Lessons from CalyxOS signing process redesign
Summary
CalyxOS explains their HSM-based signing redesign to improve security and auditable signing operations, covering criteria, toolchain changes, key wrapping, Shamir's Secret Sharing, and provisioning ceremonies. It provides a practical open-source approach with audits and future improvements.