Silicon + architecture
Silicon shortlist (STM32, nRF, ESP32-C/S/H, EFR32, i.MX, RK35xx, TI Sitara), BOM cost and active/sleep power budgets, RTOS-vs-Linux decision, OTA architecture and security threat model before tape-out.
Services
Embedded Software & Firmware Development Services
Firmware that survives field deployment. We design and ship across the full embedded stack: bare-metal on Cortex-M0/M3, Zephyr RTOS and FreeRTOS on connected MCUs, Yocto / Buildroot Embedded Linux on Cortex-A and RISC-V application processors. MISRA C:2012 baseline, static analysis in CI, OTA with A/B rollback designed before silicon selection, BLE 5.x / Matter / Thread / LoRaWAN radio stacks, IEC 62304 for medical, ISO 26262 for automotive. Senior embedded engineers on CET with East-Coast US overlap. From 12,000 EUR/month per dedicated team; silicon-selection sprints from 35,000 EUR fixed.
Embedded products fail in the field because decisions made in the first six weeks — silicon choice, OTA architecture, security model, regulatory profile — are nearly impossible to undo at scale. We engage early. Silicon shortlist with BOM cost and active/sleep power budgets in week one. RTOS-vs-Linux decision tied to memory, real-time and field-update strategy. OTA designed before the first prototype because retrofitted OTA bricks fleets. Security threat model and SBOM produced in parallel for EU Cyber Resilience Act readiness. MISRA C:2012 enforced in CI from commit one, not bolted on the week before the IEC 62304 audit. We have shipped through Class B medical, ASIL-B automotive and SIL-2 industrial assessments — the deliverable is a product the regulator signs off on, not a slide deck.
What's inside an embedded engagement
RTOS firmware
Zephyr RTOS or FreeRTOS on Cortex-M / RISC-V, MCUboot for signed updates, BLE 5.x / Thread / Matter / LoRaWAN stacks, power-managed peripherals, bare-metal where battery dictates.
Yocto / Embedded Linux
Custom meta-layers built on silicon-vendor reference (meta-st, meta-imx, meta-ti, meta-rockchip), Yocto LTS (Kirkstone / Scarthgap), reproducible CI builds with sstate caching, vendor SDK for app team.
Safety + compliance
MISRA C:2012 in CI (PC-lint Plus / Cppcheck Premium / Coverity), IEC 62304 Class B/C for medical, ISO 26262 ASIL-B for automotive, IEC 61508 SIL-2 for industrial, full requirements traceability in DOORS / Polarion.
OTA + field reliability
A/B partitions with RAUC / Mender / SWUpdate on Linux, MCUboot dual-slot on RTOS, signed update bundles (ed25519 / ECDSA P-256), staged rollout (canary → 1% → 10% → 100%), failure recovery designed before unit one ships.
Connectivity stacks
BLE 5.x via Zephyr / SoftDevice, Matter over Thread or Wi-Fi (commissioned to CSA), LoRaWAN via Semtech LoRaMAC-node, NB-IoT / Cat-M1, Wi-SUN. FCC / CE RED / MIC pre-scan before tape-out.
Embedded toolchains we ship daily
Zephyr RTOS
FreeRTOS
Yocto (Kirkstone/Scarthgap)
Buildroot
U-Boot
Linux kernel + Device Tree
MCUboot
RAUC / Mender / SWUpdate
MISRA C:2012
PC-lint Plus
Cppcheck Premium
Coverity
IEC 62304
ISO 26262
IEC 61508
BLE 5.x / Matter / Thread
LoRaWAN / NB-IoT
CMake + Ninja
GDB + OpenOCD / J-Link
HIL test rigs
How an embedded engagement runs
-
01
Silicon + architecture sprint
Weeks 1–6: silicon shortlist with BOM and power budgets, RTOS-vs-Linux decision, OTA architecture, security threat model + SBOM, CRA readiness review, prototype on vendor dev board.
