com-4762x2678v1v1.jpeg "Copied from the octopus: Researchers have developed a film-like thin-film platform that can dynamically change not only its color but also its surface structure. (Image:AdobeStock_95634179_ CrazyForAnimeArt)")
:quality(80)/p7i.vogel.de/wcms/2b/fb/2bfbb9fa26274cb8f6e8979c24a3d08e/0129243542v1.jpeg "In some cases, the new additively manufactured lightweight bearings only reach
11 percent of the weight of comparable steel bearings. (Image:Rosswag Engineering)")
:quality(80)/p7i.vogel.de/wcms/25/11/25111828d56b46dc0dc3b717ac2dfcfa/0129276081v1.jpeg "According to media reports, Ford is negotiating with Geely about cooperation in production and technology. (Image:Ford)")
:quality(80)/p7i.vogel.de/wcms/b7/2d/b72dfd1458e86652491018914478cb00/0129259253v1.jpeg "The green belt of VW Palmela - including two geothermal fields and a new paint shop. (Image:VW Group)")
:quality(80)/p7i.vogel.de/wcms/cb/76/cb76d0c686e8dbc8b0e0b6961e3849c7/0129249515v1.jpeg "The Chinese Ministry of Industry and Information Technology has developed binding standards for retractable vehicle door handles. (Image:BYD)")
:quality(80)/p7i.vogel.de/wcms/42/0a/420a796e6b9d9e3bf27d89d4fe425d84/0129264331v1.jpeg "Polestar presented the new Model 5 live. (Image:Polestar)")
:quality(80)/p7i.vogel.de/wcms/6f/8f/6f8ff5bf9b81829ef22736bc790cecca/0129224894v1.jpeg "View of the quantum optics laboratory at the University of Stuttgart: here, researchers are experimenting with new photon sources for quantum computing and quantum networks. (Image:Barz Group, University of Stuttgart)")
:quality(80)/p7i.vogel.de/wcms/52/3a/523ac3157ae4b4f596c7241c89127061/0129260553v1.jpeg "This artistic illustration shows a thermal analog calculator that performs calculations using excess heat and is embedded in a microelectronic system. (Image:Jose-Luis Olivares, MIT)")
:quality(80)/p7i.vogel.de/wcms/d1/f4/d1f4508c6b79ec2f0432b34a6fa33a98/0114966184v1.jpeg "The Infineon headquarters Campeon in Neubiberg, Munich. (Image:Infineon)")
:quality(80)/p7i.vogel.de/wcms/fa/d3/fad3872cf3f110f43411f2dce9e8f23a/0129265762v1.jpeg "Siemens Energy has discovered the USA as a prosperous growth market for network technology and gas turbines! In order to be able to meet demand at some point, the company is already digging deeper into its pockets ... (Image:Siemens Energy)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80):fill(efefef,0)/p7i.vogel.de/wcms/67/ae/67ae0b9ac31f8/elatec-wp-universal-reader.png "Elatec WP Universal Reader")
:quality(80)/p7i.vogel.de/wcms/de/75/de750a367b39ed3167210c6941b067b6/0129059153v1.jpeg "Figure 1: Preparation for the Cyber Resilience Act. By December 2027, device manufacturers must have implemented a series of mandatory measures. (Image:Microchip)")
:quality(80)/p7i.vogel.de/wcms/ba/d4/bad4381a8d47b890932f93bc4dfbdfed/0111323802v1.jpeg "Software functions are visible on the displays. However, a comprehensive IT system is needed to coordinate all systems with each other. There are different operating systems for this. (Image:Volkswagen AG)")