Device Attestation & Identity
Hardware root of trust anchored in TPM 2.0 or Secure Element silicon. ErlySign issues device certificates cryptographically bound to hardware — private keys never leave the chip.
Hardware-Backed Identity, End to End
TPM 2.0 Support
Full TPM 2.0 attestation flow: EK cert validation, AK creation, and PCR-bound quote generation. Works with discrete TPMs from Infineon, NTC, and ST.
Secure Element Support
ATECC608 (Microchip), SE050 (NXP), and SLB9670 (Infineon) support via embedded SDK. Key generation inside the SE — private key extraction is architecturally impossible.
Zero-Trust Device Onboarding
Devices present attestation evidence at first connection. ErlySign validates the hardware identity before issuing operational certificates — no pre-shared secrets required.
Attestation Chain Verification
Full certificate chain from silicon manufacturer root → device IK certificate → operational cert. Verifiable audit trail for every device in your fleet.
Build hardware identity into your devices
Start with ErlySign's attestation pilot — 100 devices, full attestation chain, at no cost.