EPISODE · Dec 28, 2025 · 42 MIN
Lessons from Building an Open-Architecture Secure Element (39c3)
from Chaos Computer Club - recent events feed (low quality) · host Jan Pleskac
The talk will be about our experience from building an open-architecture secure element from the ground up. It explains why openness became part of the security model, how it reshaped design and development workflows, and where reality pushed back — through legal constraints, third-party IP, or export controls. It walks through the secure boot chain, attestation model, firmware update flow, integration APIs, and the testing framework built for external inspection. Real examples of security evaluations by independent researchers are presented, showing what was learned from their findings and how those exchanges raised the overall security bar. The goal is to provoke discussion on how open collaboration can make hardware more verifiable, adaptable, auditable and while keeping secure. This talk shares our engineering experience from designing and implementing an open-architecture secure element — a type of chip that is traditionally closed and opaque. We’ll outline the practical consequences of choosing openness as part of the security model: how it affected hardware architecture, firmware design, verification, and development workflows. The session dives into concrete technical areas including the secure boot chain, attestation and update flow, key storage isolation, and the testing and fuzzing infrastructure used to validate the design. It also covers the boundaries of openness — where third-party IP, export control, or certification requirements force certain blocks to remain closed — and how we document and mitigate those limits. We’ll present anonymized examples of external security evaluations, show how responsible disclosure and transparent fixes improved resilience, and reflect on what “community-driven security” means in a hardware context. Attendees should leave with a clearer view of what it takes to make security verifiable at the silicon level — and why that process is never finished. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/lessons-from-building-an-open-architecture-secure-element
What this episode covers
The talk will be about our experience from building an open-architecture secure element from the ground up. It explains why openness became part of the security model, how it reshaped design and development workflows, and where reality pushed back — through legal constraints, third-party IP, or export controls. It walks through the secure boot chain, attestation model, firmware update flow, integration APIs, and the testing framework built for external inspection. Real examples of security evaluations by independent researchers are presented, showing what was learned from their findings and how those exchanges raised the overall security bar. The goal is to provoke discussion on how open collaboration can make hardware more verifiable, adaptable, auditable and while keeping secure. This talk shares our engineering experience from designing and implementing an open-architecture secure element — a type of chip that is traditionally closed and opaque. We’ll outline the practical consequences of choosing openness as part of the security model: how it affected hardware architecture, firmware design, verification, and development workflows. The session dives into concrete technical areas including the secure boot chain, attestation and update flow, key storage isolation, and the testing and fuzzing infrastructure used to validate the design. It also covers the boundaries of openness — where third-party IP, export control, or certification requirements force certain blocks to remain closed — and how we document and mitigate those limits. We’ll present anonymized examples of external security evaluations, show how responsible disclosure and transparent fixes improved resilience, and reflect on what “community-driven security” means in a hardware context. Attendees should leave with a clearer view of what it takes to make security verifiable at the silicon level — and why that process is never finished. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/lessons-from-building-an-open-architecture-secure-element
NOW PLAYING
Lessons from Building an Open-Architecture Secure Element (39c3)
No transcript for this episode yet
Similar Episodes
Apr 21, 2026 ·73m
Apr 18, 2026 ·95m
Apr 15, 2026 ·55m
Apr 13, 2026 ·68m
Apr 11, 2026 ·59m
Apr 9, 2026 ·66m