Unless I'm misunderstanding the docs, seems that @Yubico's YubiHSM modules fall short at a crucial operation from being a truly auditable root of trust for a system. Specifically, you cannot prove that you didn't create a hidden copy of a private key. 🧵