large refactor

This commit is contained in:
Anton Livaja 2025-01-07 17:40:57 -05:00
parent db19a45bff
commit 5571965d33
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
33 changed files with 263 additions and 304 deletions

View File

@ -4,41 +4,38 @@
* [Selecting a Quorum](selecting-quorum.md) * [Selecting a Quorum](selecting-quorum.md)
* [System Roles](system-roles.md) * [System Roles](system-roles.md)
* [Software](software.md) * [Software](software.md)
* [Glossary](glossary.md)
* [Location](locations.md) * [Location](locations.md)
* [Glossary](glossary.md)
* [Generated Documents]() * [Generated Documents]()
* [Level 1]()
* [Level 2]() * [Level 2]()
* [Fixed-Location]() * [Fixed-Location]()
* [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md) * [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md)
* [Provision Equipment](generated-documents/level-2/fixed-location/provisioner/procure-equipment.md) * [PGP Key Bootstrapping](generated-documents/level-2/fixed-location/provisioner/pgp-key-bootstrapping.md)
* [Provision Computer](generated-documents/level-2/fixed-location/provisioner/procure-computer.md) * [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md)
* [Provision Ceremony Repository](generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md) * [Provision Ceremony Repository](generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md)
* [Provision Keychain Repository](generated-documents/level-2/fixed-location/provisioner/provision-keychain-repository.md) * [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md)
* [Provision Tamper Proofing Equipment](generated-documents/level-2/fixed-location/provisioner/provision-tamper-proofing-equipment.md)
* [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md) * [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
* [Provision Facility](generated-documents/level-2/fixed-location/provisioner/provision-facility.md) * [Provision Facility](generated-documents/level-2/fixed-location/provisioner/provision-facility.md)
* [Provision Airgapped Bundle](generated-documents/level-2/fixed-location/provisioner/provision-air-gapped-bundle.md)
* [Copy Shardfile SD Card](generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md)
* [Proposer](system-roles.md) * [Proposer](system-roles.md)
* [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md) * [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md)
* [Approver](system-roles.md) * [Approver](system-roles.md)
* [Transaction Approval](generated-documents/level-2/fixed-location/approver/approve-transaction.md) * [Transaction Approval](generated-documents/level-2/fixed-location/approver/approve-transaction.md)
* [Operator](system-roles.md) * [Operator](system-roles.md)
* [Location](TODO)
* [PGP Key Bootstrapping](generated-documents/level-2/fixed-location/operator/pgp-key-bootstrapping.md)
* [PGP Key Provisioning](generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md) * [PGP Key Provisioning](generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md)
* [Root Entropy Provisioning](generated-documents/level-2/fixed-location/operator/hybrid-key-provisioning.md) * [Root Entropy Generation](generated-documents/level-2/fixed-location/operator/root-entropy-generation.md)
* [PYTH-SLN - Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md) * [PYTH-SLN - Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md)
* [Level 3]()
* [Level 4]()
* [Document Components]() * [Document Components]()
* [Ceremony Repository](./component-documents/ceremony-repository.md) * [Ceremony Repository](./component-documents/ceremony-repository.md)
* [Keychain Repository](./component-documents/keychain-repository.md) * [Keychain Repository](./component-documents/keychain-repository.md)
* [Git Commit Signing](./component-documents/git-commit-signing.md) * [Git Commit Signing](./component-documents/git-commit-signing.md)
* [GUI Git Commit](./component-documents/gui-git-commit.md)
* [OpenPGP Setup](./component-documents/openpgp-setup.md) * [OpenPGP Setup](./component-documents/openpgp-setup.md)
* [Verifying Signatures](./component-documents/verifying-signatures.md) * [Verifying Signatures](./component-documents/verifying-signatures.md)
* [Tamper Evidence Methods](./component-documents/tamper-evidence-methods.md) * [Tamper Evidence Methods](./component-documents/tamper-evidence-methods.md)
* [Change Smart Card PINs](./component-documents/setting-smart-card-pins.md) * [Change Smart Card PINs](./component-documents/setting-smart-card-pins.md)
* [Online Machine Provisioning](online-machine-provisioning.md) * [Online Machine Provisioning](./component-documents/online-machine-provisioning.md)
* [Hardware Destruction](./component-documents/hardware-destruction.md) * [Hardware Destruction](./component-documents/hardware-destruction.md)
* [Storage Device Management](./component-documents/storage-device-management.md) * [Storage Device Management](./component-documents/storage-device-management.md)
* [Procurement & Chain of Custody](./component-documents/hardware-procurement-and-chain-of-custody.md) * [Procurement & Chain of Custody](./component-documents/hardware-procurement-and-chain-of-custody.md)

