"FIDO Device Onboard: Zero-Touch Provisioning for Secure IoT Fleets"
This book is for security engineers, IoT platform architects, and operations leaders who have felt the pain of "first boot" at scale: devices that arrive drop-shipped, untrusted networks, fragmented supply chains, and no safe way to bind ownership without manual handling. FIDO Device Onboard (FDO) is the missing link—late binding with auditable authorization—and this guide treats it as a production system, not a lab protocol. If you build or run fleets measured in thousands to millions, it's written for you.
You'll learn how FDO's roles and trust boundaries shape every design decision, why Ownership Vouchers are the central authorization primitive, and how rendezvous enables discovery without pre-binding. The book drills into TO0/TO1/TO2 end-to-end—what must be verified, what can fail silently, and how to harden implementations for idempotency, recovery, and observability. It then moves into real deployment architecture: multi-tenant boundaries, regional scale and SLOs, and clean integration contracts that hand off TO2 outputs into IoT management platforms for enrollment, policy, and lifecycle control.
Expect deep coverage of cryptographic prerequisites, key custody trade-offs (TPM/secure element vs software keys), threat modeling across supply chain and network adversaries, and explicit residual risks with compensating controls. The final chapters turn knowledge into runbooks: diagnostics, recovery playbooks, interoperability testing, and release engineering to prevent protocol drift across spec versio
