All Systems Go! 2025

Signstar OS images and updates
2025-09-30 , Gallery

Signstar is a system for the creation of digital signatures, in which a central host provides access to a Hardware Security Module.
The Signstar host serves as an enclave with very restricted access and is based on a custom, image-based OS named Signstar OS.


Since 2024 several developers are working on the Signstar system, which is meant to provide a dedicated solution for the automated digital signing of OS artifacts for Arch Linux.

The central host in this setup is running a custom, image-based OS named Signstar OS.
It is created with the help of mkosi and provides a TPM encrypted partition for some intermediate state.

This talk gives an overview of some of the design choices and operational hurdles of the system and its ongoing operation.

I am a freelance software developer working on Arch Linux.

I am interested in and work on projects related to digital signatures, automation and package management.

This speaker also appears in: