public
/
docs
5
0
Fork 0
Code Issues 17 Pull Requests 1 Packages Projects Releases Wiki Activity

update bootstrapping doc

This commit is contained in:
Anton Livaja 2025-01-08 11:34:42 -05:00
parent 5571965d33
commit 17b37d0d5e
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
3 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
quorum-key-management/src/SUMMARY.md
View File

@ -41,4 +41,5 @@
* [Procurement & Chain of Custody](./component-documents/hardware-procurement-and-chain-of-custody.md)
* [Online Artifact Storage](./component-documents/public-ceremony-artifact-storage.md)
* [Physical Artifact Storage](./component-documents/physical-artifact-storage.md)
* [`autorun.sh` Setup](./component-documents/autorun-sh-setup.md)
* [`autorun.sh` Setup](./component-documents/autorun-sh-setup.md)
* [Hardware Models](./component-documents/hardware-models.md)

0
quorum-key-management/src/hardware-models.md → quorum-key-management/src/component-documents/hardware-models.md
View File

38
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/pgp-key-bootstrapping.md
View File

@ -2,29 +2,31 @@
## Requirements
The initial set up requires the provisioner and operator to do all of these in a continuous session ensuring dual custody. Ensure that all participants are familiar with the sub-processes (TODO list sub-processes) so that the ceremony can be completed in one working day.
The initial set up requires the provisioner and operator to do all of these in a continuous session ensuring dual custody. Ensure that all participants are familiar with the sub-processes so that the ceremony can be completed in one working day.
* 3 individuals in order to have the flexibility for washroom breaks, fetching food and drinks etc.
* 3 individuals in order to have the flexibility for washroom breaks, fetching food and drinks etc.
* AirgapOS SD Card: [Provisioning Guide](./provision-airgapos.md)
* Tamper Proofing Equipment: [Provisioning Guide](./provision-tamper-proofing-equipment.md)
* Smart Cards (whatever number of PGP keys are being provisioned): [Smart Cards](TODO link to hardware)
* Smart Cards (whatever number of PGP keys are being provisioned): [Smart Cards](../../../../component-documents/hardware-models.md#smart-cards)
* SD Cards: [Provisioning Guide](./provision-sd-card.md)
* Designated facility
## Procedure
1. Set up AirgapOS (can be done ahead of time)
- [ ] add guide
### Procure Hardware
1. Procure hardware
* Dual custody
{{ #include ../../../../component-documents/hardware-procurement-and-chain-of-custody.md:steps }}
1. Enter the designated location with an operator and individual keys are being generated for and all required equipment
### Ceremony
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
1. Enter the designated facility with an operator and individual keys are being generated for and all required equipment
1. Lock access to the facility - there should be no inflow or outflow of people during the ceremony if avoidable. During a long ceremony as this one this may be unavoidable.
1. Gut the laptop before using it: radio cards, speakers, microphones, storage drive
@ -32,14 +34,20 @@ The initial set up requires the provisioner and operator to do all of these in a
1. Check AirgapOS hashes when it's booted
### Generating PGP Keys and Seeding Cards
{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}}
### Tamper Proofed Bundle
The following objects should be in the bundle:
* AirgapOS SD Cards
* Airgapped computer
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}
1. Create tamper proofed bundle (airgapos, laptop)
1. Submit evidence to ceremonies repo
#### Creation of Initial Air-Gapped Bundle
- [ ] TODO there is a reference to air gapped bundle in provisioner: procure-equipment... doc
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}