2025-09-30 –, Gallery
Signstar is a system for the creation of digital signatures, in which a central host provides access to a Hardware Security Module.
The Signstar host serves as an enclave with very restricted access and is based on a custom, image-based OS named Signstar OS.
Since 2024 several developers are working on the Signstar system, which is meant to provide a dedicated solution for the automated digital signing of OS artifacts for Arch Linux.
The central host in this setup is running a custom, image-based OS named Signstar OS.
It is created with the help of mkosi and provides a TPM encrypted partition for some intermediate state.
This talk gives an overview of some of the design choices and operational hurdles of the system and its ongoing operation.
I am a freelance software developer working on Arch Linux.
I am interested in and work on projects related to digital signatures, automation and package management.