Providing security functions in an IoT device can comprise executing, by a TPM of the IoT device, a set of cryptographic functions. The set of cryptographic functions can comprise providing a secure unidirectional uplink from the IoT device to one or more communications networks. The set of cryptographic functions can also be executed by a second TPM to provide a secure unidirectional downlink from the one or more communications networks to the IoT device. The processor of the IoT device need not perform cryptographic functions and the processor of the IoT device and a memory of the IoT device can be outside of a secure boundary maintained by the first TPM and the second TPM. Cryptographic information to provide the secure unidirectional uplink and the secure unidirectional downlink can be exchanged between the first TPM and the second TPM.