Bridging the Gap Between Bits and Atoms: Pavona Launches New Open-Hardware Ecosystem for Secure Chips

For decades, the digital world has operated on a fundamental asymmetry. While open-source software has become the invisible scaffolding of the modern internet—powering everything from the Linux-based servers that run the cloud to the WordPress installations that host nearly half of the web—the physical hardware beneath those software layers has remained largely a “black box.” This proprietary wall has long protected manufacturers, but it has also created significant hurdles for security verification, interoperability, and innovation.

That paradigm is facing a significant shift. The nonprofit global security standards consortium GlobalPlatform has officially launched Pavona, a pioneering open-hardware ecosystem for secure chips designed to bring the transparency and modularity of open-source software to the semiconductor industry. By providing a standardized framework for hardware modules, reference designs, and integration tools, Pavona aims to democratize access to high-level silicon design, ranging from tiny IoT sensors to massive, high-performance data center components.

Dominic Rizzo, the CEO and founder of the security startup zeroRISC, will serve as the governing board chair for the new initiative. The mission is ambitious: to transform hardware development from a rigid, closed-loop process into a flexible, “Lego-like” ecosystem where developers can build, verify, and scale secure silicon with unprecedented speed. As the industry grapples with the dual pressures of an exploding AI market and increasingly stringent global security mandates, Pavona arrives as a critical piece of infrastructure for the next era of computing.

The Layered Reality of Open-Source Hardware

To understand why Pavona is necessary, one must first understand why open-source hardware has historically lagged behind its software counterparts. In the software realm, “copying” a tool involves distributing bits and bytes, which costs virtually nothing. In hardware, however, even the most brilliant open design eventually requires “atoms”—the physical matter, logistics, and massive capital expenditures required for semiconductor fabrication.

Because the actual manufacturing process—the foundry, the physical design kits (PDKs), and the silicon fabrication itself—remains a highly guarded, closed-source domain, open-source hardware must operate in layers. Pavona does not attempt to rewrite the laws of physics or bypass the proprietary nature of chip foundries. Instead, it focuses on the vital layers sitting directly above the fabrication process. This includes design verification, system architecture, instruction-set architecture (ISA), and firmware.

By standardizing these upper layers, Pavona allows engineers to focus on innovation rather than reinventing the foundational architecture for every new device. “A lot of the work we’re putting into Pavona has to do with the infrastructure and the architecture that connects all this stuff together,” Rizzo explained, noting that the goal is to make hardware components modular. This modularity allows a single design concept to be reconfigured for a low-power IoT device or scaled up for a complex system-on-a-chip (SoC) in a data center.

Andrew “bunnie” Huang, the renowned hardware hacker and founder of Baochip—a founding member of Pavona—describes the movement as foundational. He suggests that the industry has finally reached a tipping point where there is enough “open” intellectual property available to create a meaningful, distributable ecosystem that can shape how humans interact with hardware for years to come.

Leading with OpenTitan: The Security Root-of-Trust

Pavona is not launching with an empty toolkit. Its initial offering centers on the components of OpenTitan, a highly influential open-source silicon project designed to provide a “hardware root-of-trust.” In modern computing, a root-of-trust is a foundational security element—typically a chip-level component—that serves as the ultimate source of truth for all secure operations, including encryption, identity verification, and secure boot processes.

The security benefits of an open approach are twofold. First, openness allows for “many eyes” on a design. an active community of researchers can inspect, stress-test, and verify the silicon architecture, making it significantly harder for hidden vulnerabilities or “backdoors” to persist. Second, it simplifies the complex process of regulatory compliance. When the design is transparent and verifiable, proving to regulators that a device meets specific security standards becomes a much more straightforward endeavor.

Beyond current security needs, Pavona’s starting kit includes critical extensions to the OpenTitan design to address the looming threat of quantum computing. These extensions incorporate efficient, post-quantum cryptography (PQC) designed to protect data against the future capabilities of large-scale quantum computers. This proactive approach addresses a growing global concern: the “harvest now, decrypt later” strategy, where malicious actors collect encrypted data today in hopes of breaking it once quantum technology matures.