View File

@ -1 +0,0 @@
# Ceremony Log Template

View File

@ -1,29 +1,28 @@
# `autorun.sh` Setup # `autorun.sh` Setup
This document describes how `autorun.sh`, a file that AirgapOS automatically This document describes how `autorun.sh`, a file that AirgapOS automatically boots and runs should be set up.
boots and runs should be set up.
This setup can be done on any machine. This setup can be done on any machine.
1. Create a file called `autorun.sh` that has the following contents: 1. Create a file called `autorun.sh`
You may accomplish this by doing the following: * In your Terminal use this command: `vi autorun.sh`
* In your Terminal use this command:
`vi autorun.sh`
* Once you are in the editor press "i" to enter "insert mode" * Once you are in the editor press "i" to enter "insert mode"
* Type in the contents, replacing <N> and <M> with your chosen threshold
numbers according to your [Quorum](selecting-quorum.md): * Type in the contents, replacing <N> and <M> with your chosen threshold numbers according to your [Quorum](selecting-quorum.md):
```sh ```sh
#!/bin/sh #!/bin/sh
keyfork wizard generate-shard-secret --threshold <M> --max <N> --output shards.pgp keyfork wizard generate-shard-secret --threshold <M> --max <N> --output shards.pgp
``` ```
* Press "esc" * Press "esc"
* Press ":" * Press ":"
* Press "x" * Press "x"
* Press Enter * Press Enter
2. Hash the file 1. Hash the file
The file should be hashed by using the following command: The file should be hashed by using the following command:
```sh ```sh
@ -31,14 +30,12 @@ This setup can be done on any machine.
``` ```
Make note of the hash on a piece of paper Make note of the hash on a piece of paper
3. Copy the file to the Storage Device which contains AirgapOS. 1. Copy the file to the Storage Device which contains AirgapOS.
a. If you don't have a Storage Device set up with AirgapOS use [this guide](repeat-use-airgapos.md) a. If you don't have a Storage Device set up with AirgapOS use [this guide](repeat-use-airgapos.md) to do so.
to do so.
b. Mount the AirgapOS Storage Device using [this guide](storage-device-management.md#mounting-a-storage-device) b. Mount the AirgapOS Storage Device using [this guide](storage-device-management.md#mounting-a-storage-device)
c. Copy the `autorun.sh` file to the Storage Device c. Copy the `autorun.sh` file to the Storage Device
4. Make note of this hash on a piece of paper or print it as you will need it to 1. Make note of this hash on a piece of paper or print it as you will need it to verify the file during Ceremonies.
verify the file during Ceremonies.

