You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NitroHSM looks awesome, but currently it seems to be lacking basic Software Supply Chain integrity practices that would make it viable for use in environments with threat models that can't afford to risk trusting any single individual.
Given all the great steps you take to avoid physical supply chain attacks with tamper evident seals, it seems only logical to have a tamper evident software supply chain.
Some example practices that might close the gap:
Sign all commits with hardware-anchored PGP key that is easily validated to a real identity (keyoxide, etc)
Begin code review practices, where reviewer also signs merge commits or a signed tag with their own hardware backed PGP key
Have all firmware/containers build reproducibly with a full-source-bootstrapped toolchain
Shameless plug for Stagex though other options exist
Have release proposer sign artifact hashes, and release approver sign matching set
Support hardware anchored Remote Attestation that certifies the software hashes running on a NetHSM match expected reproducibly built, bootstrapped, and multi-signed artifacts generated from this repo.
The text was updated successfully, but these errors were encountered:
NitroHSM looks awesome, but currently it seems to be lacking basic Software Supply Chain integrity practices that would make it viable for use in environments with threat models that can't afford to risk trusting any single individual.
Given all the great steps you take to avoid physical supply chain attacks with tamper evident seals, it seems only logical to have a tamper evident software supply chain.
Some example practices that might close the gap:
The text was updated successfully, but these errors were encountered: