Jump to content

Translations:Lanzaboote/9/en

From Official NixOS Wiki
Revision as of 22:24, 9 December 2025 by FuzzyBot (talk | contribs) (Importing a new version from external source)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In the future, Lanzaboote will offer two new signature backends: remote signing (an HTTP server which receives signature requests and answers with signatures) and PKCS#11-based signing (that is, bringing an HSM-like device, e.g. YubiKey, NitroKey, etc.).

⚠︎
Warning: Key management is a hard problem which is out of scope for Lanzaboote project, many recipes exist and there is no single perfect solution. Taking the time to learn how to key manage and figure out the right level of threat protection is crucial to achieve an effective boot protection.
Retrieved from "https://wiki.nixos.org/w/index.php?title=Translations:Lanzaboote/9/en&oldid=28955"