That's not all of what an HSM is. Or should be. The beefier ones come with rf shielding to prevent bad guys from trying to reduce the key search space by listening to EM energy coming out of the box. And active key zeroation if it thinks you're trying to drill through the epoxy surrounding the crypto boundary.
>And active key zeroation if it thinks you're trying to drill through the epoxy surrounding the crypto boundary.
Or passive! Probably it wasn't a real product but I recall reading about one that derived its key from the field generated by randomly arranged magnetic particles in the resin, or something like that. The point was to make it impossible to disturb the resin without altering the key.
Is it technically possible (and/or wise) to duplicate the key across multiple HSMs running in parallel? I'm guessing if you have a super massive CDN like Apple or Meta this is a necessary thing.
