How Pavona Composes Secure Silicon Aligned With FIPS 140-3 Standards

GlobalPlatform has launched Pavona, an open-source silicon distribution featuring the first openly available post-quantum cryptography stack for embedded silicon, and is backed by twelve founding members including Agile Analog, Analog Devices, Inc. (ADI), Baochip, CrossBar, Max Planck Institute for Security and Privacy, Meta, University of Oxford, SIMPLE Crypto Association, Qualcomm Technologies, Tenstorrent, Winbond, and ZeroRISC. The initiative delivers certification-ready IP components and reference designs, including a standalone chip root of trust and an integrated root of trust for chiplet architectures, fabricated using TSMC 3nm (N3) technology. Pavona utilizes a composable framework aligned with FIPS 140-3 and Common Criteria standards, enabling a modular approach to building secure silicon for applications ranging from datacenters to IoT devices. Stephane Di Vito, Head of Product Security Architecture at Analog Devices, highlights how Pavona complements their existing security foundations, providing “certification-aligned production-grade IP into digital and mixed-signal designs without compromising flexibility or time to market.”

Pavona Launch: Open Silicon Distribution for Secure Hardware

The launch of Pavona represents a shift in hardware security, establishing the first open silicon distribution built around production-grade post-quantum cryptography. Unlike traditional, proprietary approaches to chip security, Pavona offers a composable framework for building secure-by-default silicon, spanning applications from data centers to IoT devices. This initiative, launched by GlobalPlatform, addresses a growing vulnerability in the face of increasingly sophisticated cyber threats and the potential arrival of quantum computing. Pavona’s architecture centers on a modular distribution model, offering a curated IP library and composition engine that allows integrators to tailor silicon subsystems to specific needs. This contrasts with monolithic chip designs, providing greater flexibility and scalability, and marks a step toward production-ready secure silicon at a leading-edge process node, moving beyond theoretical designs to tangible hardware.

The distribution specifically targets compliance with rigorous security standards, including FIPS 140-3 and Common Criteria certification requirements. The project’s origins lie in the GlobalPlatform Trusted Open Source Silicon Task Force, which identified the need for a neutral, community-governed framework. “The foundational answer is secure silicon — and silicon itself is becoming critical infrastructure. Pavona is the home for composable open-source secure silicon: a standards-aligned ecosystem bringing together the world’s leading experts across industry, academia, and open-source.” Researchers at the Max Planck Institute for Security and Privacy, alongside ZeroRISC and Academia Sinica, have demonstrated performance gains of 6, 9 times for ML-KEM and ML-DSA post-quantum algorithms on embedded silicon, achieved through hardware-software co-design.

These improvements, coupled with 36, 75% improvements in maximum operating frequency at minimal area cost, are directly integrated into the Pavona distribution. This makes Pavona the first open-source silicon platform to deliver production-grade post-quantum cryptography as a standard feature. Dominic Rizzo added, “Pavona was designed for collaboration from day one: clear getting-started guides, hardware-native CI, a Yocto-inspired governance model, and silicon-proven designs.” This represents the maturation of years of open-source silicon development, built for scale.

TSMC 3nm Implementation: Root of Trust Reference Designs

The demand for robust chip security is increasing alongside increasingly sophisticated cyber threats, prompting a shift toward open-source silicon designs that prioritize transparency and auditability. While proprietary security implementations have long dominated the industry, a growing community recognizes the limitations of closed systems, particularly concerning supply chain vulnerabilities and the need for independent verification. This has spurred the development of Pavona, an open-source silicon distribution aiming to deliver production-quality, certification-ready IP components and reference designs, with initial implementations leveraging TSMC’s 3nm (N3) fabrication process. The initiative has garnered significant industry support, with twelve founding members already committed, including Agile Analog, Analog Devices, Inc. (ADI), Baochip, CrossBar, Max Planck Institute for Security and Privacy, Meta, University of Oxford, SIMPLE Crypto Association, Qualcomm Technologies, Tenstorrent, Winbond, and ZeroRISC. This design philosophy ensures that the open-source silicon is built to withstand rigorous scrutiny and validation. The project’s open repository, top-level designs, and documentation are now publicly available, signaling a commitment to fostering a collaborative ecosystem for secure silicon development.

ML-KEM/ML-DSA Performance: Post-Quantum Crypto on Embedded Silicon

ZeroRISC, led by Governing Board Chair Dominic Rizzo, is driving the embedding of post-quantum cryptography directly into silicon, a move gaining traction with the launch of the Pavona open-source silicon distribution. The initiative focuses on practical performance improvements for key algorithms, which are already demonstrable. Researchers achieved 6, 9 times performance gains on embedded silicon, alongside 36, 75% improvements in maximum operating frequency, all while maintaining a minimal impact on chip area. This co-design approach, integrating hardware and software from the outset, is central to Pavona’s promise of production-ready security. These performance gains are crucial as the threat from quantum computers looms, potentially rendering current encryption methods obsolete, and this fabrication choice underscores the commitment to leveraging leading-edge technology for enhanced security.

The designs are not merely proofs of concept; they represent concrete steps toward secure silicon ready for commercial deployment. Pavona’s architecture deliberately departs from traditional, proprietary chip security approaches, opting instead for a modular, composable framework. This allows integrators to select, configure, and assemble open silicon subsystems tailored to their specific needs, whether for data center servers, AI accelerators, or resource-constrained IoT devices. “Trustworthy chip security should be easy to integrate, accessible to all, and independently governed — never locked inside proprietary, single-vendor implementations,” Rizzo explains. Analog Devices highlights how Pavona complements their existing security foundations, providing “certification-aligned production-grade IP into digital and mixed-signal designs without compromising flexibility or time to market,” according to Stephane Di Vito, Head of Product Security Architecture, ADI. Pavona is designed with rigorous certification in mind, specifically targeting FIPS 140-3 and Common Criteria requirements.

This approach, coupled with the open-source nature of the silicon, aims to foster greater transparency and trust in the increasingly complex world of embedded security. Gil Bernabeu, Chief Technology Officer at GlobalPlatform, the organization that launched Pavona, notes that open-source silicon has reached an inflection point and is becoming a common way to collaborate across the IoT ecosystem.

Unlike traditional, proprietary security implementations, Pavona offers a curated library of silicon IP blocks designed for flexible assembly, addressing vulnerabilities arising from increasingly complex and fragmented supply chains. The project’s charter is modeled on successful open-source governance frameworks such as Yocto and Zephyr, combining lightweight community-driven development with GlobalPlatform’s experience in commercial standards.