Skip to content

Instantly share code, notes, and snippets.

View RagnaCron's full-sized avatar
😁

Manuel Werder RagnaCron

😁
7 followers · 17 following
View GitHub Profile
@RagnaCron
RagnaCron / yubihsm-post.md
Created December 6, 2025 13:04 — forked from karalabe/yubihsm-post.md
Publicly auditable YubiHSM logs

Publicly auditable YubiHSM

Disclaimer: This is not an article with a beginning, a middle and an end for public consuption, rather a personal memo I figured I'd publish if anyone else finds it useful.

Background: I've got a genomic project (Bsky: @dark.bio, X: @dark_dot_bio) requiring secure-boot signing keys and API server identity certs/keys.

I've chosen YubiHSMs to be my roots of trust, because I don't want to mess up key handling myself; and because I want to have a public audit trail of what I've signed to soft-prove non-malice. This guide is my personal memo on how to onboard a YubiHSM into my project in a way that makes the audit logs (mostly) publicly verifiable.

Onboarding the device

@RagnaCron
RagnaCron / Makefile
Created May 14, 2022 09:44 — forked from dnknth/Makefile
Prepare an SD card with Alpine Linux for a Raspberry Pi
# Prepare an SD card with Alpine Linux for a Raspberry Pi
# See: https://wiki.alpinelinux.org/wiki/Raspberry_Pi
# Editable configuration
DISTRO = alpine
# ARCH = armhf
ARCH = aarch64
MAJOR_VERSION = 3.9
MINOR_VERSION = 2
@RagnaCron
RagnaCron / .bash_profile
Created June 15, 2021 18:49 — forked from natelandau/.bash_profile
Mac OSX Bash Profile
# ---------------------------------------------------------------------------
#
# Description: This file holds all my BASH configurations and aliases
#
# Sections:
# 1. Environment Configuration
# 2. Make Terminal Better (remapping defaults and adding functionality)
# 3. File and Folder Management
# 4. Searching
# 5. Process Management