refactor main operator doc

This commit is contained in:
Anton Livaja 2024-12-16 16:45:34 -05:00
parent eb77ad63c9
commit 5489afbbed
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
4 changed files with 32 additions and 38 deletions

View File

@ -3,4 +3,4 @@ authors = ["Anton Livaja", "Lance R. Vick", "Ryan Heywood"]
language = "en" language = "en"
multilingual = false multilingual = false
src = "src" src = "src"
title = "Quorum Key Management (QKM)" title = "Quorum Vault System (QVS)"

View File

@ -2,21 +2,11 @@
# Operator - Sign PYTH-SPL Transaction # Operator - Sign PYTH-SPL Transaction
Solana blockchain has a time sensitive aspect associated to validity of standard transactions. The `blockhash` which is used as part of a transaction expires in 60-90 seconds. This introduces operational challenges to signing a transaction offline. As a result, this ceremony requires 3 operators, rather than the typical 2. It is essential for the operators to collaborate to quickly get the transaction data from the online computer to the offline, sign it, then get it back to the online machine before the `blockhash` validity period expires.
The online machine operator is only to operate the online machine, and not touch the offline machine, and the air-gapped machine operators should not touch the online machine. The operators must focus on their machine and their part of the process.
Typically, the online machine and the additional operator are not necessary as there is no time sensitivity to the transaction as only some blockchains have the requirement of using a `blockhash` from a previous block as part of a new valid transaction.
## Requirements ## Requirements
* 3 Operators * 2 primary operators will be operating the offline machine and online machine
* 2 primary operators will be operating the offline machine * Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)
* Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)
* An additional operator is necessary for fetching and providing the transaction data and the latest SOL `blockhash` from a online computer and transmitting using an SD card to the 2 primary operators conducting the main ceremony
* Photographic tamper proofing evidence * Photographic tamper proofing evidence
@ -34,20 +24,26 @@ Typically, the online machine and the additional operator are not necessary as t
* Colored beads * Colored beads
* 4 SD cards (2 fresh, formatted as ext4, and 2 cards with prepared data) * PureBoot smart card (TODO)
* 5 SD cards (2 fresh, formatted as ext4, and 3 cards with prepared data)
* 1 SD card for transferring transaction data from online to air-gapped machine * 1 SD card for transferring transaction data from online to air-gapped machine
* 1 SD card for storing tamper proofing evidence produced at the end of the ceremony * 1 SD card for storing tamper proofing evidence produced at the end of the ceremony
* 1 SD card which has the shardfile and "trusted keys" for proposers and approvers, both signed by each operator using their operator key (TODO) * 1 SD card which has the shardfile, labelled "Shardile"
* This should be write-locked and stored in tamper proofing along with air-gapped machine * This should be write-locked and stored in tamper proofing along with air-gapped machine
* TODO refactor for this to be alongside airgapped machine * 1 SD card with "trusted keys" for proposers and approvers, both signed by each operator using their operator key (TODO)
* This should be write-locked and stored in tamper proofing along with air-gapped machine
* 1 SD card with AirgapOS * 1 SD card with AirgapOS
* This should be write-locked and stored in tamper proofing along with air-gapped machine
* Digital camera (TODO selection) * Digital camera (TODO selection)
* [Online machine](../../../../../../online-machine-provisioning.md) used for fetching transaction data * [Online machine](../../../../../../online-machine-provisioning.md) used for fetching transaction data
@ -61,32 +57,33 @@ Typically, the online machine and the additional operator are not necessary as t
3. Retrieve sealed laptop and polaroid from locked storage 3. Retrieve sealed laptop and polaroid from locked storage
### Unsealing Tamper Proofing ### Unsealing Tamper Proofing
{{ #include ../../../../../../tamper-evidence-methods.md:vsbwf-procedure-unsealing}} {{ #include ../../../../../../tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
### Secure Boot Procedure ### Secure Boot Procedure
0. Plug PureBoot smart card into air-gapped machine
{{ #include ../../../../../../secure-boot-sequence.md:content}} 1. Plug in SD card labelled "AirgapOS"
0. Load well known PGP keys of proposer and approver, and sign them using operator keys (NOT IMPLEMENTED) {{ #include ../../../../../../secure-boot-sequence.md:prepared}}
1. Insert SD card with shardfile 0. Plug in SD card labelled "Trusted Keys"
* Load well known PGP keys of proposer and approver, and sign them using operator keys (NOT IMPLEMENTED)
* `gpg --import <keyfile_name>`
1. Insert SD card labelled "shardfile"
2. `keyfork recover shard --daemon` 2. `keyfork recover shard --daemon`
3. Await prompt and plug in first Operator Key * Follow on screen prompts
4. Tap the key (may have to tap multiple times) 3. As a last step, run the `icepick` command which is awaiting the transaction payload
5. Await prompt and plug in second Operator Key * `icepick workflow sol-transfer`
6. Tap the key * Follow on screen prompts
7. Run `keyfork
8. As a last step, run the `icepick` command which is awaiting the transaction payload
* TODO add command
### Obtain Transaction Request ### Obtain Transaction Request
@ -96,7 +93,7 @@ Typically, the online machine and the additional operator are not necessary as t
* TODO define means (could just be email?) * TODO define means (could just be email?)
3. Run `icepick workflow sol-get-blockhash-and-broadcast` command 3. Run `icepick workflow sol-broadcast` command
* Wait for prompt and plug in fresh SD card * Wait for prompt and plug in fresh SD card
@ -108,11 +105,7 @@ Typically, the online machine and the additional operator are not necessary as t
### Sign Transaction ### Sign Transaction
1. Use `icepick` to generate the transaction payload: 1. Plug in SD card with transaction payload
* `icepick workflow sol-transfer-token`
* Wait for SD card prompt and plug in SD card with signed transaction payload
2. Wait for the screen to display the transaction information. (NOT IMPLEMENTED) 2. Wait for the screen to display the transaction information. (NOT IMPLEMENTED)

View File

@ -64,7 +64,7 @@ To conform to [Level 2](threat-model.md#level-2) security properties a location
### Perform Operations ### Perform Operations
6. Follow a [playbook](TODO) Follow a [playbook](TODO)
### Sealing ### Sealing

View File

@ -30,7 +30,7 @@ binary they built on their own system according to the [AirgapOS Setup Playbook]
12. Once everyone is satisfied that the hash matches, the computer should be 12. Once everyone is satisfied that the hash matches, the computer should be
be restarted. be restarted.
// ANCHOR: prepared
13. Press space when the message "Automatic boot in 5 seconds unless interrupted by keypress..." 13. Press space when the message "Automatic boot in 5 seconds unless interrupted by keypress..."
14. Once in the PureBoot Boot Menu, navigate to "Options -->" and press Enter 14. Once in the PureBoot Boot Menu, navigate to "Options -->" and press Enter
@ -43,6 +43,7 @@ be restarted.
18. Once booted, verify the version of the software matches the AirgapOS Hash 18. Once booted, verify the version of the software matches the AirgapOS Hash
which was noted during the [AirgapOS Setup](repeat-use-airgapos.md). which was noted during the [AirgapOS Setup](repeat-use-airgapos.md).
// ANCHOR_END: prepared
// ANCHOR_END: content // ANCHOR_END: content
/* ANCHOR_END: all */ /* ANCHOR_END: all */