We're purchasing a yubikey with our next certificate. Does SB require the HSM model for signing, or is it possible to use a yubikey for certificate authentication?
If not, we'll be using the yubikey just to sign the exes and dlls (using ECDSA, which I understand signtool supports) within the install, and then then install itself via HSM. I presume that having signed the exes and dlls with the yubikey won't affect the signing of the install using HSM (RSA). Is that correct?