Posts

TF-M vs TF-A — When Do You Reach For Which?

TF-M lives on Cortex-M with SAU and NSC veneers. TF-A lives on Cortex-A with EL3 and BL1/BL2/BL31. Pick by the silicon, not by preference.

March 17, 2026 · 2 min

Do I Need a Secure Element If My MCU Has a Crypto Accelerator?

Why a hardware accelerator and a secure element aren’t substitutes for each other, when one is enough, and when you actually want both.

March 15, 2026 · 2 min

Is SysTick Accurate Enough for Microsecond Timing?

What SysTick gets right at microsecond resolution, what bites you, and when to reach for a hardware timer instead.

March 12, 2026 · 2 min

What TrustZone-M Adds to Your Build

A walk through what TrustZone-M adds to a build: two projects, two memory maps, SAU configuration, the veneer region, and signed images. None of it is gratuitous.

December 3, 2025 · 5 min

Why Does My Code Work in Debug But Break in Release?

The four usual suspects when code works at -O0 and breaks at -O2, in the order to check them.

September 23, 2025 · 2 min

Hardware Root of Trust: What It Actually Means

Hardware Root of Trust is one of the most-used and least-understood terms in embedded security. What it is, what it isn’t, and how to tell whether a product genuinely has one.

June 17, 2025 · 7 min

Why Your Secure Boot Probably Isn't Actually Secure

Most secure boot implementations look fine on paper but fail under realistic threat models. Eight common pitfalls — and what fixing them requires.

May 10, 2025 · 10 min

What Actually Happens Before main() Runs?

The six things that happen between reset and main() on a typical Cortex-M, in order, and what goes wrong at each stage.

May 3, 2025 · 2 min