diff --git a/quorum-key-management/book.toml b/quorum-key-management/book.toml index 118e4ea..552fd4d 100644 --- a/quorum-key-management/book.toml +++ b/quorum-key-management/book.toml @@ -3,4 +3,4 @@ authors = ["Anton Livaja", "Lance R. Vick", "Ryan Heywood"] language = "en" multilingual = false src = "src" -title = "Quorum Key Management (QKM)" +title = "Quorum Vault System (QVS)" diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md index 5845ad3..e684ab0 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md @@ -2,21 +2,11 @@ # Operator - Sign PYTH-SPL Transaction -Solana blockchain has a time sensitive aspect associated to validity of standard transactions. The `blockhash` which is used as part of a transaction expires in 60-90 seconds. This introduces operational challenges to signing a transaction offline. As a result, this ceremony requires 3 operators, rather than the typical 2. It is essential for the operators to collaborate to quickly get the transaction data from the online computer to the offline, sign it, then get it back to the online machine before the `blockhash` validity period expires. - -The online machine operator is only to operate the online machine, and not touch the offline machine, and the air-gapped machine operators should not touch the online machine. The operators must focus on their machine and their part of the process. - -Typically, the online machine and the additional operator are not necessary as there is no time sensitivity to the transaction as only some blockchains have the requirement of using a `blockhash` from a previous block as part of a new valid transaction. - ## Requirements -* 3 Operators +* 2 primary operators will be operating the offline machine and online machine - * 2 primary operators will be operating the offline machine - - * Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key) - - * An additional operator is necessary for fetching and providing the transaction data and the latest SOL `blockhash` from a online computer and transmitting using an SD card to the 2 primary operators conducting the main ceremony + * Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key) * Photographic tamper proofing evidence @@ -34,19 +24,25 @@ Typically, the online machine and the additional operator are not necessary as t * Colored beads -* 4 SD cards (2 fresh, formatted as ext4, and 2 cards with prepared data) +* PureBoot smart card (TODO) + +* 5 SD cards (2 fresh, formatted as ext4, and 3 cards with prepared data) * 1 SD card for transferring transaction data from online to air-gapped machine * 1 SD card for storing tamper proofing evidence produced at the end of the ceremony - * 1 SD card which has the shardfile and "trusted keys" for proposers and approvers, both signed by each operator using their operator key (TODO) + * 1 SD card which has the shardfile, labelled "Shardile" + + * This should be write-locked and stored in tamper proofing along with air-gapped machine + + * 1 SD card with "trusted keys" for proposers and approvers, both signed by each operator using their operator key (TODO) * This should be write-locked and stored in tamper proofing along with air-gapped machine - * TODO refactor for this to be alongside airgapped machine - * 1 SD card with AirgapOS + + * This should be write-locked and stored in tamper proofing along with air-gapped machine * Digital camera (TODO selection) @@ -61,32 +57,33 @@ Typically, the online machine and the additional operator are not necessary as t 3. Retrieve sealed laptop and polaroid from locked storage ### Unsealing Tamper Proofing - {{ #include ../../../../../../tamper-evidence-methods.md:vsbwf-procedure-unsealing}} ### Secure Boot Procedure +0. Plug PureBoot smart card into air-gapped machine -{{ #include ../../../../../../secure-boot-sequence.md:content}} +1. Plug in SD card labelled "AirgapOS" -0. Load well known PGP keys of proposer and approver, and sign them using operator keys (NOT IMPLEMENTED) +{{ #include ../../../../../../secure-boot-sequence.md:prepared}} -1. Insert SD card with shardfile +0. Plug in SD card labelled "Trusted Keys" + + * Load well known PGP keys of proposer and approver, and sign them using operator keys (NOT IMPLEMENTED) + + * `gpg --import ` + +1. Insert SD card labelled "shardfile" 2. `keyfork recover shard --daemon` -3. Await prompt and plug in first Operator Key + * Follow on screen prompts -4. Tap the key (may have to tap multiple times) +3. As a last step, run the `icepick` command which is awaiting the transaction payload -5. Await prompt and plug in second Operator Key + * `icepick workflow sol-transfer` -6. Tap the key + * Follow on screen prompts -7. Run `keyfork - -8. As a last step, run the `icepick` command which is awaiting the transaction payload - - * TODO add command ### Obtain Transaction Request @@ -96,7 +93,7 @@ Typically, the online machine and the additional operator are not necessary as t * TODO define means (could just be email?) -3. Run `icepick workflow sol-get-blockhash-and-broadcast` command +3. Run `icepick workflow sol-broadcast` command * Wait for prompt and plug in fresh SD card @@ -108,11 +105,7 @@ Typically, the online machine and the additional operator are not necessary as t ### Sign Transaction -1. Use `icepick` to generate the transaction payload: - - * `icepick workflow sol-transfer-token` - - * Wait for SD card prompt and plug in SD card with signed transaction payload +1. Plug in SD card with transaction payload 2. Wait for the screen to display the transaction information. (NOT IMPLEMENTED) diff --git a/quorum-key-management/src/portable-reusable-laptop-ceremony.md b/quorum-key-management/src/portable-reusable-laptop-ceremony.md index 9a5d386..1773046 100644 --- a/quorum-key-management/src/portable-reusable-laptop-ceremony.md +++ b/quorum-key-management/src/portable-reusable-laptop-ceremony.md @@ -64,7 +64,7 @@ To conform to [Level 2](threat-model.md#level-2) security properties a location ### Perform Operations -6. Follow a [playbook](TODO) +Follow a [playbook](TODO) ### Sealing diff --git a/quorum-key-management/src/secure-boot-sequence.md b/quorum-key-management/src/secure-boot-sequence.md index 20e29fc..a130cde 100644 --- a/quorum-key-management/src/secure-boot-sequence.md +++ b/quorum-key-management/src/secure-boot-sequence.md @@ -30,7 +30,7 @@ binary they built on their own system according to the [AirgapOS Setup Playbook] 12. Once everyone is satisfied that the hash matches, the computer should be be restarted. - +// ANCHOR: prepared 13. Press space when the message "Automatic boot in 5 seconds unless interrupted by keypress..." 14. Once in the PureBoot Boot Menu, navigate to "Options -->" and press Enter @@ -43,6 +43,7 @@ be restarted. 18. Once booted, verify the version of the software matches the AirgapOS Hash which was noted during the [AirgapOS Setup](repeat-use-airgapos.md). +// ANCHOR_END: prepared // ANCHOR_END: content /* ANCHOR_END: all */ \ No newline at end of file