alexei-zaripov

C/C++ performance pitfall: int8_t, aliasing and the ways out

When I was working on a generic port of Google's hashmap to C, I wrote a function that (ignoring irrelevant parts) looked like this:

typedef struct {
    uint8_t *bytes;
    size_t len;
} bytebuf;

karalabe

Publicly auditable YubiHSM

Disclaimer: This is not an article with a beginning, a middle and an end for public consuption, rather a personal memo I figured I'd publish if anyone else finds it useful.

Background: I've got a genomic project (Bsky: @dark.bio, X: @dark_dot_bio) requiring secure-boot signing keys and API server identity certs/keys.

I've chosen YubiHSMs to be my roots of trust, because I don't want to mess up key handling myself; and because I want to have a public audit trail of what I've signed to soft-prove non-malice. This guide is my personal memo on how to onboard a YubiHSM into my project in a way that makes the audit logs (mostly) publicly verifiable.

Onboarding the device