🧠Technical Breakdown

For a deeper dive in the tech underneath.

This page details a high level summary. Click here for the full article.

Key Security Features:

  • Secure Boot Process: Only pre-authorized firmware, kernel, and application versions can access the identity key controlled by the TPM.

  • Unikernel Approach: BONKbot’s KMS uses a custom, minimal Linux kernel combined with the KMS application to reduce the attack surface.

  • Remote Attestation: The TPM verifies that only authorized KMS applications are running in a secure state.

  • Encrypted Master Key: The KMS master key is encrypted and can only be decrypted by authorized systems using their identity key.

  • Process Isolation: The central Signer process has no direct network access and only communicates via the Message Bridge, minimizing attack vectors.

  • Ephemeral Key Handling: User private keys are decrypted only in memory for the duration of the signature calculation, reducing the exposure to memory-based attacks.

  • 2FA Protection: Sensitive actions such as private key exports and withdrawals are further secured by 2FA.

PreviousThe Signer OverviewNextUser Benefits and Rollout

Last updated