public
/
docs
5
0
Fork 0
Code Issues 8 Pull Requests 1 Packages Projects Releases Wiki Activity

doc clean up

This commit is contained in:
Anton Livaja 2025-02-03 00:08:17 -05:00
parent 36113a7287
commit 4999b08e7e
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
11 changed files with 28 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
quorum-vault-system/src/component-documents/inventory-repository.md
View File

@ -23,5 +23,9 @@ sd_cards/
... ...
``` ```
## Procedure: Setting up Repository
{{ #include ./git-repository-initialization.md:procedure}}
// ANCHOR_END: content // ANCHOR_END: content
/* ANCHOR_END: all */ /* ANCHOR_END: all */

4
quorum-vault-system/src/component-documents/tamper-evidence-methods.md
View File

@ -124,7 +124,7 @@ Sealing bags of standard size objects which need to be protected can fit in. The
1. Date and sign the polaroid photographs and store them in a local lock box 1. Date and sign the polaroid photographs and store them in a local lock box
1. Take the SD card to an online connected device, ensuring continued dual custody, and commit the photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit. 1. Take the SD card to an online connected device, ensuring continued dual custody, and commit the tamper evidence photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit.
// ANCHOR_END: vsbwf-procedure-sealing // ANCHOR_END: vsbwf-procedure-sealing
@ -137,7 +137,7 @@ Sealing bags of standard size objects which need to be protected can fit in. The
1. Compare polaroid to printed photographs of digital record 1. Compare polaroid to printed photographs of digital record
1. If there is no noticeable difference, proceed with unsealing the object, otherwise initiate an [incident response process (todo)](TODO). 1. If there is no noticeable difference, proceed with unsealing the object, otherwise initiate an incident response process according to organization's policies.
// ANCHOR_END: vsbwf-procedure-unsealing // ANCHOR_END: vsbwf-procedure-unsealing

2
quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md
View File

@ -16,8 +16,6 @@ The approver is responsible for verifying a transaction proposed by a [proposer]
* The approver should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo * The approver should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo
* Ensure that the computer is configured to sign commits with the desired key. Refer to the [Appendix: Git Commit Signing Configuration](#git-commit-signing-configuration)
* Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine * Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine
## Procedure ## Procedure

4
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md
View File

@ -2,14 +2,14 @@
## Requirements ## Requirements
{{ #include ../../../../operator-requirements.md:requirements }}
* Online machine * Online machine
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair) * [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair)
{{ #include ../../../../operator-requirements.md:requirements }}
* [Ceremony SD card](../../ceremony-sd-card-provisioning.md) * [Ceremony SD card](../../ceremony-sd-card-provisioning.md)
## Procedure ## Procedure

11
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
View File

@ -6,11 +6,11 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
{{ #include ../../operator-requirements.md:requirements }} {{ #include ../../operator-requirements.md:requirements }}
* [SD Card Booster Pack](../provisioner/provision-sd-card.md) * [SD Card Pack](../procurer/procure-sd-card-pack.md)
* `N` Smart Cards in the chosen `M of N` quorum * `N` Smart Cards in the chosen `M of N` quorum
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. * High Visibility Storage: plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
## Procedure ## Procedure
@ -37,7 +37,6 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smartcards_per_operator> --output shardfile.asc --cert-output keyring.asc --derive-openpgp-cert encryption_cert.asc,userid=<pgp_cert_id>` TODO: NOT IMPLEMENTED * `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smartcards_per_operator> --output shardfile.asc --cert-output keyring.asc --derive-openpgp-cert encryption_cert.asc,userid=<pgp_cert_id>` TODO: NOT IMPLEMENTED
1. Unseal an SD card pack 1. Unseal an SD card pack
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
@ -62,9 +61,11 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
1. Unplug the SD card and place it in High Visibility Storage 1. Unplug the SD card and place it in High Visibility Storage
1. Label the SD card "Shardfile [date]" 1. Label the SD card "Ceremony [date]"
1. Upload the newly generated artifacts into the `vaults` repository 1. Power down the air-gapped machine
