!agkXCfUrgbadYlQXRj:kack.it

NixOS + TPMs

137 Members
39 Servers

Load older messages


SenderMessageTime
12 Dec 2024
@baloo_:matrix.orgbalooyeah, looks like you figured out a bunch of options in a bunch of very useful tools04:19:05
@numinit:matrix.orgMorgan (@numinit) Basically, yeah. 04:19:18
@baloo_:matrix.orgbalooI guess you ended up full of yak hair after doing that04:19:21
@baloo_:matrix.orgbaloo(thanks for doing that)04:19:45
@baloo_:matrix.orgbalooor full of weeds I guess04:19:57
@numinit:matrix.orgMorgan (@numinit)yeah, pretty much - declarative definition of yubikeys is pretty cool at least04:19:58
@numinit:matrix.orgMorgan (@numinit)though I completely understand why wo one supported PKCS11 now - it's a pain in the @$$04:20:50
@baloo_:matrix.orgbaloohave you had the delight to work HSM vendors already?04:20:55
@numinit:matrix.orgMorgan (@numinit)* though I completely understand why no one supported PKCS11 now - it's a pain in the @$$04:20:56
@numinit:matrix.orgMorgan (@numinit) ... yep. 04:21:10
@numinit:matrix.orgMorgan (@numinit)Different tools for everything04:21:21
@baloo_:matrix.orgbaloocondolences 04:21:23
@numinit:matrix.orgMorgan (@numinit)I'm surprised PKCS#11 can even generate keys04:21:48
@numinit:matrix.orgMorgan (@numinit)support apparently has been recently improving in general with AWS and Google's cloud HSMs04:22:19
@baloo_:matrix.orgbalooha yeah, the easy ones :D04:22:36
@numinit:matrix.orgMorgan (@numinit)when the standard says something is optional, no one implements it04:22:44
@baloo_:matrix.orgbaloowait until you use the thales or entrust ones :D04:23:02
@baloo_:matrix.orgbaloo(don't use entrust)04:23:09
@numinit:matrix.orgMorgan (@numinit)lol, qualcomm low level bringup has been my recent 😢04:23:27
@baloo_:matrix.orgbalooqualcomm makes HSMs?04:23:42
@numinit:matrix.orgMorgan (@numinit)not really, trusted environments on chip that are TPM "compatible" 04:24:08
@baloo_:matrix.orgbalooha yeah those04:24:23
@numinit:matrix.orgMorgan (@numinit)with as loose air quotes as Qualcomm deserves 04:24:29
@baloo_:matrix.orgbalooThis is next year project I think04:25:08
@baloo_:matrix.orgbaloolooking forward to that ><04:25:13
@numinit:matrix.orgMorgan (@numinit)that and plenty of Android (OEM) key attestation, which uses them and also completely stretches the definition of key attestation in a million ways 04:26:28
@numinit:matrix.orgMorgan (@numinit) asn.1 for days... 04:27:09
@numinit:matrix.orgMorgan (@numinit)fun fact:04:53:25
@numinit:matrix.orgMorgan (@numinit)PKCS#11 was created by OASIS, the same creators of standards as well designed and respected as.... SAML04:53:57
@numinit:matrix.orgMorgan (@numinit) 😬But at least they somewhat redeemed themselves with virtio. 04:54:25

Show newer messages


Back to Room ListRoom Version: 6