Locking Down Every Device Before It Leaves the Factory

A UK manufacturer of domestic IoT devices needed to protect its IP and its users — cryptographically, at production scale

Discuss Your ChallengeContact us

About the customer

This company is a household name in the UK. They design and manufacture domestic IoT devices that are sold worldwide and used in millions of homes. Their products sit at the intersection of consumer hardware, embedded software, and cloud connectivity. They operate in a highly competitive market where the difference between a genuine product and a cheap imitation can be hard for a consumer to spot — which means protecting the technology inside the device matters as much as the hardware design itself.

The challenge

Two distinct risks drove this engagement. The first was intellectual property. Competitors can buy a device, take it apart, and try to extract and replicate what they find. Years of engineering and proprietary software sits in each product. The manufacturer needed that IP to be genuinely protected, not just difficult to copy.

The second risk was user security. As devices connect to home networks and cloud services, the software running on them matters. A device that can be made to run firmware it wasn't supposed to run — whether through a supply chain attack, a compromised update, or direct manipulation — poses a real risk to the people using it in their homes. The manufacturer needed every device to boot from a verified, legitimate baseline with no exceptions.

The technical work

We designed and built a complete PKI infrastructure and a secure boot chain covering the full boot sequence. From the initial power-on stage, through the BIOS equivalent for IoT devices, through OS initialisation and kernel load, through the full operating system boot and user stack, all the way to the device connecting to a network. At every stage, software is cryptographically signed and verified. If the signature isn't right, the device won't run it.

The secure boot chain ensures that the software a device loads is certified, signed and verified all the way up the chain — from initial boot to the moment it connects to the user's network.

Threatplane engagement lead

The PKI had to work at manufacturing scale. Devices come off the production line in high volumes. The certification process needed to be fast and lean enough that it didn't slow the line. We built it to handle that load without introducing bottlenecks, and tested it against the realities of a factory environment rather than an ideal lab setup.

Embedded across the teams

Alongside the PKI and secure boot work, we embedded into several of the manufacturer's DevOps teams. That spanned mobile apps, cloud APIs, shared infrastructure, and the systems connecting cloud to manufacturing facilities. Across all of it, we provided security oversight on the code and designs being produced — ensuring that what ships is secure from the first line of code to the moment a user plugs the device in at home.

Read more about this
In this article
1About the customer2The challenge3The technical work4Embedded across the teams

Customer Perspective

"The technical depth Threatplane brought to the PKI and secure boot implementation was exceptional. They understood both the security requirements and the manufacturing realities, and delivered something we could actually deploy at scale."

Head of Product Security, UK IoT Manufacturer

Security built into the product, not bolted on afterwards

Whether it's embedded systems, cloud infrastructure, or the development teams building them, we bring security expertise that goes all the way down.

View All Case Studies