Pavona’s Composable Framework Aligns With FIPS 140-3, Common Criteria

GlobalPlatform has launched Pavona, the first openly available silicon distribution featuring a production-grade post-quantum cryptography (PQC) stack for embedded systems, addressing the escalating threat of attacks from future quantum computers. The initiative delivers certification-ready IP components and reference designs, including a standalone chip root of trust and an integrated root of trust for chiplet architectures fabricated using TSMC 3nm (N3) processes. Twelve founding members, including Meta, Qualcomm Technologies, and the Max Planck Institute for Security and Privacy, have already committed to the collaborative effort. Pavona’s composable framework aligns with FIPS 140-3 and Common Criteria, offering a scalable, modular approach to secure silicon design.

Pavona Launch: Open Silicon for Post-Quantum Cryptography

This initiative addresses vulnerabilities in currently deployed devices susceptible to attacks leveraging advancements in quantum processing power, rather than preparing for a distant future. Pavona distinguishes itself through a composable framework, allowing developers to tailor secure silicon subsystems for diverse applications ranging from data centers to constrained IoT devices, a flexibility absent in traditional monolithic designs. “The world faces a rising tide of cyber insecurity, with mounting costs from devices that are fundamentally untrustworthy and vulnerable from design through decommissioning,” said Dominic Rizzo, Governing Board Chair of Pavona and CEO of ZeroRISC. “The foundational answer is secure silicon — and silicon itself is becoming critical infrastructure.” Pavona’s development stems from the GlobalPlatform Trusted Open Source Silicon Task Force, recognizing the need for a neutral, community-governed framework that moves beyond isolated open-source designs. Gil Bernabeu, Chief Technology Officer of GlobalPlatform, explains that open-source silicon is becoming a common way to collaborate across the IoT ecosystem, similar to the impact of Linux on open-source software adoption. The project’s full IP repository and documentation are available at www. pavona. org.

Composable Silicon Framework & FIPS 140-3 Alignment

Launched by GlobalPlatform, Pavona represents a significant shift in silicon security by establishing the first openly available distribution of production-grade IP components, moving beyond isolated open-source designs toward a scalable, composable framework. A key element of Pavona’s design is its alignment with stringent security standards, specifically FIPS 140-3 and Common Criteria certification requirements, demonstrating a focus on leveraging advanced manufacturing for robust security infrastructure. Recent collaborative work, presented at Real World Crypto in Taipei, showcased six to nine times performance improvements for ML-KEM and ML-DSA algorithms on embedded silicon, with minimal area cost. The project’s governance model, inspired by Yocto and Zephyr, emphasizes community-driven development alongside GlobalPlatform’s experience in commercial standards.

Performance Gains with ML-KEM/ML-DSA on Embedded Silicon

These improvements were achieved without sacrificing efficiency; researchers also reported 36 to 75 percent improvements in maximum operating frequency, with minimal impact on chip size and power consumption. This focus on performance optimization is central to Pavona’s design, which moves beyond monolithic open-source silicon designs toward a modular distribution model. Unlike traditional approaches, Pavona offers a “composition engine and curated IP library” enabling developers to tailor silicon subsystems to specific architectures, ranging from data center servers to low-power IoT devices. This flexibility is particularly important as supply chains become increasingly fragmented and the demand for specialized hardware accelerates. The project aims to deliver a “production-grade PQC out of the box,” a claim supported by the inclusion of a full classical and post-quantum cryptographic stack from the outset.