PosQuantum
Secure Boot + TPM 2.0

Firmware Shield

Complete post-quantum protection for firmware and boot chain. TPM 2.0 re-wrap, secure boot with ML-DSA, supply chain attestation.

ML-DSA-65·Signing
ML-KEM-768·Encapsulation
TPM 2.0·Re-wrap PQ

Capabilities

PQ Secure Boot

Complete chain of trust with ML-DSA. Each boot stage is cryptographically verified before execution.

TPM 2.0 PQ Re-wrap

TPM storage keys wrapped in ML-KEM-768. Post-quantum protection without replacing hardware.

Firmware Signing

Digital signature with ML-DSA-65 for each firmware release. Automatic on-device verification.

Supply Chain Attestation

Complete supply chain audit. Every component signed and verified from source.

Secure OTA

Over-the-air updates with dual ML-DSA + SHA-3 hash verification. Automatic rollback on failure.

Measured Boot

Immutable record of each boot stage in TPM PCR. Remote attestation with PQ cryptographic proofs.

Verified Boot Chain

Each stage verifies the next with ML-DSA before handing off control.

1

ROM

Immutable root of trust

2

Bootloader

Verified by ML-DSA

3

Kernel

Hash chain + attestation

4

User Space

Runtime integrity

Specifications

KEMML-KEM-768 (FIPS 203)
DSAML-DSA-65 (FIPS 204)
SymmetricAES-256-GCM
TPM2.0 (RSA→PQ re-wrap)
Boot Chain4 verified stages
CompatibilityUEFI / ARM TF-A / U-Boot
Native integration

Drive Guard Companion

Firmware Shield protects boot and TPM. Drive Guard protects disks. Together, they form a complete defense in depth — from firmware to data at rest.

View Drive GuardRequest Proposal