View File

@ -36,6 +36,10 @@ ceremonies/
<tx_name>.tx.json <tx_name>.tx.json
policies/ policies/
spending-policy.json spending-policy.json
keychain/
<key_id>/
sig_1.asc
sig_2.asc
``` ```
## Procedure: Setting up Repository ## Procedure: Setting up Repository

View File

@ -36,5 +36,30 @@ trusted-keys/
1. Two other authorized individuals (TODO define how they are authorized) must provide detached PGP signatures of the key being submitted 1. Two other authorized individuals (TODO define how they are authorized) must provide detached PGP signatures of the key being submitted
1. The PR should be merged using a signed commit via the git CLI 1. The PR should be merged using a signed commit via the git CLI
### Procedure: Ceremony "Keychain SD Card"
This procedure requires 2 individuals in order to witness the process and verify that the data being burned to the card is correct.
The Keychain SD Card once provisioned will be used in creating the [tamper proofed airgap bundle](#air-gapped-bundle)
1. Get a freshly formatted SD card
1. Plug it into a computer
1. Navigate the the official Keychain repository of your organization
1. Select provisioner and approver keys from the Keychain repository
1. Download the desired keys along with detached signatures
1. Copy the `.asc` and signature files to the SD card
1. Use the `sdtool` to lock the card
{{ #include ../sdtool-instructions.md:steps }}
1. Label the card "Keychain <date>"
// ANCHOR_END: content // ANCHOR_END: content
/* ANCHOR_END: all */ /* ANCHOR_END: all */

View File

@ -2,6 +2,8 @@
- [ ] TODO: fix this doc to use a different smart card for pureboot as the librem key, as the librem key doesn't have a physical switch - [ ] TODO: fix this doc to use a different smart card for pureboot as the librem key, as the librem key doesn't have a physical switch
- [ ] TODO update this to be hardware agnostic and use Heads / PureBoot
This guide walks the user through setting up a machine which relies on This guide walks the user through setting up a machine which relies on
[PureBoot](https://source.puri.sm/firmware/pureboot) to verify the authenticity [PureBoot](https://source.puri.sm/firmware/pureboot) to verify the authenticity
of the `.iso` image which is being booted, as well to ensure that firmware of of the `.iso` image which is being booted, as well to ensure that firmware of
@ -13,7 +15,7 @@ This guide assumes the use of a Purism machine, with a Librem Key.
* 1 Storage Device * 1 Storage Device
* 1 Librem Smart Card * 1 Smart Card
* 1 Librem 14 Computer with [PureBoot firmware installed](flash-pureboot-firmware.md). * 1 Librem 14 Computer with [PureBoot firmware installed](flash-pureboot-firmware.md).

View File

@ -18,7 +18,7 @@ The approver is responsible for verifying a transaction proposed by a [proposer]
1. Verify that the commit with the tx data is properly signed by the key that was verified in the previous step 1. Verify that the commit with the tx data is properly signed by the key that was verified in the previous step
1. Verify that the transaction is according to the defined policy (TODO link to policy) 1. Verify that the transaction is according to the defined policy, for the time being ensuring it's signed by safe-listed PGP keys (TODO: update this with a proper policy post-MVP)
1. To sign the transaction payload and produce a detached signature use: 1. To sign the transaction payload and produce a detached signature use:

View File

@ -1,11 +1,8 @@
# NOT PRODUCTION READY
# Operator - Sign PYTH-SPL Transaction # Operator - Sign PYTH-SPL Transaction
## Requirements ## Requirements
* Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key) * Ensure both primary operators have their [Operator Keys](../../pgp-key-provisioning.md)
- [ ] TODO define guide for setting up operator keys
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object. * Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
@ -40,7 +37,7 @@
1. Plug in SD card labelled "AirgapOS" 1. Plug in SD card labelled "AirgapOS"
TODO: add steps 1. Boot the computer and verify the hash of the version of AirgapOS that's booted
1. Plug in SD card labelled "Keychain" 1. Plug in SD card labelled "Keychain"

View File

@ -1,79 +0,0 @@
# Hybrid Key Provisioning
This document contains instructions on how Operators collaborate to set up
QVS where the Operator Keys and Location Keys were generated before this
ceremony and only the PGP Public Certificates of the Location keys are brought
to the ceremony which are used to shard the Root Entropy. This is useful
when conducting the ceremony in a lower trust environment, and where not all
aspects of the ceremony can be controlled to the desired degree.
## Requirements
* Each member needs to bring their:
* Ceremony Notes
* Ceremony SD Card
* Airgap SD Card (only 1 member needs to bring this - set up according to
[One Time Use / AirgapOS Setup](TODO)).
* Operator Keys
* Ceremonies repository
## Steps
1. Ensure there are additional witnesses for the ceremony, outside of the
operators to assist in monitoring and verifying the integrity of the process.
* Designate at least 1 individual to keep notes on the ceremony based
on the [Ceremony Log Template](ceremony-log-template.md)
1. Ensure that no participants have brought digital devices other than ones
necessary for the ceremony. A faraday bag may be used to hold any such devices
for the duration of the ceremony.
1. Procure a laptop and SD cards (3) from a randomly selected store and
ensure at least 2 people are in line of sight of all the hardware until the
ceremony is executed. It may be worthwhile to try booting from the SD card at
the store. Dell laptops tend to support booting from SD cards while Lenovo
don't. More notes on selecting hardware can be found [here](one-time-use-hardware-procurement.md)
1. Secure a [Location](one-time-use-locations.md)
1. Verify the SD card by either:
* Booting a separate AirgapOS to the machine used for the ceremony in order
to verify the SD card is not writeable and the hash matches using the steps
from the [One Time Use/ AirgapOS Setup](TODO) guide.
OR
* Mounting the SD card to a separate machine and verifying it's not
writeable and verify the hash matches using steps from the [One Time Use/AirgapOS Setup](TODO) guide.
* NOTE: It is essential that the SD card remain in line of sight from the
moment it is verified to the moment is is used.
1. Plug in and boot from Airgap SD card:
* Boot from internal SD card reader or USB device reader
* Verify the `sha256sum ceremony.sh` hash matches each of the Operator's
"Ceremony Notes"
1. Button mash to ensure adequate entropy on the OS
1. Set the system time as it has to be after the PGP
public certificates were created, and before they expire:
* `date -s "YYYY-MM-DD HH:MM:SS"`
1. Run `ceremony.sh`
1. Back up the `shardfile`, and `pub.asc` to 3 separate SD cards,
one for each operator
1. Destroy the computer according to [Hardware Destruction](hardware-destruction.md)
guide.

View File

@ -1,42 +0,0 @@
# NOT PRODUCTION READY
# Operator - Provisioning PGP Keypair
## Requirements
The initial set up requires the operators to do all of these in a continuous session ensuring dual custody:
1. procure hardware
2. gut hardware
3. set up airgap together, built from source
4. burn sd card
5. boot airgap
6. generate mnemonic 1
7. generate pgp key
8. seed card(s) using oct
9. tamper proof the laptop
10. submit pgp signed proof to previously set up ceremonies repo
## Procedure
1. Set up AirgapOS (can be done ahead of time)
- [ ] add guide
1. Procure hardware
* Dual custody
* Remove radio cards etc.
1. Enter the designated location with an operator and individual keys are being generated for and all required equipment
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
1. Boot AirgapOS from verified SD card
{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}}
#### Creation of Initial Air-Gapped Bundle
- [ ] TODO there is a reference to air gapped bundle in provisioner: procure-equipment... doc
{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

View File

@ -8,9 +8,7 @@
* 2 new SD cards * 2 new SD cards
* Tamper proofing evidence * Tamper proofing evidence photographs
* TODO define the evidence as an importable anchor
## Procedure ## Procedure

View File

@ -0,0 +1,53 @@
# Root Entropy Generation
This is a ceremony for generating root entropy.
## Requirements
* Ensure both primary operators have their [Operator Keys](../../pgp-key-provisioning.md)
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys
- [ ] TODO: where do we refer to permitted PGP keys
* Each operator should hash the `keychain` repository
- [ ] TODO define keychain repository setup
* `sha256sum keychain/`
* Write it down on a piece of paper as it will be used during the ceremony
* Each member needs to bring their:
* Ceremony Notes
* Ceremony SD Card
- [ ] TODO explain what this is
## Procedure
1. Enter the designated location with the 2 operators and all required equipment
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
1. Retrieve sealed laptop and polaroid from locked storage
### Unsealing Tamper Proofing
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
### Generating Entropy
1. Boot AirgapOS on the airgapped machine
1. Verify the hash of the AirgapOS version once it's booted
1. Run `ceremony.sh`
1. Button mash to ensure adequate entropy on the OS
1. Back up the `shardfile`, and `pub.asc` to at least 2 separate SD cards
### Finalizing Ceremony
1. Seal the airgapped bundle (TODO)

View File

@ -52,10 +52,11 @@ The proposer must combine these values into a single message, which can be a sim
} }
``` ```
// TODO using the git gui introduces a lot of risk, we can either use `git` to reduce risk, or audit and deterministically build a GUI tool like GitKraken 1. Sign the data in the CLI using `gpg` or another OpenPGP implementation:
{{ #include ../../../../component-documents/gui-git-commit.md:steps}}
6. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool(TODO). * `gpg --clearsign <file>`
1. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool(TODO).
## Appendix ## Appendix

