From 3533f07b890d3d97a6f16c10624cb67cc4b43476 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 27 Jan 2025 19:37:29 -0500 Subject: [PATCH] integrate feedback --- .../src/component-documents/ceremony-repository.md | 6 +++--- .../hardware-procurement-and-chain-of-custody.md | 4 +--- .../src/generated-documents/level-2/basic-requirements.md | 2 +- .../operator/ceremony-sd-card-provisioning.md | 4 ++-- .../level-2/fixed-location/procurer/index.md | 4 ++-- .../fixed-location/proposer/create-transaction-payload.md | 8 ++------ .../fixed-location/provisioner/provision-computer.md | 2 ++ 7 files changed, 13 insertions(+), 17 deletions(-) diff --git a/quorum-key-management/src/component-documents/ceremony-repository.md b/quorum-key-management/src/component-documents/ceremony-repository.md index deea475..8bfe348 100644 --- a/quorum-key-management/src/component-documents/ceremony-repository.md +++ b/quorum-key-management/src/component-documents/ceremony-repository.md @@ -31,9 +31,9 @@ ceremonies/ / log.txt - [ ] TODO: write a layout for the log - workflow_payloads/ - workflow_payload_.json - workflow_payload_.json.sig + payloads/ + payload_.json + payload_.json.sig blockchain_metadata/ sol_nonce_address.txt policies/ diff --git a/quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md b/quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md index 0a6dd14..0c79ffb 100644 --- a/quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md +++ b/quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md @@ -14,9 +14,7 @@ The following steps must all be completed under the continued supervision and wi 1. Selecting a Purchase Location - * Select at least 4 stores which carry the type of equipment being purchased, then randomly select one using the roll of a die, or other random method. This is done in order to reduce the likelihood that an insider threat is able to plant a compromised computer in a store ahead of time. - - * Each participant should choose 2 of the stores. + * Select at multiple stores which carry the type of equipment being purchased, then randomly select one using the roll of a die, or other random method. This is done in order to reduce the likelihood that an insider threat is able to plant a compromised computer in a store ahead of time. 1. Within the store, identify available adequate device diff --git a/quorum-key-management/src/generated-documents/level-2/basic-requirements.md b/quorum-key-management/src/generated-documents/level-2/basic-requirements.md index adfdfdd..c8bfee7 100644 --- a/quorum-key-management/src/generated-documents/level-2/basic-requirements.md +++ b/quorum-key-management/src/generated-documents/level-2/basic-requirements.md @@ -8,7 +8,7 @@ * [Personal PGP key pair](/key-types.md#personal-pgp-keypair) -* Tamper-proofing equipment +* [Tamper-proofing equipment](/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.html) // ANCHOR_END: requirements /* ANCHOR_END: all */ \ No newline at end of file diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md index 7ba81c3..b11b0e1 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md @@ -18,9 +18,9 @@ 1. Navigate to the ceremony repository for the ceremony being executed -1. Create a directory called `workflow-inputs` on the SD card +1. Create a directory called `payloads/` on the SD card -1. Copy all transaction workflow payloads from the appropriate dated directory found in `ceremonies/workflow-payloads/` into the `workflow-payloads/` directory on the SD card +1. Copy all transaction workflow payloads from the appropriate dated directory found in `ceremonies/payloads/` into the `payloads/` directory on the SD card 1. Copy the `shardfile.asc` from the ceremony repository onto the SD card diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/index.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/index.md index f20bf59..8272f73 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/index.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/index.md @@ -4,9 +4,9 @@ The procurer is responsible for: * Procuring equipment - * Tamper proofing equipment + * [Tamper proofing equipment](procure-tamper-proofing-equipment.md) - * Hardware (computers, sd cards, sd card adapters, smart cards, cameras etc.) + * [Hardware](procure-hardware.md) (computers, sd cards, sd card adapters, smart cards, cameras etc.) * Ensuring equipment is properly tamper proofed diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md index e8b3add..1d2105a 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md @@ -18,7 +18,7 @@ The proposer must combine these values into a single message, which can be a sim ## Requirements -* If necessary, provision a PGP key pair to a smart card using the guide in the [Appendix: Generating PGP Keypair & Provisioning Smart Card](#generating-pgp-keypair--provisioning-smart-card) +* [Personal PGP Key](../operator/pgp-key-provisioning.md) or [On-Board PGP Key](../../../all-levels/provision-pgp-signing-keys-on-board-smart-card.md) * Ensure that the computer is configured to sign commits with the desired key. Refer to the [Appendix: Git Commit Signing Configuration](#git-commit-signing-configuration) @@ -26,7 +26,7 @@ The proposer must combine these values into a single message, which can be a sim ## Procedure -1. Define a new file `workflow_payload_.json`, for example `workflow_payload_1.json` +1. Define a new file `payload_.json`, for example `payload_1.json` 1. Create a new directory in the `ceremonies` repository for the date on which the ceremony for the transaction will take place if it doesn't already exist, for example `2024-01-01/` @@ -63,7 +63,3 @@ The proposer must combine these values into a single message, which can be a sim ### Git Commit Signing Configuration {{ #include ../../../../component-documents/git-commit-signing.md:steps }} - -### Generating PGP Keypair & Provisioning Smart Card - -{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork }} diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md index 12aa6de..2070389 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md @@ -14,6 +14,8 @@ 1. Enter facility with required items and personnel and lock the facility +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }} + 1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}