# Signing

Real signing keys never live in this repository. This directory holds:

- **`KEYS.md`** (to be created) — public key fingerprints, key purposes, key ceremony summaries
- **Public keys** — `.asc` / `.pem` exports of public halves
- **Verification documentation** — how a third party reproduces our build and verifies our signatures

## Key inventory

See [`../../docs/trust-model.md`](../../docs/trust-model.md) for the complete trust model.

| Key | Purpose |
|---|---|
| SilverMetal Release | Signs ISO/ROM/installer artefacts |
| SilverMetal Update Channel | Signs OTA / apt updates |
| SilverMetal MOK (Linux Secure Boot) | Our Machine Owner Key |
| SilverMetal AVB (Android verified boot) | Android verified-boot key |
| SilverMetal Code Signing — per-platform | OS-specific code-signing certs |

## First key ceremony

To occur at milestone 1.9 (update server + signing ceremony) per the roadmap. Procedure documented in advance and reviewed by SilverLABS leadership before execution.