Security of IoT systems is often weak or absent, resulting in systems being compromised. We present the seL4 Core Platform, an operating-system framework that leverages the formally verified security enforcement of the seL4 microkernel to enable the construction of secure-by-design IoT systems, and even enables an incremental cyber retrofit of existing systems. The framework is designed to make its formal verification tractable. An initial evaluation shows that for performance-sensitive highthroughput networking, the platform significantly outperforms Linux.