From 73ecdaf6fe991f74b1bb57faed5173a7015d2f2d Mon Sep 17 00:00:00 2001
From: Daan Boerlage <d@boerlage.me>
Date: Mon, 12 Feb 2024 21:07:04 +0100
Subject: [PATCH 1/2] Remove the note about the airgapped system precaution,
 this is no longer true because the key would have to leave the bank vault

---
 readme.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/readme.md b/readme.md
index f872a7d..31fa64b 100644
--- a/readme.md
+++ b/readme.md
@@ -9,8 +9,6 @@ The setup was mostly done by following these two guides:
 ## Notes of precaution
 
 * The root key is a yubikey kept in a physical vault at a bank in Switzerland.
-* All signings are done on an airgapped machine in a live-boot environment.
-* This repo is transferred on and off the signing machine with a regular usb drive.
 
 ## Setup
 

From 0c00cb0c2b166212df067062d710e3e980f0bf04 Mon Sep 17 00:00:00 2001
From: Daan Boerlage <d@boerlage.me>
Date: Mon, 12 Feb 2024 21:08:18 +0100
Subject: [PATCH 2/2] readme formatting

---
 readme.md | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/readme.md b/readme.md
index 31fa64b..7c8e0bb 100644
--- a/readme.md
+++ b/readme.md
@@ -3,24 +3,28 @@
 A certificate authority for the HomeLab.
 
 The setup was mostly done by following these two guides:
-* [Jamie Nguyen's OpenSSL CA guide](https://jamielinux.com/docs/openssl-certificate-authority/introduction.html)
-* [Mour's](https://github.com/mylamour) [blog post Jamie's guide using an HSM](https://github.com/mylamour/blog/issues/80)
+
+- [Jamie Nguyen's OpenSSL CA guide](https://jamielinux.com/docs/openssl-certificate-authority/introduction.html)
+- [Mour's](https://github.com/mylamour) [blog post Jamie's guide using an HSM](https://github.com/mylamour/blog/issues/80)
 
 ## Notes of precaution
 
-* The root key is a yubikey kept in a physical vault at a bank in Switzerland.
+- The root key is a yubikey kept in a physical vault at a bank in Switzerland.
 
 ## Setup
 
 ### Required Software
 
-* OpenSSL
-* libp11
-* [YKCS11](https://developers.yubico.com/yubico-piv-tool/YKCS11/)
-  *[AUR Link](https://aur.archlinux.org/packages/ykcs11-p11-kit-module)
+- OpenSSL
+- libp11
+- [YKCS11](https://developers.yubico.com/yubico-piv-tool/YKCS11/)
+  - [AUR Link](https://aur.archlinux.org/packages/ykcs11-p11-kit-module)
 
 **macOS note:** openssl installed via homebrew does not pickup on libp11, you need to manually copy the pkcs11 library (update the versions):
-`cp /opt/homebrew/Cellar/libp11/0.4.12/lib/engines-3/pkcs11.dylib /opt/homebrew/Cellar/openssl@3/3.2.1/lib/engines-3/`
+
+```sh
+cp /opt/homebrew/Cellar/libp11/0.4.12/lib/engines-3/pkcs11.dylib /opt/homebrew/Cellar/openssl@3/3.2.1/lib/engines-3/
+```
 
 ### Environment Variables