I’m Somesh Singh — an embedded software engineer specializing in hardware-rooted security for connected devices.
Most of my work sits at the intersection of three things: ARM Cortex-M and Cortex-A platforms, Trusted Firmware and TrustZone-based architectures, and the operational discipline of building production-grade reference designs that global OEMs adopt for their own products.
I work at Microchip Technology, where I architect secure firmware for IoT and EV charging platforms, drive security enablement using hardware Secure Elements and PKI, and serve as the security subject matter expert across the team. Recent work includes contributing to $20M+ in EV Charger reference design wins, and leading the migration from software certificates to hardware Secure Element-based key provisioning — which delivered a 95% reduction in critical vulnerabilities on the platform.
Why this site exists
There’s a lot of embedded security content online that’s either vendor marketing or beginner tutorials. Less of it sits in the middle — the kind of content that explains why things are designed a certain way, what the failure modes look like, and what gets glossed over in datasheet claims.
This site is my attempt at that middle space. The posts here cover secure boot, Trusted Firmware (TF-M / TF-A), TrustZone, OP-TEE, Hardware Root of Trust, and the practical realities of building products that hold up under actual threat models.
The projects here are personal explorations on publicly available reference platforms — NXP MCXN947, STM32, NVIDIA Jetson, Raspberry Pi — and do not represent the views or work of my employer.
What you’ll find here
- Writing — long-form technical posts on embedded security, secure boot, HRoT, and ARM platform security
- Projects — open-source explorations of TF-M, OP-TEE, secure boot, and TEE-based architectures on real hardware
- Now — what I’m currently working on
Get in touch
- Email — somesh@codetocore.com
- GitHub — github.com/singh-somesh
- LinkedIn — linkedin.com/in/singh-somesh/
If you’re working on embedded security architecture, Hardware Root of Trust, or anything in this space and want to compare notes, I’d genuinely like to hear from you.