Jump to content

Translations:Lanzaboote/9/en

From Official NixOS Wiki

In the future, Lanzaboote will offer two new signature backends: remote signing (an HTTP server which receives signature requests and answers with signatures) and PKCS#11-based signing (that is, bringing an HSM-like device, e.g. YubiKey, NitroKey, etc.).

⚠︎
Warning: Key management is a hard problem which is out of scope for Lanzaboote project, many recipes exist and there is no single perfect solution. Taking the time to learn how to key manage and figure out the right level of threat protection is crucial to achieve an effective boot protection.
Retrieved from "https://wiki.nixos.org/w/index.php?title=Translations:Lanzaboote/9/en&oldid=28955"