Microchip introduces post-quantum root of trust controllers

Microchip Technology has expanded its security controller portfolio with the TS1800 Platform Root of Trust controller and the TS50x secure boot controller, designed to support post-quantum cryptography (PQC) in next-generation computing and infrastructure systems.

The devices target applications in data centers, telecommunications, defense, and industrial infrastructure, where evolving cybersecurity standards require hardware-based trust mechanisms.

Hardware root of trust with post-quantum cryptography
The TS1800 functions as an external Platform Root of Trust, enabling secure boot, firmware validation, attestation, and certificate management. It integrates hardware accelerators for PQC algorithms standardized by the National Institute of Standards and Technology, including ML-DSA, LMS, and ML-KEM.

By implementing these algorithms in hardware, the controller supports cryptographic operations resistant to quantum computing threats, while reducing latency compared to software-based execution.

Processing architecture and system performance
The TS1800 is built on an Arm Cortex-M4F processor operating at up to 192 MHz, delivering increased computational capacity for PQC workloads. Compared to previous generations, the architecture provides up to twice the processing performance, addressing the higher complexity of lattice-based cryptographic algorithms.

Integrated USB 2.0 connectivity enables faster firmware updates compared to traditional I²C and SPI interfaces, reducing system maintenance time. The controller also supports platform security functions aligned with Open Compute Project requirements, including lifecycle management and firmware integrity verification.

Secure boot controller for simplified implementations
The TS50x family provides a more compact solution focused on secure boot functionality. These controllers verify firmware signatures stored in external SPI flash memory before system initialization.

They support both PQC and classical cryptography, including elliptic curve cryptography (ECC P-384), enabling hybrid implementations. Systems remain in reset until signature verification is completed, ensuring that only authenticated firmware is executed.

This approach allows existing platforms to transition incrementally toward PQC without requiring full system redesign.

Compliance with security standards
Both controller families are designed to align with emerging regulatory and industry requirements, including the European Cyber Resilience Act and CNSA 2.0. They also support platform resiliency guidelines such as NIST SP 800-193.

Integration into the TrustFLEX platform enables pre-configured deployment, reducing implementation complexity and accelerating system development timelines.

Role in next-generation system security
By embedding PQC capabilities at the hardware root of trust, the TS1800 and TS50x controllers establish secure system initialization from first power-on. This eliminates reliance on legacy cryptographic methods during early boot stages, where vulnerabilities can persist in software-based approaches.

The devices are based on Microchip’s Soteria firmware running on Zephyr RTOS, supporting modular integration and adaptability to evolving security ecosystems.

The expanded controller portfolio provides system architects with hardware-based mechanisms to address increasing cryptographic requirements and regulatory demands in modern digital infrastructure.

Edited by Natania Lyngdoh, Induportals Editor — Adapted by AI.

www.microchip.com