-
02
BSP + bootloader
Yocto meta-layer or Zephyr board port, U-Boot / MCUboot bring-up, secure-boot chain (root-of-trust in OTP/eFuse), HSM / TPM integration, first signed OTA delivered to dev hardware.
-
03
Application firmware
Drivers, radio stack integration, application logic, MISRA C enforced in CI, unit tests on host with mocked HAL, integration tests on HIL rig, weekly demo on real hardware.
-
04
Manufacturing + sustain
Manufacturing test fixtures, provisioning + key-injection workflow, EVT/DVT/PVT support, regulatory lab certification coordination (TÜV / Element / Eurofins), 12-month sustaining engineering retainer.
Engagement models
Architecture sprint
6–8 weeks, fixed. Silicon shortlist, RTOS/Linux decision, OTA architecture, security threat model + SBOM, CRA readiness, prototype on dev board, written technical case for tape-out. From 35,000 EUR fixed.
Dedicated embedded team
3-person pod (TPM + senior firmware engineer + Yocto/BSP engineer), scaling to add bootloader/security, EE liaison and HIL QA engineer. Weekly demo on hardware. From 12,000 EUR/month per team.
Sustaining engineering
Post-production OTA cadence, vulnerability response (CRA-aligned), Yocto LTS uplift, quarterly SBOM refresh, field-failure triage, regulatory re-cert support. From 6,500 EUR/month.
NDA, IP assignment and DPA aligned to GDPR signed before kickoff. Source, BSP and Yocto layers live in your repos from day one — contractual no-vendor-lock-out clause.
Selected work
Logistics · Last-mile · Mobile
xRouten
Android + iOS refactor and rebuild for a German last-mile logistics operator — multi-point route planning, real-time driver tracking and in-app invoicing live in the EU.
PropTech · Marketplace
ANT
Property marketplace web platform with listing CMS, search and B2B admin console for US and EU operators.
LegalTech · Mobile · CRM
Signatory Pro
Native iOS and Android e-signature clients with a Symfony + React CRM for a cross-border law firm — KYC onboarding and a defensible evidence trail for US & EU matters.
Why US & EU OEMs pick YuSMP for embedded
GDPR-aligned · ISO 27001 ready · SOC 2 Type II in progress · IEC 62304-experienced · ISO 26262-experienced · CRA-ready
Field-tested decisions
Every embedded engineer has shipped product through EVT/DVT/PVT and lived through field failures. Silicon, RTOS, OTA and security decisions are made by people who have paid the cost of getting them wrong.
EU CRA + data residency
EU Cyber Resilience Act readiness from day one: SBOM, vulnerability disclosure policy, security update commitment, threat model. EU customer data and telemetry land in eu-central-1 / eu-west-1 with Schrems II-aligned DPA.
Regulatory-ready
MISRA C:2012 in CI from commit one. IEC 62304, ISO 26262, IEC 61508 evidence prepared for the assessor, not invented the week before the audit. We have shipped through Class B medical, ASIL-B automotive, SIL-2 industrial.
For regulated devices we work alongside your QA / regulatory team with full traceability from requirements (DOORS or Polarion) through design, code, unit and integration tests — the assessor sees a paper trail, not a paper trail invented in retrospect.
Frequently asked questions
Bare-metal, RTOS or Embedded Linux — how do you choose?
Decision is driven by hardware budget, real-time requirements, regulatory profile and field-update strategy. Bare-metal (no scheduler) when you have a single tight control loop on a Cortex-M0/M0+, sub-kilobyte RAM, and battery life is the dominant concern — typical for sensors and BLE peripherals. Zephyr RTOS when you need a real-time scheduler, networking stack (TCP/IP, BLE, Thread, Matter), multiple concurrent tasks, but RAM budget is 32–512 KB and you want a Linux Foundation-governed project with long-term support. FreeRTOS for legacy stacks and where Amazon FreeRTOS / AWS IoT integration is required. Embedded Linux via Yocto (or Buildroot for smaller systems) when you have an application processor (Cortex-A / RISC-V), ≥64 MB RAM, need a full network stack, container runtime, or third-party libraries that assume POSIX.