Three Pillars Driving the Shift to Open Silicon

The transition toward open-source silicon is not merely a philosophical preference; it is being driven by three powerful, converging market and regulatory forces.

• The AI Infrastructure Boom: The explosion of generative AI has created an insatiable demand for specialized silicon. While much of the headlines focus on high-end GPUs, the entire ecosystem—including networking cards, specialized security controllers, and management chips—is under pressure to scale rapidly and cost-effectively.
• Post-Quantum Regulatory Mandates: Governments worldwide are beginning to legislate the transition to quantum-resistant security. Both the United States and various European bodies have established timelines and frameworks aiming for widespread post-quantum security adoption by the end of 2030.
• The European Cyber Resilience Act: New regulatory requirements, specifically the European Cyber Resilience Act (CRA), are introducing strict security verification and reporting obligations for any digital product sold within the European market. This mandate forces manufacturers to provide higher levels of transparency regarding their hardware and software security lifecycles.

As Rizzo noted, these three factors create a “perfect storm” that makes the adoption of secure, open-source silicon an economic and regulatory necessity rather than an optional luxury.

Solving the Integration Puzzle: The Architectural Composition Engine

One of the most significant technical hurdles in hardware adoption is the “software stack” problem. Traditionally, if a company switches to a new hardware architecture, they must also rewrite vast amounts of low-level software to communicate with that new silicon. Pavona addresses this via what Rizzo’s team calls an “architectural composition engine.”

This engine acts as a sophisticated software wrapper around the hardware, facilitating seamless interaction between different types of computing cores, such as ARM or RISC-V. By providing this abstraction layer, Pavona allows companies to integrate open hardware components into their existing architectures without the prohibitive cost of completely overhauling their software ecosystems. This “plug-and-play” capability is essential for making open hardware commercially viable for established tech giants and agile startups alike.

Governance: Avoiding the “Hallway Decision”

A recurring criticism of large-scale open-source projects is the fear of “gatekeeping”—the idea that a few powerful entities might make unilateral decisions that benefit themselves at the expense of the broader community. To combat this, Pavona has implemented a governance structure modeled after successful software projects like Yocto.

The structure creates a clear separation between managerial oversight and technical direction. While contributing-member companies hold representation on Pavona’s governing board to manage the ecosystem’s strategic direction, an independent technical committee is responsible for making high-level technical decisions. This separation is intended to ensure that technical standards are decided through consensus and transparent discussion, rather than “decisions made in a hallway” by a dominant stakeholder.

Frank Nagle, a research scientist at MIT and advising chief economist at the Linux Foundation, emphasizes that this transparent governance is vital for scale. He notes that for open-source technologies to achieve mass adoption, users must feel confident that the technology won’t be hijacked or controlled by a single vendor.

The Economic Logic: Commodity vs. Differentiator

The economic argument for Pavona rests on a concept Nagle describes as the “car seat button” analogy. In the automotive industry, features like power seats are necessary for a modern vehicle, but they are rarely the primary reason a consumer chooses one brand over another. They are “commodity” features—essential, but not a differentiator.

Security chips fall into this same category. Every piece of modern hardware requires robust security, but very few companies make security their primary product. By collaborating on the “commodity” aspects of security hardware through an open ecosystem like Pavona, companies can save massive amounts of R&D capital. This allows them to focus their resources on the specialized, high-value implementations that actually differentiate their products in the marketplace.

This collaborative model could make the current AI boom more economically sustainable, reducing the astronomical costs associated with developing custom security silicon for every new niche application.

As Pavona begins its rollout, the tech industry will be watching to see if this modular approach can truly break the proprietary grip on silicon design. The next major checkpoint for the ecosystem will be the formal integration of further hardware modules into the Pavona starting kit, as the consortium seeks to expand its library of verified, open designs.

What do you think about the move toward open-source hardware? Could this solve the growing security concerns in the AI era? Let us know in the comments below and share this article with your network.