top of page
Modern City


LAAVAT Cloud Solution

LAAVAT offers a cloud solution to centrally manage cryptographic keys, identities, and operations to protect IoT devices across the lifecycle and provides the following main functionalities:

  • Device key & PKI hierarchy Management: Automated creation of the IoT device-specific keys for secure boot, firmware signing, encryption, and the PKI hierarchies. Supports widely used application processors from silicon vendors such as NXP, including i.MX6 and i.MX8 series, Xilinx, including Ultrascale+ MPSoC and Nordic Semiconductor

  • Image Signing and Encryption: Centrally managed Solution to sign, encrypt and package firmware images. It also supports signing Windows binaries, Linux packages, Java, etc.

  • Manufacturing Security: Enabling the programming station to access the centrally managed device-specific cryptographic material such as encryption keys and OEM-specific fuse map. Providing access to the cryptographic operations needed during manufacturing, such as the creation of strong device identities, signing device-specific manufacturing data

  • Additional Features supported: Short-lived device identities during onboarding and actual use for IoT devices. PKI with REST and EST interface support for additional use cases such as LwM2M protocol-based device management solutions

Our Solution is offered as a fully managed service in AWS, or 

our customers can host the Solution with maintenance and support provided by us.

LAAVAT Services

Product suppliers of Industrial automation and control system components use our services to understand their current state and do a gap analysis against the relevant technical security requirements specified in IEC 62443-4-2.


We also help further to fulfill technical security requirements, utilizing the LAAVAT solution, application processor security capabilities, and integrating embedded open-source security components into the devices. This enables security features, such as:


•Secure Boot with bootloaders, for example, U-Boot

•Secure firmware update

•Trusted Execution Environment, for example, OPTEE

•Device hardening by disabling, for example, JTAG and serial console

To learn more about the LAAVAT offering, check out our whitepaper. 

bottom of page