Microchip has expanded its Trust Shield portfolio with two post-quantum-ready security controllers aimed at systems that need hardware-based secure boot and platform trust. The TS1800 Platform Root of Trust controller and TS50x secure boot controller are designed for data center, compute, defense, telecom, and infrastructure platforms preparing for post-quantum cryptography requirements. The TS1800 is an external Platform Root of Trust controller used to manage secure boot, firmware updates, attestation, and certificate handling in high-security systems. It sits close to the main processor or chipset, verifying the platform before normal operation begins and helping maintain trust through firmware changes and lifecycle events.
Hardware Support For Post-Quantum Cryptography
The TS1800 includes hardware acceleration for NIST-standardized post-quantum algorithms, including ML-DSA, LMS verification, and ML-KEM. These functions are used where signature verification, key encapsulation, and long-term firmware trust need to move beyond classical cryptography. Post-quantum workloads place more demand on embedded security controllers, so Microchip has built the TS1800 around an Arm Cortex-M4F processor running at up to 192 MHz. The company says this gives the device up to twice the processing performance of its previous root of trust controller generation, while regulator and architecture updates are intended to keep power use under control.
Secure Boot And Platform Resiliency
The TS1800 supports secure boot, firmware integrity validation, attestation, certificate handling, and lifecycle management. These are the functions expected in platform root of trust devices used in OCP-compliant systems and other infrastructure designs where firmware integrity is part of the security model. USB 2.0 full-speed and high-speed support has also been added to reduce firmware update time compared with I²C and SPI interfaces. That is a practical addition for systems where firmware maintenance and recovery need to happen without making the update process unnecessarily slow.
Both the TS1800 and TS50x align with NIST SP 800-193 platform resiliency guidance and are positioned for emerging requirements including the European Cyber Resilience Act and CNSA 2.0.
TS50x Secure Boot For Smaller Security Requirements
The TS50x family is aimed at systems that need PQC-ready secure boot but do not require the full OCP-style Platform Root of Trust feature set. Its architecture focuses on verification operations for post-quantum and classical cryptography, including ECC P-384, on firmware booting from SPI Flash. In use, the TS50x holds the main chipset in reset until firmware signature verification succeeds. This gives system designers a way to add PQC-ready boot verification to platforms where a full platform root of trust controller would be more than the design needs. The hybrid support for classical ECC and PQC also gives companies a way to move from existing cryptographic approaches without changing the whole security architecture at once.
TrustFLEX Configuration And System Integration
Microchip is offering both controllers through its pre-configured TrustFLEX platform. That should help reduce the setup burden for OEMs that need defined security behavior without building every cryptographic element from the ground up. The devices are designed as modular crypto-controllers, which makes them easier to integrate into existing platform designs. They also build on Microchip’s fourth-generation Soteria firmware running on Zephyr RTOS, with the firmware intended to support evolving ecosystems and certification requirements. TS1800 and TS50x controllers, along with compatible evaluation boards, are currently available through Microchip’s early adopter program.
Learn more and read the original announcement at www.microchip.com
Technology Overview
The Microchip TS1800 is a Platform Root of Trust controller for secure boot, firmware updates, attestation, certificate handling, and lifecycle management. It uses an Arm Cortex-M4F processor running up to 192 MHz and includes hardware acceleration for post-quantum algorithms including ML-DSA, LMS verification, and ML-KEM. The TS50x family provides a simpler PQC-ready secure boot controller for firmware verification from SPI Flash.
Frequently Asked Questions
What is the difference between TS1800 and TS50x?
TS1800 is a full Platform Root of Trust controller for secure boot, attestation, firmware updates, and lifecycle management. TS50x is focused on PQC-ready secure boot verification for systems that do not need the full platform root of trust feature set.
Which post-quantum algorithms does TS1800 support?
The TS1800 includes hardware acceleration for NIST-standardized algorithms including ML-DSA, LMS verification, and ML-KEM.
Where does the TS50x sit in a system?
The TS50x verifies firmware signatures from SPI Flash and holds the main chipset in reset until verification is successful.
You may also like
