more updates across level 2 processes

quorum-key-management/src/SUMMARY.md

@@ -6,12 +6,10 @@
     * [Software](software.md)
     * [Hardware](hardware.md)
     * [Glossary](glossary.md)
-
 * [Preparations]()
     * [Verifying Signatures](verifying-signatures.md)
     * [Tamper Evidence Methods](tamper-evidence-methods.md)
     * [Online Machine](online-machine-provisioning.md)
-
     * [Fixed Location Reusable Laptop]()
         * [Location](locations.md)
         * [Procure Hardware](fixed-location-reusable-hardware-procurement.md)
@@ -21,49 +19,38 @@
             * [Change Smart Card PINs](setting-smart-card-pins.md)
             * [PureBoot Restricted Boot](enable-pure-boot-restricted-boot.md)
             * [PureBoot Boot Sequence](secure-boot-sequence.md)
-
         * [AirgapOS Setup]()
             * [AirgapOS Setup](repeat-use-airgapos.md)
             * [`autorun.sh` Setup](autorun-sh-setup.md)
-
     * [One Time Use / Portable Use]()
         * [Location](one-time-use-locations.md)
         * [Procure Hardware](hardware-procurement-and-chain-of-custody.md)
         * [AirgapOS Setup](one-time-use-airgapos.md)
         * [Repository Setup](one-time-repository-setup.md)
         * [Selecting Locations](one-time-use-locations.md)
-
+* [Post Ceremony]()
-* [Root Entropy Ceremonies]()
+    * [Online Artifact Storage](public-ceremony-artifact-storage.md)
+    * [Physical Artifact Storage](physical-artifact-storage.md)
+* [Lifecycle Management]()
+    * [Destroying Hardware](hardware-destruction.md)
+    * [Storage Device Management](storage-device-management.md)
+* [Generated Documents]()
+    * [Root Entropy Generation]()
         * [Ceremony Log Template](ceremony-log-template.md)
         * [Root Entropy Ceremonies](root-entropy-ceremonies.md)
             * [Local Key Provisioning](local-key-provisioning.md)
             * [Hybrid Key Provisioning](hybrid-key-provisioning.md)
             * [Remote Key Provisioning](remote-key-provisioning.md)
-
         * [Additional Key Ceremonies]()
             * [Operator Key Provisioning](operator-key-provisioning.md)
             * [Location Key Provisioning](location-key-provisioning.md)
-
-    * [Post Ceremony]()
-        * [Online Artifact Storage](public-ceremony-artifact-storage.md)
-        * [Physical Artifact Storage](physical-artifact-storage.md)
-
-* [Ceremonies]()
-    * [One Time Use Laptop Ceremony](one-time-use-laptop-coin-ceremony.md)
-    * [Portable Reusable Laptop Ceremony](portable-reusable-laptop-ceremony.md)
-    * [Fixed Location Reusable Laptop Ceremony](fixed-location-reusable-laptop-ceremony.md)
-
-* [Lifecycle Management]()
-    * [Destroying Hardware](hardware-destruction.md)
-    * [Storage Device Management](storage-device-management.md)
-
-* [Generated Documents]()
     * [Level 1]()
     * [Level 2]()
         * [Fixed-Location]()
             * [Provisioner](system-roles.md)
                 * [Procure Equipment & Location](generated-documents/level-2/fixed-location/provisioner/procure-equipment-and-location.md)
                 * [Ceremony Repository](generated-documents/level-2/fixed-location/provisioner/ceremonies-repository.md)
+                * [Keychain Repository](generated-documents/level-2/fixed-location/provisioner/keychain-repository.md)
             * [Proposer](system-roles.md)
                 * [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md)
             * [Approver](system-roles.md)
@@ -72,7 +59,6 @@
                 * [PYTH-SLN - Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md)
     * [Level 3]()
     * [Level 4]()
-
 * [Document Components]()
     * [Git Commit Signing](./component-documents/git-commit-signing.md)
     * [GUI Git Commit](./component-documents/gui-git-commit.md)

quorum-key-management/src/component-documents/ceremony-repository.md

@@ -37,5 +37,10 @@ ceremonies/
 policies/
     spending-policy.json
 ```
+
+## Procedure: Setting up Repository
+
+{{ #include ./git-repository-initialization.md:procedure}}
 // ANCHOR_END: content
 /* ANCHOR_END: all */
+

quorum-key-management/src/component-documents/git-repository-initialization.md

@@ -0,0 +1,25 @@
+/* ANCHOR: all */
+# Git Repository Initialization
+
+This document explains how a git repository should be set up in order to guarantee authenticity and non-repudiation of data.
+
+Git is used because it permits cryptographic singing of commits using PGP, as well as historical changes to a set of data.
+
+## Procedure: Setting up Repository
+// ANCHOR: procedure
+1. Create a git repository using a git system such as Forjego, GitLab, GitHub etc.
+
+1. Set appropriate permissions to limit who can write to the repository.
+
+    * `main` branch should be write protected so that merges to that branch can only be done if at least 2 approvals are present
+
+        * The organization may choose to require more approvals based on risk tolerance and operational capacity
+
+    * The merges should be done via CLI signed commits
+
+    * Require that all commits are signed using well known PGP keys which are from the organization's [keychain repository](TODO) 
+
+1. Optionally set up a chron job that periodically pulls the data from the repository as a backup.
+// ANCHOR_END: procedure
+/* ANCHOR_END: all */
+

quorum-key-management/src/component-documents/keychain-repository.md

@@ -10,7 +10,7 @@ This repository contains the trusted keys for the organization.
 * MUST require signed commits
 
 ## Repository Structure
-
+```
 trusted-keys/
     proposers/
         <key_id>/
@@ -19,6 +19,11 @@ trusted-keys/
             sig_2.asc
     approvers/
     operators/
+```
+
+## Procedure: Setting up Repository
+
+{{ #include ./git-repository-initialization.md:procedure }}
 
 ## Procedure: Adding OpenPGP Keys 
 

quorum-key-management/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md

@@ -8,7 +8,7 @@ The approver is responsible for verifying a transaction proposed by a [proposer]
 
 * Ensure that the computer is configured to sign commits with the desired key. Refer to the [Appendix: Git Commit Signing Configuration](#git-commit-signing-configuration)
 
-* Clone the [Ceremonies Repository](../../../../component-documents/ceremony-repository.md) for your organization to the machine
+* Clone the [Ceremonies Repository](/generated-documents/level-2/fixed-location/provisioner/ceremonies-repository.html) for your organization to the machine
 
 ## Procedure
 
@@ -25,3 +25,11 @@ The approver is responsible for verifying a transaction proposed by a [proposer]
     * `gpg --armor --output <approver.sig> --detach-sig <filename>`
 
 1. Commit the detached signature alongside the tx  
+
+## Appendix
+
+### Git Commit Signing Configuration
+{{ #include ../../../../component-documents/git-commit-signing.md:steps }}
+
+### Generating PGP Keypair & Provisioning Smart Card
+{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork }}

quorum-key-management/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md

@@ -22,7 +22,7 @@ The proposer must combine these values into a single message, which can be a sim
 
 * Ensure that the computer is configured to sign commits with the desired key. Refer to the [Appendix: Git Commit Signing Configuration](#git-commit-signing-configuration)
 
-* Clone the [Ceremonies Repository](../../../../component-documents/ceremony-repository.md) for your organization to the machine
+* Clone the [Ceremonies Repository](/generated-documents/level-2/fixed-location/provisioner/ceremonies-repository.html) for your organization to the machine
 
 ## Procedure