The Audit covers a simple on chain fee program and a more expansive set of WASM modules as part of our new Signer release.
Signer Overview
The system uses a custom hardware and software implementation, combining a Hardware Security Module (HSM) with Trusted Platform Modules (TPM) on dedicated server hardware. It's a non custodial, fast signing and key management software. Key security features include:
Secure boot process: Only pre-authorized firmware, kernel, and application versions can access the identity key controlled by the TPM.
Unikernel approach: A custom, minimal Linux kernel and KMS application are combined into a single binary, reducing attack surface.
Remote attestation: TPM features allow verification that only authorized KMS applications are running in an approved state.
Encrypted master key: The KMS master key is shared across instances but only decryptable by authorized systems using their identity key.
Hardware isolation: Use of dedicated hardware with disabled remote management functionality enhances security.