Do you build Yocto Linux distros from scratch or use vendor BSPs?
Both, with strong preference for the latter as a starting point. We start from the silicon vendor's reference Yocto layer (meta-st-stm32mp, meta-ti, meta-imx, meta-nxp, meta-raspberrypi, meta-rockchip, etc.) and build a custom meta-layer for your product. Recipes are version-pinned to a Yocto LTS release (Kirkstone / Scarthgap), bitbake builds run reproducibly in CI (GitLab or GitHub Actions with sstate caching on S3 — without sstate caching a clean Yocto build is 90 minutes of pure CI cost). We deliver a SDK so your application team can cross-compile without touching the BSP, and we maintain the layer as part of the engagement.
MISRA C, IEC 62304, ISO 26262 — which standards do you actually deliver against?
MISRA C:2012 (with Amendment 3 directives) is our default static-analysis baseline on every embedded engagement — enforced via PC-lint Plus, Cppcheck Premium, or Coverity in CI with deviations documented and reviewed. For medical devices we deliver against IEC 62304 (software lifecycle for medical device software) with full traceability from requirements through design, code and unit/integration tests in DOORS or Polarion; we have shipped Class B and supported Class C audits. For automotive we work to ISO 26262 ASIL-B and contribute to ASIL-D safety cases under a functional safety manager. For industrial we handle IEC 61508 SIL-2. We do not self-certify — independent assessor sign-off is your audit body, we prepare the evidence.
How do you handle OTA updates and field reliability?
OTA is designed before silicon is chosen — late-stage OTA retrofits are how fleets get bricked. Embedded Linux uses A/B partitioning (RAUC, Mender, or SWUpdate) with atomic rollback on boot failure, signed update bundles (typically ed25519 or ECDSA P-256), and a delta-update mechanism for cellular-constrained devices. RTOS devices use MCUboot for secondary-slot updates with image signing and anti-rollback counters. Backend is your own or hyperscale IoT (AWS IoT Device Management, Azure Device Update for IoT Hub, Mender server). We design the staged rollout policy (canary → 1% → 10% → 100%) and the field-failure recovery path before first production unit ships.
BLE, Thread, Matter, LoRaWAN — what radio stacks do you ship?
BLE 5.x via Zephyr's stack on Nordic nRF52/nRF53/nRF54 and Silicon Labs EFR32, or SoftDevice when vendor-specific certifications require it. Matter (formerly Project CHIP) via the official open-source Matter SDK on Thread (OpenThread) or Wi-Fi transport — we have shipped commissioned Matter-over-Thread devices through CSA certification. LoRaWAN via the Semtech LoRaMAC-node stack on STM32WL or SX126x companion chips, with TTN / ChirpStack backends. Sub-GHz proprietary protocols (Wi-SUN, Z-Wave) where the use case justifies the BOM cost. We do regulatory pre-scan (FCC Part 15, CE RED, MIC) before tape-out and coordinate full lab certification with a partner (TÜV, Element, Eurofins).
What does pricing and team composition look like?
Dedicated embedded pod starts at 12,000 EUR/month — typical composition is TPM + senior firmware engineer + Yocto/BSP engineer, scaling up to add bootloader/security specialist, hardware EE liaison, and QA automation engineer with HIL (hardware-in-the-loop) test rig experience. For greenfield silicon-selection + architecture sprint we deliver fixed-fee from 35,000 EUR over 6–8 weeks: silicon shortlist with BOM cost and power budgets, RTOS-vs-Linux decision, OTA architecture, security threat model (SBOM + Cyber Resilience Act readiness), and prototype on a vendor dev board. Production hand-off includes manufacturing test fixtures, Yocto SDK, and CI release pipeline. Long-term sustaining engineering retainer from 6,500 EUR/month.