Microchip adds PQC root-of-trust controllers for next-gen systems
Microchip Technology (Nasdaq: MCHP) has expanded its Trust Shield portfolio with two new post-quantum cryptography (PQC) controllers: the TS1800 Platform Root of Trust IC and the TS50x secure boot controller. Both devices are aimed at system architects navigating a wave of emerging mandates, including the EU Cyber Resilience Act (CRA) and the US Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), and are now available through an early adopter programme.
The TS1800 is the more fully featured of the two. Built around an Arm Cortex-M4F processor running at up to 192 MHz, the company says it delivers roughly twice the processing performance of its previous-generation root-of-trust controllers — a claim consistent with the increased computational overhead that lattice-based cryptography imposes relative to classical elliptic-curve schemes. Hardware accelerators in the chip implement three NIST-standardised algorithms: ML-DSA (Module Lattice-Based Digital Signature Algorithm), ML-KEM (Module Lattice-Based Key Encapsulation Mechanism) and LMS (Leighton–Micali Signature) verification. A USB 2.0 interface replaces slower I²C and SPI connections for firmware updates.
The TS50x family takes a narrower approach, providing PQC signature verification for systems that do not require the full Open Compute Project (OCP)-compliant feature set. TS50x devices hold the host chipset in reset until firmware signature verification completes, supporting both PQC and classical ECC P-384 in a hybrid mode that allows incremental migration of existing platforms.
Nuri Dagdeviren, corporate vice president of Microchip's secure computing group, said: "The transition to post-quantum cryptography is no longer a discussion for the future — it's a real-world implementation challenge already at our doorstep, arriving faster than many organisations expected."
Both controllers run Microchip's fourth-generation Soteria firmware on Zephyr RTOS and are compliant with NIST SP 800-193 platform resiliency guidelines. They are available as drop-in modules within the pre-configured TrustFLEX platform.
Standards landscape
The timing reflects an accelerating regulatory timeline. NIST finalised its first three PQC standards in August 2024, and US federal agencies face a 2030 deadline for algorithm migration under National Security Memorandum 10. Meanwhile, the EU CRA — which entered into force in late 2024 and begins applying to manufacturers from 2027 — requires demonstrable security-by-design in connected products, with cryptographic agility increasingly interpreted as a baseline expectation by national cybersecurity agencies.
Hardware-rooted trust is gaining particular attention in the data-centre and critical-infrastructure sectors, where software-only attestation chains have been identified as a systemic weakness by bodies including the Cybersecurity and Infrastructure Security Agency (CISA) in the US and ENISA in Europe.
Competitive positioning
Microchip is not alone in targeting the PQC silicon opportunity. Lattice Semiconductor offers PQC-capable secure control devices in its Sentry and Mach-NX families, while TPM vendors such as Infineon and STMicroelectronics have begun integrating lattice-based algorithm support into trusted platform modules. The distinction Microchip is pressing is the OCP-compliant Platform Root of Trust feature set in the TS1800, which aligns with the data-centre supply chain security specifications increasingly mandated by hyperscalers. A hybrid ECC-plus-PQC capability in the TS50x also reduces switching costs for infrastructure operators not yet ready to commit to a full PQC stack.
General availability pricing and volume shipment dates were not disclosed at launch; interested buyers are directed to Microchip's sales channels and authorised distributors.