<p>Rather than write the same document or tool 10 times and bill each client for it, we focus our unused retainer hours on open sourcing every document and tool we legally can, so we can focus our time with clients on their unique needs. If we are doing public work you would like to see more of, or that <i>almost</i> meets your needs, we would love to hear from you and figure out a path to see your needs met.</p>
<p>An opinionated and modular toolchain for generating and managing a wide range of cryptographic keys offline and on smartcards from a shared bip39 mnemonic phrase..</p>
</div>
</div>
<divclass="flex-container-inner">
<ul>
<li>BIP39 style key derivation from OS or hardware entropy</li>
<p>Minimalism and security first repository of reproducible and multi-signed OCI images of common open source software toolchains full-source bootstrapped from Stage 0 all the way up.</p>
</div>
</div>
<divclass="flex-container-inner">
<ul>
<li>Fully verifiable and deterministic build toolchain</li>
<li>Deterministic packages of commonly used software (rust, go, openssl, curl and many more)</li>
<li>Flexible drop in replacement for existing software</li>
<p>A minimal, immutable, and deterministic Linux unikernel build system targeting various Trusted Execution Environments for use cases that require high security and accountability.</p>
</div>
</div>
<divclass="flex-container-inner">
<ul>
<li>Immutable: Root filesystem is a CPIO filesystem extracted to a RamFS at boot</li>
<li>Hardened: No TCP/IP network support, most unnecessary kernel features disabled and follows <ahref="https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project"target="_blank"rel="noopener noreferrer">Kernel Self Protection Project</a> recommendations</li>