Post-quantum cryptography for embedded and IoT: secure boot, TLS and OTA

Post-quantum cryptography (PQC) is transitioning from research to practical implementation in embedded and IoT systems, affecting secure boot, TLS, OTA updates, and firmware signing. NIST has finalized initial PQC standards, and OpenSSL 3.5 now supports algorithms like ML-KEM and ML-DSA, prompting embedded vendors to integrate PQC into MCU and firmware workflows. The article emphasizes that for long-lived connected products, the priority is not immediate migration but conducting a thorough audit of boot chains, OTA processes, and PKI to establish crypto agility and reduce future risk.

Post-quantum cryptography is no longer just a research topic. It is starting to affect the way embedded teams design TLS, secure boot, OTA, firmware signing, device identity and long-term product maintenance. NIST has finalized the first post-quantum standards. OpenSSL 3.5 now includes ML-KEM, ML-DSA and SLH-DSA support. The European roadmap points toward a coordinated transition, and embedded vendors are already moving PQC into MCU and firmware workflows. For connected products that may stay in the field for 10, 15 or 20 years, this is not abstract security theater. It is architecture. Embedded products freeze cryptographic choices earlier than many teams expect: Once the device is deployed, changing those choices becomes expensive. Sometimes it becomes almost impossible without a carefully designed migration path. That is the real value of post-quantum planning: not replacing RSA and ECC everywhere overnight, but introducing crypto agility before the product becomes too rigid. The two names embedded teams should recognize first are: For Linux gateways, ML-KEM is often the first practical entry point because TLS stacks can be tested and upgraded more easily than immutable boot chains. For firmware and boot flows, ML-DSA is very relevant but needs more careful engineering. Signature sizes, verification time, image layout and manifest formats all matter. Do not turn on PQC everywhere and hope for the best. A healthier path looks like this: pqc embedded audit: lifecycle: expected field life checked: true non updatable signature verifier identified: true protocols: tls or vpn usage mapped: true certificates and pki inventory done: true firmware chain: secure boot flow reviewed: true ota manifest and signature format reviewed: true rollback and recovery paths verified: true implementation: hybrid transition need evaluated: true stack heap flash measured on real target: true latency variance measured: true operations: trust anchor rotation plan available: true crypto agility requirements defined: true release and support workflow documented: true PQC planning is most useful when the product is: That makes Linux gateways, edge appliances, industrial IoT devices and remotely maintained firmware platforms natural candidates for early evaluation. PQC is not automatically the right move for every MCU or every firmware build. Very constrained devices may have strict limits around stack, heap, flash, latency or power. Hybrid approaches can help with migration, but they also add complexity and testing cost. The goal is not to put post-quantum algorithms everywhere. The goal is to know where they reduce real product risk. Post-quantum cryptography is becoming part of embedded product architecture. The smartest move today is not panic migration; it is inventory, measurement and crypto agility. Teams that understand their boot chain, OTA process, PKI and field lifecycle now will have a much easier transition later. Canonical source: Post-quantum cryptography for embedded and IoT: secure boot, TLS and OTA Silicon LogiX helps teams review embedded Linux, secure boot, firmware signing, OTA and security architecture for connected products.