As others have said. Hashicorp Vault with HSM
Does anyone have any guidance on best practices for keeping firmware signing keys secure in CI/CD processes? Such as automated firmware builds.
-
-
-
Ok - but how do you authenticate to this?
- Još 3 druga odgovora
Novi razgovor -
-
-
We were working on a solutions once but gave up. The main idea was that the allowed enduser authenticates against a HSM with his MFA (in our case Client Certificates on a Token) when he wants to have a signed build. We end up with an isolated signing station.
-
Yeah. If there was some kind of vendor recommended solution, or if secure boot supported it, then an automated mechanism could work. As it stands, it's just too much attack surface for a single device maker.
- Još 3 druga odgovora
Novi razgovor -
-
-
Yes, we can do that w
@digitalrebar workflow IaC. Self-serv trial or DM if you want deets -
I'll DM you on Monday. Please chase if I don't.
Kraj razgovora
Novi razgovor -
-
-
1/ Solution on aws and gitlab: 1.create a new kms and encrypt your key with it in ssm. 2.Have a gitlab Runner assigned to your repo only(not a group runner) with only iam privileges to access this kms and this ssm. 3. secure the repo. 4. Now your Pipeline can access this key
-
3/ or to detect too frequent access or even compare the number of CI runs with the number of key accesses
- Još 1 odgovor
Novi razgovor -
-
-
I would likely go with multiple isolated deterministic build systems that each sign with their own key. Have an HSM with a custom functionality module that would only sign with its key if it sees a signature from each build system for the same hash.
-
That's a cool idea! I like it. I would also fuck up implementing it :)
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.