What Pavona Is and Why It Matters for IoT Security Design
GlobalPlatform’s Pavona is an open-source silicon distribution that lets chip designers integrate secure roots of trust and post-quantum cryptography directly into new processors and controllers, so IoT device security decisions are made early, at the hardware design-in stage rather than left to later software patches. In connected products expected to operate for years, the secure root of trust, cryptographic acceleration, and certification path are fixed at the silicon level long before OEMs consider provisioning or lifecycle tools. Pavona addresses this by packaging secure silicon IP, a composition framework, and reference top-level designs into a community-governed project suitable for datacenter, AI, automotive, and constrained IoT devices. For teams worrying about post-quantum cryptography IoT risks and long-term IoT device security design, it offers an open starting point that treats hardware, crypto, and certification as a single, coherent problem rather than separate engineering efforts.
From IP Blocks to Composable Quantum-Resistant Hardware
Pavona stands out from past open-source silicon security projects because it focuses on a distribution model, not a single fixed chip. Instead of providing one monolithic reference design, it combines a curated IP library with a composition engine so integrators can assemble secure subsystems tailored to standalone secure elements, embedded microcontroller roots of trust, or chiplet-based systems. The launch includes two taped-out reference designs: a standalone chip root of trust and an integrated root of trust for chiplet architectures fabricated at TSMC 3nm. This gives silicon teams real, silicon-proven blueprints for quantum-resistant hardware rather than only simulations. The project is also aligned with FIPS 140-3 and Common Criteria expectations, which means its architectures are prepared for certification workflows, even though final product certification and verification still remain the responsibility of each implementer.
Post-Quantum Cryptography Moves On-Chip for Long-Lived IoT Devices
A core aim of Pavona is to bring post-quantum cryptography IoT support into the chip itself, not treat it as a future software patch. The distribution includes both classical and post-quantum algorithms from the start, including work around the ML-KEM and ML-DSA schemes. According to GlobalPlatform’s announcement, results presented by ZeroRISC, the Max Planck Institute for Security and Privacy, and Academia Sinica show 6–9x performance improvements for these algorithms on embedded silicon, with 36–75% higher maximum frequency at near-zero area cost. For industrial IoT, utilities, automotive, and infrastructure devices that may stay in the field longer than consumer gadgets, this matters: quantum-resistant hardware support built into the secure root of trust can keep devices capable of handling new cryptographic standards over their full operating life.
Lowering Barriers with Open-Source Silicon Security
By making its secure root of trust architecture open, Pavona lowers the entry barrier for IoT manufacturers that want enterprise-grade IoT device security design without committing to one proprietary vendor. OEMs and chipmakers can evaluate an open, composable root-of-trust implementation that already considers certification and post-quantum needs, then adapt it to their own SoCs and microcontrollers. For system integrators and industrial operators, this does not replace their own assurance work, but devices built on Pavona-based secure silicon could be easier to assess, attest, and manage across mixed fleets. The project’s community governance—through a GlobalPlatform board and an independent Technical Steering Committee—aims to align semiconductor suppliers, software communities, standards groups, and end-product makers around shared interfaces and assurance models, making open-source silicon security more practical for mainstream IoT deployments.
Ecosystem Momentum and the Road Ahead
Pavona is backed by a wide founding group including Agile Analog, Analog Devices, Baochip, CrossBar, the Max Planck Institute for Security and Privacy, Meta, Qualcomm Technologies, SIMPLE Crypto Association, Tenstorrent, the University of Oxford, Winbond Electronics, and ZeroRISC. This mix reflects how post-quantum and open-source silicon security must span IP vendors, cloud platforms, academic cryptographers, and chip manufacturers to succeed. For connectivity providers and industrial platforms, Pavona is an upstream influence rather than a directly consumed product, because stronger, standard-aligned trust anchors in endpoints can reshape onboarding, credential management, and remote attestation models. The hard work of secure hardware design—system integration, verification, certification, and lifecycle updates—does not disappear. But by uniting open hardware, a secure root of trust, and post-quantum algorithms in a single distribution, Pavona offers a practical route to quantum-resistant IoT from the ground up.