KEYRA sovereign trust
hsm.keyrakey.com operations
Operational modules
25
Attested devices
18,432
Policy decisions
42.7K/s
Audit integrity
100%
waiting for stream...
Hardware estate, CORE modules, topology, thermals, attestation, and replication.
EDGE-1U-ATL-0442
KEYRA HSM Edge - Atlanta POP
Zone US-COMM - 42C - live
SMB-1U-FRA-1881
KEYRA HSM SMB - Frankfurt
Zone EU-ENT - 39C - warm
ENT-2U-SIN-9017
KEYRA HSM Enterprise - Singapore DC4
Zone APAC-SOV - 44C - live
SOV-2U-ZRH-4100
Sovereign Cluster - Zurich
Zone CH-AIRGAP - 37C - windowed
Queues, tenant isolation, rate limits, audit stamping, and cross-site execution.
Tenant A banking
1,280 queued - p99 9.4 ms
hardware partition isolation
Sovereign CA
342 queued - p99 14.2 ms
air-gap window isolation
Telecom SIM auth
8,910 queued - p99 6.7 ms
POP local isolation
AI workload grants
628 queued - p99 12.1 ms
model-bound key isolation
RBAC, ABAC, Zero Trust, geo/time controls, AI boundaries, and deterministic enforcement.
RBAC operator role
18.2K/s - 3.1 ms
enterprise
ABAC geo/time lock
9.8K/s - 4.6 ms
sovereign
Zero Trust mTLS grant
14.7K/s - 5.2 ms
telecom
AI execution boundary
1.9K/s - 8.4 ms
AI governance
TPM EKs, serial mappings, firmware manifests, clone detection, quarantine, and revocation.
ENT-2U-SIN-9017
EK-91B7 - fw-ent-4.8.2
factory sealed
CORE-SOV-ZRH-441
EK-44A1 - fw-core-sov-2.1.0
M-of-N locked
EDGE-ATL-0442
EK-18C4 - fw-edge-3.9.8
shipment attested
SMB-FRA-1881
EK-77F2 - fw-smb-3.4.1
clone scan clean
Quorum, leader election, update waves, replication latency, and failover readiness.
US-COMM-Q7
Quorum 7/9 - leader ATL-0442
22 ms replication - ring 2
EU-ENT-Q5
Quorum 5/5 - leader FRA-1881
31 ms replication - ring 1
APAC-SOV-Q9
Quorum 8/9 - leader SIN-9017
windowed replication - frozen
CH-AIRGAP-Q3
Quorum 3/3 - leader ZRH-4100
offline replication - manual
Signed firmware, rollout rings, A/B partitions, attestation gates, and rollback prevention.
fw-ent-4.8.2
6,210 devices - ring 3
gated
fw-core-sov-2.1.0
918 devices - ring 1
ceremony
fw-edge-3.9.8
8,221 devices - ring 4
continuous
Signed evidence from sourcing to firmware injection, ceremonies, burn-in, tamper validation, and shipment.
Component sourcing
SIG-EVIDENCE-01
PCB manufacturing
SIG-EVIDENCE-02
Secure receiving
SIG-EVIDENCE-03
Firmware injection
SIG-EVIDENCE-04
M-of-N ceremony
SIG-EVIDENCE-05
Burn-in testing
SIG-EVIDENCE-06
Tamper validation
SIG-EVIDENCE-07
Shipment attestation
SIG-EVIDENCE-08
Anomaly overlays, firmware drift, unauthorized devices, supply-chain risk, and forensic playback states.
Firmware drift
EU-ENT - manifest mismatch
rollout paused
Signing anomaly
Telecom POP - queue burst
rate limited
Supply-chain exposure
BOM NIC - geopolitical risk
alternate vendor
Unauthorized device
US-COMM - unknown EK
quarantined
Rack, telecom, vault, and air-gap deployment operating modes.
42U sovereign rack
7.8 kW - cold aisle nominal
segmented
Telecom 5G edge POP
-48V DC redundant - NEBS envelope
subscriber-local
Enterprise vault zone
A/B feed - quiet acoustic
tenant isolated
Air-gapped ceremony room
offline UPS - manual review
export controlled
BOM exposure, supplier scorecards, RFP state, and lifecycle forecasting.
CPU - Vendor Alpha
US/EU - lead 18 weeks
Buffer 22 weeks
NVMe - Vendor Delta
JP/KR - lead 14 weeks
Buffer 16 weeks
PCB - Sovereign PCB Line
EU - lead 10 weeks
Buffer 20 weeks
HSM Enterprise Gen-2 chassis
4 vendors
engineering qualification
Sovereign rack deployment kit
3 vendors
compliance review
Hardware-bound AI identity, policy constraints, auditability, and execution lineage.
Keyra Ops Copilot
AI-MDL-OPS-01 - hardware bound
read-only recommend
Threat Interpreter
AI-MDL-THREAT-04 - attested enclave
analyst approval
Procurement Risk Agent
AI-MDL-SUPPLY-02 - tenant bound
no autonomous purchase
Sovereign operations mode
North America
enterprise + telecom
8 ms
European Union
GDPR sovereign
12 ms
Gulf Region
central bank
18 ms
APAC
hybrid telecom
15 ms
Air-Gapped Estates
offline ceremony
windowed