Secure Boot and Key Management for Embedded Devices in the Post-Quantum Transition
Presenters
Abstract
In embedded systems, defending against software tampering requires a layered trust model anchored in sequential code verification. This begins with hardware-protected bootloaders that establish a root of trust and extends through firmware and application signing. With PQC algorithms still evolving and PQC-ready hardware scarce, a practical defense-in-depth strategy is needed.
In this session, we present a transition approach that combines structured boot chains with cryptographic agility in key management. Our proposal uses pre-provisioned AES keys—commonly available in embedded hardware today—to protect PQC signing keys during provisioning and update workflows. This method allows security-critical assets to be safely introduced without requiring PQC-native secure elements or major changes to the existing secure boot process.
We will examine how these techniques can be integrated into current manufacturing workflows to enhance resilience, simplify migration, and enable embedded platforms to evolve securely in the face of emerging cryptographic threats.