Why Post-Quantum Security Now Matters for IoT Silicon
IoT security design is increasingly decided in silicon, long before firmware, cloud backends or mobile apps exist. Roots of trust, cryptographic accelerators and certification strategies are all locked in when the chip is taped out. At the same time, quantum computing now looms as a long-term threat to today’s public-key cryptography, raising the risk that data protected by classical algorithms could be decrypted in the future. For connected products expected to remain deployed for many years, this is not an abstract concern. Design teams need quantum-resistant encryption and post-quantum cryptography on their roadmaps now, so that devices shipping today can withstand tomorrow’s attacks. Until recently, however, production-grade post-quantum options for embedded silicon were largely proprietary or experimental, making it hard for resource-constrained IoT projects to adopt them with confidence.
Inside the Pavona Platform: Open-Source Silicon with Built-In Roots of Trust
GlobalPlatform’s Pavona platform answers this gap by packaging a full open-source silicon distribution focused on secure-by-default design. Rather than a single monolithic chip, Pavona offers a composable framework that combines a curated IP library, a composition engine and silicon-proven reference top-level designs. At its core are roots of trust that provide hardware-enforced identity, key protection and secure boot, anchored directly in the chip. The initial distribution includes two reference root-of-trust implementations that have already been taped out on a cutting-edge TSMC 3nm process: a standalone security chip and an integrated root of trust for chiplet-based architectures. Both are aligned with FIPS 140-3 and Common Criteria requirements, giving IoT and semiconductor teams a starting architecture intended to support future certification, while leaving product-level validation and integration evidence in the hands of implementers.
Production-Grade Post-Quantum Cryptography for Embedded Devices
Pavona’s standout feature for IoT security design is its integrated post-quantum cryptography stack, openly available and engineered for embedded silicon. The platform ships with a complete classical and post-quantum cryptographic stack from day one, including hardware-software co-design work for the newly standardized ML-KEM and ML-DSA algorithms. Research teams involved in Pavona have demonstrated 6–9x performance improvements for these post-quantum schemes on embedded silicon, along with 36–75% gains in maximum operating frequency at near-zero area cost. For IoT makers, this means quantum-resistant encryption and authentication are not bolted on later, but accelerated in hardware and ready for production use. By addressing performance and area overheads up front, Pavona makes it realistic to embed robust post-quantum security even in resource-constrained devices that must balance power, cost and security over long field lifetimes.
Open-Source Silicon Lowers Barriers for IoT Security Design-In
Where many security IP offerings are closed and vendor-specific, Pavona embraces an open-source silicon approach, hosted by GlobalPlatform and governed through an independent technical steering committee. This model lowers the barrier for IoT developers to examine, integrate and adapt security subsystems without being locked into a single proprietary stack. The distribution is designed for collaboration, with clear getting-started guides, hardware-native continuous integration and a governance structure inspired by successful open projects such as Yocto and Zephyr. For IoT designers, this translates into reusable, community-reviewed building blocks for roots of trust, cryptographic engines and supporting logic. Because these components are aligned with certification workflows from the outset, teams can focus on product differentiation and system integration rather than reinventing foundational security hardware or navigating certification requirements entirely on their own.
What IoT Makers Should Do Next
For IoT product teams, Pavona offers a practical path to bring quantum-resistant, certification-ready security closer to the silicon bill of materials. Semiconductor vendors can adopt Pavona’s reference roots of trust or integrate selected IP blocks into microcontrollers, secure elements or chiplet architectures targeted at connected products. Device OEMs, in turn, can prioritize suppliers that design around open, standards-aligned security IP instead of opaque implementations. Development teams should start by exploring the Pavona platform documentation and reference designs, mapping them against their own threat models, lifecycle requirements and certification plans. As the post-quantum migration accelerates and supply chains continue to fragment, building on an open-source silicon foundation with integrated post-quantum cryptography and secure roots of trust may be one of the most effective ways to future-proof IoT security at the hardware level.