Niels Möller via Sigsum-general <sigsum-general(a)lists.sigsum.org> wrote
Tue, 04 Apr 2023 11:07:30 +0200:
Hi, I wrote up some notes and ideas on how to do
backups of private
keys, which is needed for sigsum primary-secondary failover.
I would hope the way I propose (if it actually works) could be
implemented on a Tillitis key. I have no idea if something like that is
supported by yubico hsm, but I think Linus is investigating.
comments and feedback appreciated.
The YubiHSM does have key wrapping, but only using symmetric keys for
wrap keys. I've heard that this might change but nothing confirmed.
What we will probably do in System Transparency, for signing an UEFI
shim using a key on a YubiHSM, is to expose the (secret behind) the
symmetric wrap key briefly to the computer used for provisioning the
YubiHSM devices in order to generate the same wrap key on a second
YubiHSM device and cross our fingers that the computer in question is
not too severely compromised. Whether to expose the secret to /dev/shm
and a shell, or to wayland/x11 and its clipboard buffer is something to
ponder. Probably doesn't matter at all.