Blog  >   Device Trust   >   Meet NanoROOT: A Software Root of Trust for All Devices
Device Trust 09-29-2025

Meet NanoROOT: A Software Root of Trust for All Devices 

 

Kevin Hilscher
Nanoroot Blog Hero

TrustCore SDK empowers developers to build secure, trusted devices. With NanoROOT, we’re extending that capability even further. NanoROOT is a software Root of Trust (RoT) that brings hardware-grade trust to devices—even those without TPMs, TEEs, or dedicated secure elements.

What is NanoROOT?

NanoROOT leverages Physically Unclonable Function (PUF) techniques to derive a unique, tamper-resistant cryptographic context directly from a device’s immutable hardware traits. With this, developers can: 

  • Create device-specific identities without requiring a hardware secure element. 

  • Manage keys for signing, encryption, and verification in a trusted environment. 

  • Seal and unseal data so that only the originating device can access it. 

  • Enable secure storage for protecting sensitive operations. 

NanoROOT brings hardware-grade trust to devices that lack TPMs, TEEs, or other dedicated secure elements.

Why this is exciting

NanoROOT doesn’t just extend the reach of TrustCore SDK—it opens up new possibilities for securing devices that were previously difficult or impossible to trust. By enabling software-based roots of trust, NanoROOT delivers three key advantages:  

  1. Expanded device coverage: Devices without built-in secure elements can now establish a software RoT. 
  2. Future-ready: With support for RSA, ECDSA, and ML-DSA algorithms, NanoROOT helps position devices for quantum-safe transitions.
  3. Developer-friendly: Available as part of TrustCore SDK with ready-to-run utilities for fast evaluation and integration. 

How developers can use NanoROOT

NanoROOT is available through TrustCore SDK APIs, making it easy to embed trusted operations into applications and devices. Developers can use it to:

  • Manage keys: Generate, import, and use cryptographic keys in a context that is tied to the device itself, ensuring they cannot be cloned or misused outside their origin.

  • Protect data: Seal and unseal sensitive information so that it remains accessible only to the specific device that created it.

  • Perform signature operations: Execute signing and verification using a unique, device-derived cryptographic context, providing assurance that operations are genuine.

  • Enable secure identity for legacy devices: Extend trust to brownfield or legacy deployments that lack secure elements, giving them a reliable way to participate in modern security ecosystems.

Why this matters

Every device tells a story. With NanoROOT, that story begins with a root of trust foundation built openly, developed collaboratively, and designed for the future of device trust. 

To explore what this means for your projects, visit the TrustCore SDK Developer site, and dive into the TrustCore SDK GitHub repo to start building with NanoROOT today.

Related Stories 

Featured Stories

blog url
Certificate Management05-16-2025

TLS Certificate Lifetimes Will Officially Reduce to 47 Days

blog url
2026 Predictions Hero
Digital Trust12-04-2025

The Evolution of Trust: 
Security 
Predictions
for 2026

blog url
Warsaw Blog CABF Hero
CA/Browser Forum11-20-2025

Insights from the CA/Browser Forum’s
Warsaw Discussions

Subscribe to the blog

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.