1. Home
  2. /
  3. Resources
  4. /
  5. Trusted Device Bootstrapping: The Foundation of Product Security

Trusted Device Bootstrapping: The Foundation of Product Security

hero-sub-3
PKI hierarchies - 1, 2, 3 tiers ?

2026-01-20

In this episode of #KEYMASTER, Sven Rajala, International PKI Man of Mystery, and Guillaume Crinon, Director of IoT Business Strategy, explore one of the most foundational topics in product security: how trust is bootstrapped in connected devices, and why strong device identity is essential at scale.

As connected products proliferate across industries, from utilities to transportation to consumer IoT, security can no longer be an afterthought. Trust must be designed into devices from the very beginning.

Watch video on YouTube

Why Strong Device Identity Matters

Modern devices are no longer isolated systems. They communicate continuously with backend services, cloud platforms, and operational systems.

Take smart meters, for example. Utilities deploy these devices in hundreds of thousands, or even millions, across wide geographic areas. Each device regularly communicates with a central head-end system to:

  • Report usage data
  • Receive firmware updates
  • Monitor health and battery status
  • Support maintenance and lifecycle operations

For this to work securely:

  • Each device must know it is communicating with the correct backend
  • The backend must be able to uniquely and reliably identify each device

This requirement applies equally to smart meters as it does to lockers, bicycles, vehicles, industrial equipment, and consumer electronics. Today, the strongest and most scalable way to establish that identity is through X.509 certificates issued by a private PKI.

What Does “Bootstrapping Trust” Mean?

Bootstrapping trust is about answering a simple yet critical question: How does a device securely prove its identity the very first time it connects?

To enroll devices efficiently and securely at scale, they must already contain a strong, unique identity when they leave manufacturing. This identity is called an initial device certificate, sometimes a birth certificate, and it is typically:

  • Unique per device
  • Long-lived or permanent
  • Used only for secure enrollment and re-enrollment

This initial identity enables the device to securely join its operational environment and obtain operational credentials later.

Bootstrapping identity is also essential for decommissioning and reusing devices. When a device is reset to factory state and redeployed to a new customer, the original identity allows the system to verify its authenticity and re-enroll it safely.

The Role of the Hardware Root of Trust

A device identity is only as strong as its protection. If cryptographic keys and certificates are stored in unprotected memory, they can be erased, replaced, or copied, allowing attackers to impersonate the device or redirect trust.

This is why secure systems rely on a hardware root of trust:

  • An immutable trust anchor embedded in the device
  • Implemented using secure elements, TPMs, secure enclaves, or secure processors
  • Designed to protect private keys and symmetric keys from extraction and fraudulent usage
  • Resistant to tampering and side-channel attacks

The hardware root of trust ensures that identities, keys, and cryptographic operations cannot be altered or leaked, forming the foundation for all higher-level security.

Secure Boot and the Role of Fusing

In many systems, the earliest stage of trust is established during secure boot. This often relies on:

  • Read-only memory (ROM)
  • One-time programmable memory

Fusing is used to permanently store a cryptographic key or hash that the processor trusts during boot. Once programmed, it cannot be changed. This ensures that only authorized firmware can run, but it also means the decision must be correct from the start. The fusing does not implement root of trust on its own, but it is a critical mechanism for anchoring secure boot in immutable hardware.

Three Ways to Inject Device Identity

There are three common approaches to injecting certificates and keys into devices during manufacturing:

Pre-Personalization by the Silicon Vendor

Some silicon vendors offer personalization services:

  • Keys and certificates are injected during chip manufacturing
  • A custom part number is created for the customer
  • Chips arrive at the factory already provisioned

This approach simplifies manufacturing but reduces flexibility and ties identity closely to the silicon supply chain.

Factory-Time Personalization (Most Common)

In this model:

  • Generic chips are purchased
  • During device manufacturing, identities are generated and injected
  • Certificates are issued either by a local CA or via a remote PKI (on-prem or SaaS)
  • Provisioning happens after firmware installation and before final testing

This provides strong control over identity and is the most widely adopted approach.

Deferred or “Phone-Home” Enrollment

Here, devices are manufactured with a provisional birth identity provided by the silicon vendor.

  • The device ships unpersonalized
  • On first boot, it contacts an enrollment server
  • The server verifies the birth identity
  • A customer-specific identity is securely delivered over the air
  • The device reboots and becomes fully operational

This model enables late binding of identity and is especially useful for global distribution.

Planning for Post-Quantum Cryptography (PQC)

Device lifetimes are long:

  • Consumer devices: 5–10 years
  • Industrial devices: up to 30 years

This creates a challenge in a post-quantum world. If the hardware root of trust is too limited, upgrading cryptographic algorithms may not be possible. More advanced secure elements and processors, however, can receive firmware updates that introduce post-quantum algorithms.

Some platforms are already:

  • Verifying secure boot using PQC signatures
  • Supporting PQC-capable signing algorithms
  • Preparing for hybrid and post-quantum enrollment flows

This makes crypto agility at the hardware level a key design decision, not just a future concern.

Key Takeaways

  • Strong device identity is foundational for product security
  • Bootstrapping trust enables secure enrollment at a massive scale
  • A hardware root of trust protects identities from tampering and theft
  • Secure boot anchors trust in immutable hardware
  • There are multiple valid models for injecting device identity
  • Long device lifetimes make crypto agility and PQC readiness essential

Bootstrapping trust is not a single feature; it is an architectural decision that shapes the security, scalability, and longevity of connected products. Getting it right early sets the foundation for everything that follows.

Learn more

Related resources

PKI hierarchies - 1, 2, 3 tiers ?
Implementing Cryptography
Industrial Cybersecurity & IoT
Tech Update
Ejbca
Signserver
11 November, 2025

#KEYMASTER: Agentic AI Risks and The Role of Identity

In this episode of #KEYMASTERs, Sven Rajala, International PKI Man of Mystery...
Read more
PKI hierarchies - 1, 2, 3 tiers ?
Industrial Cybersecurity & IoT
Tech Update
Ejbca
Signserver
21 January, 2025

#KEYMASTER: Certificate Management for OPC UA

Join Florian Handke, Director Industrial Security at Campus Schwarzwald and C...
Read more

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data
Close