You could, but TPMs don’t support the algorithms that is needed.
There are some projects to make it run with a TEE (Validating Lightning Signer) but I want to fully store the key inside a custom secure element.
Discussion
Let me guess you want to run your CLN on an untrusted cloud provider?
no, just because I can
This whole HSM thing reads like what Hashicorp Vault does but with hardware instead of shamir secrets.
It is, but it being actual SE hardware is the hard part
I want one now. Or I wanted one before I checked the price on the yubikey offer. This tiny thing costs more than 1000 euros lmao.
That is actually just a $2 SE, some software and a USB interface.
And it doesn’t support the required crypto needed for this. There’s a reason I said *programmable* secure element.
