GlobalPlatform has launched Pavona, an open-source silicon distribution aimed at helping chip designers integrate certification-aligned roots of trust and post-quantum cryptography into embedded and high-performance systems.
Security in connected devices is increasingly decided before the first line of application code is written. For IoT products expected to remain in service for years, the root of trust, cryptographic acceleration and certification path are often locked in at silicon design time, long before OEMs start worrying about field provisioning or lifecycle management.
Against that backdrop, GlobalPlatform has introduced Pavona, a community-governed open-source silicon distribution that packages secure silicon IP components, a composition framework and reference top-level designs. The project is positioned for use across a broad range of architectures, from datacenter and AI systems to automotive controllers and resource-constrained IoT devices.
More than another open IP block
What makes Pavona distinct is its distribution model. Many open silicon efforts have centered on individual cores or largely fixed reference chips. Pavona instead combines a curated IP library with a composition engine, allowing integrators to assemble security subsystems suited to different chip architectures rather than starting from a monolithic design.
That distinction matters for IoT. A standalone secure element, an embedded root of trust inside a microcontroller, and a root of trust integrated into a chiplet-based system are not the same design problem. Pavona launches with two successfully taped-out reference designs: a standalone chip root of trust and an integrated root of trust for chiplet architectures fabricated at TSMC 3nm. The inclusion of silicon-proven reference designs gives the initiative a different starting point from projects that remain purely at the simulation or specification level.
GlobalPlatform also says Pavona is aligned with FIPS 140-3 and Common Criteria certification requirements. That should not be read as automatic certification for products built with the distribution. For OEMs and semiconductor teams, the practical value is that the starting architecture is intended to support certification workflows, while the responsibility for product-level validation, integration evidence and final certification remains with the implementer.
Post-quantum cryptography moves into embedded silicon
The other notable element is the cryptographic stack. Pavona includes classical and post-quantum cryptography from the outset, including work on the newly standardized ML-KEM and ML-DSA algorithms. According to the announcement, ZeroRISC, the Max Planck Institute for Security and Privacy, and Academia Sinica presented hardware-software co-design results showing 6–9x performance improvements for those algorithms on embedded silicon, along with 36–75% improvements in maximum operating frequency at near-zero area cost. That work is included in the initial Pavona distribution.
The implication for long-lived IoT devices is straightforward: post-quantum migration is not only a software update issue. If PQC workloads are expected to run efficiently in constrained silicon, architectural choices made at design-in become part of the migration strategy. Pavona does not solve that problem for deployed devices, but it gives chip designers and OEMs an open route to consider PQC support earlier in the product lifecycle.
This is particularly relevant for industrial IoT, utilities, automotive electronics and infrastructure equipment, where device lifetimes can exceed the normal refresh cycles of consumer hardware. In those markets, a root of trust that can support both existing cryptographic mechanisms and emerging post-quantum algorithms may reduce the risk of designing new hardware around security assumptions that age poorly.
Governance and ecosystem impact
Pavona is hosted by GlobalPlatform and grew out of its Trusted Open Source Silicon Task Force. The project is funded through a governing board of contributing members, while technical roadmap responsibility sits with an independent Technical Steering Committee. The charter is modeled on open-source governance approaches associated with projects such as Yocto and Zephyr.
The founding member group is broad: Agile Analog, Analog Devices, Baochip, CrossBar, the Max Planck Institute for Security and Privacy, Meta, Qualcomm Technologies, SIMPLE Crypto Association, Tenstorrent, the University of Oxford, Winbond Electronics and ZeroRISC. For the IoT ecosystem, that mix is important because secure silicon adoption depends on more than IP availability. It requires semiconductor suppliers, software communities, standards bodies and end-product stakeholders to converge on interfaces and assurance models that can survive commercial deployment.
For OEMs, Pavona could lower the barrier to evaluating root-of-trust architectures without relying entirely on proprietary single-vendor implementations. For system integrators and industrial players, the impact is more indirect but still relevant: devices built on composable, certification-aligned secure silicon may be easier to assess, attest and manage across heterogeneous deployments. Connectivity providers will not consume Pavona in the same way a chip design team does, but stronger device-level trust anchors can influence how credentials, identities and secure onboarding are implemented in connected products.
The launch does not eliminate the hard parts of secure hardware design. Integration, verification, certification and lifecycle support remain complex. But Pavona’s significance is that it brings open silicon, standards alignment and post-quantum readiness into the same distribution, rather than treating them as separate engineering projects.
The post GlobalPlatform’s Pavona Brings Open Silicon Security Closer to IoT Design-In appeared first on IoT Business News.