1. Transfer the ceremony artifacts to an online machine using one of the SD cards and upload the newly generated artifacts into the `vaults` repository in the appropriate `<namespace>` sub directory using an online machine
1. Gather all the original items that were in the air-gapped bundle: 1. Gather all the original items that were in the air-gapped bundle:

6
quorum-vault-system/src/generated-documents/level-2/fixed-location/procurer/index.md
View File

@ -8,9 +8,9 @@ The procurer is responsible for:
* [Hardware](procure-hardware.md) (computers, sd cards, sd card adapters, smart cards, cameras etc.) * [Hardware](procure-hardware.md) (computers, sd cards, sd card adapters, smart cards, cameras etc.)
* Ensuring equipment is properly tamper proofed * Creating and maintaining the [Inventory](create-inventory-repository.md)
* Ensuring inventory is updated properly * Ensuring equipment is properly tamper proofed
* Maintaining stock of supplies in the inventory * Maintaining stock of supplies in the inventory
@ -22,6 +22,8 @@ The procurer is responsible for:
1. Procuring a [facility](./procure-facility.md) 1. Procuring a [facility](./procure-facility.md)
1. Creating a [Inventory repository](create-inventory-repository.md)
1. Procuring [tamper proofing equipment](./procure-tamper-proofing-equipment.md) 1. Procuring [tamper proofing equipment](./procure-tamper-proofing-equipment.md)
1. Procuring [hardware](./procure-hardware.md) 1. Procuring [hardware](./procure-hardware.md)

2
quorum-vault-system/src/generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md
View File

@ -24,5 +24,3 @@
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }} {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
1. Label the tamper proofed package "SD Card Pack [date]" 1. Label the tamper proofed package "SD Card Pack [date]"
1. Add an entry to the `inventory` repository, including tamper evidence photographs, and the name of the item

6
quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md
View File

@ -30,11 +30,9 @@ The proposer must combine these values into a JSON file, such as:
* The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo * The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo
* [Online Machine](TODO) * Online Machine
* Ensure that the computer is configured to sign commits with the desired key. Refer to the [Appendix: Git Commit Signing Configuration](#git-commit-signing-configuration) * Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine
* Organization's Ceremonies repository git url
## Procedure ## Procedure

5
quorum-vault-system/src/generated-documents/level-2/fixed-location/provisioner/index.md
View File

@ -4,13 +4,12 @@ The provisioner is responsible for:
* Provisioning hardware * Provisioning hardware
* Provisioning SD Cards (AirapOS, Keychain, Shardfiles etc.) * Provisioning SD Cards (AirapOS, Ceremony etc.)
* Provisioning ceremony bundles * Provisioning bundles (e.g Air-Gapped bundle)
## Procedures ## Procedures
* [Provision SD Card](./provision-sd-card.md)
* [Provision AirgapOS](./provision-airgapos.md) * [Provision AirgapOS](./provision-airgapos.md)
* [Provision Computer](./procure-computer.md) * [Provision Computer](./procure-computer.md)
* Requires tamper proofing equipment to be available * Requires tamper proofing equipment to be available

2
quorum-vault-system/src/generated-documents/level-2/hardware.md
View File

@ -23,6 +23,8 @@
* Computers which are compatible which can be verified via [this guide](https://git.distrust.co/public/airgap#hardware-compatibility) * Computers which are compatible which can be verified via [this guide](https://git.distrust.co/public/airgap#hardware-compatibility)
* Online Use: Chromebook or QubesOS laptop
// ANCHOR_END: computer-models // ANCHOR_END: computer-models
## Digital Camera ## Digital Camera

8
quorum-vault-system/src/generated-documents/level-2/operator-requirements.md
View File

@ -4,6 +4,10 @@
## For Quorum Based Operations ## For Quorum Based Operations
// ANCHOR: requirements // ANCHOR: requirements
* For ALL tamper proofed hardware used in the ceremony, both operators MUST print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo
* [Air-gapped bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md) * [Air-gapped bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
* Minimum of 2 [Operators](/system-roles.md#operator) * Minimum of 2 [Operators](/system-roles.md#operator)
@ -12,9 +16,5 @@
* Tamper-proofing equipment * Tamper-proofing equipment
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo
// ANCHOR_END: requirements // ANCHOR_END: requirements
/* ANCHOR_END: all */ /* ANCHOR_END: all */