I can create up to 2^8 key domains during Nitrokey HSM initialization.
What is the overhead of having an empty domain? How much extra space does an DKEK/XKEK domain take?
The number of key domains cannot be apparently changed later, so I’d like to know in advance.
cc @sc-hsm
You are only allocating slots for the key domain during initialization. That requires two bytes each. So it is save to allocate a few in case you need them later.
If you later create a key domain in the slot, about 260 bytes of memory are required.
