Secure Boot and Key Management for Embedded Devices in the Post-Quantum Transition

Conference Details
embedded world North America 2025
Anaheim, CA
November 04, 2025 - November 06, 2025

Presenters

Authors

Abstract

In embedded systems, defending against software tampering requires a layered trust model anchored in sequential code verification. This begins with hardware-protected bootloaders that establish a root of trust and extends through firmware and application signing. With PQC algorithms still evolving and PQC-ready hardware scarce, a practical defense-in-depth strategy is needed.

In this session, we present a transition approach that combines structured boot chains with cryptographic agility in key management. Our proposal uses pre-provisioned AES keys—commonly available in embedded hardware today—to protect PQC signing keys during provisioning and update workflows. This method allows security-critical assets to be safely introduced without requiring PQC-native secure elements or major changes to the existing secure boot process.

We will examine how these techniques can be integrated into current manufacturing workflows to enhance resilience, simplify migration, and enable embedded platforms to evolve securely in the face of emerging cryptographic threats.

Presentation Slides

Download the complete presentation as a PDF document.

Chat