November 10, 2025, 9:32pm 1

Our criteria for the CalyxOS signing solution were that it should be: available, affordable, secure, expandable, auditable, redundant, easy to access, and aligned to the mission of the Calyx Institute. These requirements were what led us to choose the HSM solution among available options. Specifically, we selected the YubiHSM2 based on our current urgent development requirements and resources as an interim solution while we evaluate and build out a long-term solution.

jonah (Jonah Aragon) November 10, 2025, 9:33pm 2

To keep our solutions consistent with a seamless transition in the future, we are ensuring that our keys are transferable both operationally and technically, and that CalyxOS users will not need to reflash their devices beyond the initial installation.

So they must also be storing the keys somewhere other than the YubiHSM2. Otherwise that would not be transferable. I wonder how that is secured.

Edit: TIL the YubiHSM has backup functionality. I guess that makes sense Backup and Restore with YubiHSM Backup Keys — YubiHSM 2 User Guide documentation

We would like to respond to concerns people have raised by confirming that CalyxOS hasn’t been compromised and the organization is directing significant resources to get it back on track.

Still wondering why it was off track to begin with though

JG November 10, 2025, 9:34pm 3

Atleast the project appears to still be alive. Let’s wait and watch I guess.

Thanks for sharing the update.