Posts on CodetoCore

Hardware Root of Trust: What It Actually Means

Tue, 17 Jun 2025 00:00:00 +0000

Hardware Root of Trust is one of the most-used and least-understood terms in embedded security. A short, practical breakdown of what it is, what it isn't, and how to tell whether a product genuinely has one.

Why Your Secure Boot Probably Isn't Actually Secure

Sat, 10 May 2025 00:00:00 +0000

Most secure boot implementations look fine on paper but fail under realistic threat models. Eight common pitfalls — and what fixing them requires.

About

Mon, 01 Jan 0001 00:00:00 +0000

I’m Somesh Singh — an embedded software engineer specializing in hardware-rooted security for connected devices.

Most of my work sits at the intersection of three things: ARM Cortex-M and Cortex-A platforms, Trusted Firmware and TrustZone-based architectures, and the operational discipline of building production-grade reference designs that global OEMs adopt for their own products.

I work at Microchip Technology, where I architect secure firmware for IoT and EV charging platforms, drive security enablement using hardware Secure Elements and PKI, and serve as the security subject matter expert across the team. Recent work includes contributing to $20M+ in EV Charger reference design wins, and leading the migration from software certificates to hardware Secure Element-based key provisioning — which delivered a 95% reduction in critical vulnerabilities on the platform.