In embedded systems, defending against software tampering requires a layered trust model anchored in sequential code verification. This begins with hardware-protected bootloaders that authenticate platform firmware, which in turn validates application code before execution. Such a staged verification chain enforces strict authenticity at each layer, mitigating risks of code injection or unauthorized modifications.
As we approach the post-quantum era, another critical consideration is the handling of signing & verification keys. While hardware-secured key storage and signatures remain foundational, the pending quantum threat challenges the trust in conventional public-key algorithms. With PQC algorithms still evolving and PQC-ready hardware scarce, a practical defense-in-depth strategy is needed.
In this session, we present a transition approach that combines structured boot chains with cryptographic agility in key management. Our proposal uses pre-provisioned AES keys—commonly available in embedded hardware today—to protect PQC signing keys during provisioning and update workflows. This method allows security-critical assets to be safely introduced without requiring PQC-native secure elements or major changes to the existing secure boot process. We will examine how these techniques can be integrated into current manufacturing workflows to enhance resilience, simplify migration, and enable embedded platforms to evolve securely in the face of emerging cryptographic threat.