Over 80% of IoT devices ship without authentication or encryption. When hackers find one of these devices, the consequences can be catastrophic. To address these risks, this talk will explain authentication and encryption features needed to secure operating systems for IoT devices. Approaches to securely manage secret keys needed for authentication and encryption, keeping in mind high volume manufacturing, will be outlined. An example, available as open source, will be shown based on Linux using security features in an NXP processor.