Raef Coles is a firmware and low-level security engineer with 12 years' experience, currently implementing secure processing environments for M-class Arm processors on Arm's TrustedFirmware-M team. He specialises in cryptographic implementations, side-channel and fault-injection countermeasures, and space-constrained bootloaders, balancing practical production constraints with rigorous security design. His upstream open-source work includes the first commercial-grade Leighton–Micali Signature (LMS/LMOTS) implementation in Mbed TLS and hardening of mcuboot's critical boot path against fault attacks. He has also developed an advanced two-stage ROM bootloader and an open-source fault-mitigation primitives library with a simulator presented at Virtual Linaro Connect. Comfortable with reverse engineering hardware, he implemented drivers for security accelerators such as the Arm CryptoCell-312. Based in Bristol, he combines academic grounding from a Bristol MEng with hands-on open-source contributions that influence widely used embedded security projects.
12 years of coding experience
Master of Engineering - MEng, Computer Science, Master of Engineering - MEng, Computer Science at University of Bristol
Contributions:14 reviews, 9 commits, 4 PRs in 1 year 4 months
Contributions summary:Raef primarily contributed to the secure boot process for microcontrollers within the mcuboot repository. They hardened the critical path against fault attacks by introducing mitigation measures to validate images. The commits demonstrate expertise in areas such as image validation, security counter measures, and firmware upgrade processes, which are core to the repository's functionality. The contributions involved modifications to critical boot-related source code.
An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
Role in this project:
Back-end Developer
Contributions:65 reviews, 103 commits, 4 PRs in 2 years
Contributions summary:Raef primarily worked on implementing and documenting post-quantum cryptographic algorithms within the mbed TLS library. Their contributions included the addition of the LMS (Leighton-Micali Signature) and LMOTS (Leighton-Micali One-Time Signature) implementations, alongside necessary supporting functions. The user also refactored and updated the existing documentation to describe the use and context of the new cryptographic algorithms, making them a key contributor to the post-quantum security features of the project. Furthermore, the user moved to utilize PSA (Platform Security Architecture) hashing for the LMS and LMOTS to improve performance.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.