”Why not virtual”¶
There are a few reasons for us to choose to have our own hardware.
1. Hardware HSM, the YubiHSM. Adding a hardware security module and then virtually connect it does not really make sense.
2. Tamper proofing, we check the micro connectors for the lid of the server. If the lid is opened during production, we unmount the ramdisk containing session keys etc.
3. Entropy, We need lots. We typically depend on a good hardware source (ex. Ivy Bridge) and feed/seed from that via rngd.