What Pavona Is and Why It Matters for IoT Security
Pavona is an open-source silicon distribution from GlobalPlatform that combines certification-ready security IP, secure roots of trust, and production-grade post-quantum cryptography to help designers build quantum-resistant IoT device security directly into their chips. Instead of treating protection as an afterthought, the platform moves decisions about cryptography, secure root of trust design, and certification paths into the earliest stages of silicon development. The distribution ships with two TSMC 3 nm taped-out reference root-of-trust designs, demonstrating that its concepts work on real hardware rather than remaining at a whiteboard level. For IoT manufacturers, this means they can start from silicon that is aligned with FIPS 140-3 and Common Criteria expectations, then focus on integration and lifecycle management. In practice, Pavona aims to turn secure-by-default silicon from a specialist luxury into a baseline option for a much wider set of device makers.
Open-Source Silicon Meets Secure Roots of Trust
Pavona is not just another open IP core; it is a modular open-source silicon framework that lets teams assemble security subsystems tuned to different architectures. Its curated IP library and composition engine allow designers to choose between elements such as a standalone secure element or an embedded secure root of trust without being locked into a single monolithic reference chip. Pavona launches with two silicon-proven designs: a standalone chip root of trust and an integrated root of trust for chiplet-based systems at TSMC’s 3 nm node. According to GlobalPlatform, the distribution is aligned with FIPS 140-3 and Common Criteria requirements, so the architecture is intended to support later certification efforts even though it does not grant automatic certification. For IoT device security, this approach means a secure root of trust can be built into microcontrollers, gateways, or edge accelerators using a common, open foundation.
Post-Quantum Cryptography Built Into the Silicon Stack
Pavona’s most notable contribution for IoT device security is its full classical and post-quantum cryptography stack baked into the distribution from day one. GlobalPlatform describes it as the first openly available post-quantum cryptography stack designed for embedded silicon, and the project incorporates years of hardware–software co-design work. At Real World Crypto 2026 in Taipei, ZeroRISC, the Max Planck Institute for Security and Privacy, and Academia Sinica reported 6–9x performance improvements for ML-KEM and ML-DSA post-quantum algorithms on embedded silicon, with 36–75% improvements in maximum operating frequency at near-zero area cost. That optimized PQC support is shipped as part of Pavona. For designers facing a future in which quantum-capable attackers can threaten today’s public-key schemes, integrating post-quantum cryptography at the silicon level offers a forward-looking way to protect device identities, firmware updates, and secure channels across long product lifecycles.
Changing IoT Design from Monolithic Chips to Composable Security
IoT security requirements differ between a tiny sensor node, a connected car controller, and an AI edge accelerator, yet many previous open efforts focused on fixed reference chips. Pavona instead promotes a composable model: integrators select and configure open-source silicon blocks to assemble a security subsystem suited to their performance, power, and area budgets. This is particularly relevant for resource-constrained IoT devices, where security, cost, and battery life must be balanced carefully. Designers can start from the TSMC 3 nm root-of-trust references and adapt them to older nodes or different process technologies, while retaining alignment with GlobalPlatform’s certification mindset. The inclusion of continuous integration dashboards and hardware-native CI workflows further lowers the barrier for teams that are new to open-source silicon. In effect, Pavona turns the secure root of trust from a bespoke project into a reusable subsystem that can be integrated across diverse IoT architectures.
Lowering Barriers for Smaller Manufacturers and Developers
For many smaller IoT manufacturers, building a secure root of trust and a post-quantum cryptography stack from scratch is beyond their budget and hardware security expertise. Pavona’s open-source silicon model, combined with GlobalPlatform’s neutral governance, aims to change that equation. The project provides full IP repositories, getting-started guides, and silicon-proven reference designs without tying integrators to a single proprietary vendor. Founding members such as Meta, Qualcomm Technologies, Tenstorrent, and the University of Oxford highlight how both industry and academia see value in a shared platform. For developers, this means access to certification-aligned building blocks for IoT device security, reducing time-to-market and the risk of design errors in critical cryptographic logic. As quantum computing advances and long-lived IoT deployments face new threats, Pavona’s approach offers a practical way to embed future-ready security into devices from first design, instead of bolting it on in later firmware updates.