Post-Quantum Cryptography (PQC) has been an intense research endeavor for many years, and recently the first three algorithms have been accepted as standards by the US-based National Institute for Standards and Technology (NIST). However, for mobile device integrity and identity protection the availability of the algorithms proper is still not sufficient for deployment. Embedded devices produced for the consumer market today must be expected to outlive the expected cryptographic transition from non-resistant to resistant algorithms, despite that the current ecosystems for device authentication and integrity are still firmly rooted in the use of e.g. RSA and ECC. This work studies one opportunity for deploying a device today (with secure boot and device authentication services) using classical algorithms, but furnishing it also with enough PQC to allow for the device to be migrated, at a later time, into a state where it relies on PQC for its protection. We show that current device hardware security does not immediately lend itself to a straight-forward application of two parallel cryptographic schemes, and as a remedy we propose a PQC split-key solution that allows for security restoration, i.e., a migration activity that reliably re-establishes the device security properties.