View File

@ -1,3 +0,0 @@
# Ceremonies Repository
{{ #include ../../../../component-documents/ceremony-repository.md:content }}

View File

@ -0,0 +1,5 @@
# Copy Shardfile SD Card
There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](../operator/hybrid-key-provisioning.md) derivation ceremony.
Label the SD card: "Shardfile <date>"

View File

@ -1,2 +1,39 @@
# Provisioner # Provisioner
The provisioner is responsible for:
* Procuring equipment
* Setting up the [Facility](#facility)
* Maintaining stock of supplies in the [Facility](#facility)
* Minimizing hardware supply chain security risks
## Directives
* MUST maintain chain of custody for all hardware until after it's properly stored or where necessary tamper-proofed
The different procedures are ordered in chronological preference, to improve the efficiency of setting up the system.
## Procedures
The first task is to bootstrap the operator keys as they are an essential part of building a chain of trust. To achieve this, a bootstrapping ceremony can be used in order to procure hardware and generate keys in one continuous session. This ensures that the chain of custody is maintained for the hardware, and then that hardware is used to generate and seed PGP keys to smart cards, which can then be committed to the keychain repository, and used to sign tamper proofing evidence.
[Initial Bootstrapping Ceremony](./pgp-key-bootstrapping.md)
### Procedures Without Prerequisites
* [Provision Facility](./provision-facility.md)
* [Provision Keychain Repository](./provision-keychain-repository.md)
* [Provision SD Card](./provision-sd-card.md)
* [Provision Tamper Proofing Equipment](./provision-tamper-proofing-equipment.md)
* [Provision Ceremonies Repository](./provision-ceremonies-repository.md)
* [Provision AirgapOS](./provision-airgapos.md)
### Procedures With Prerequisites
* [Procure Computer](./procure-computer.md)
* Requires tamper proofing equipment to be available
* [Provision Air Gapped Bundle](./provision-air-gapped-bundle.md)
* Requires operators to have PGP smart cards, tamper proofing equipment, AirgapOS SD card
* [Copy Shardfile SD Card](./copy-shardfile-sd-card.md)
* Requires Root Entropy ceremony to be completed in order to have "Shardfile" SD cards available for copying

View File

@ -0,0 +1,45 @@
# Operator - Provisioning PGP Keypair
## Requirements
The initial set up requires the provisioner and operator to do all of these in a continuous session ensuring dual custody. Ensure that all participants are familiar with the sub-processes (TODO list sub-processes) so that the ceremony can be completed in one working day.
* 3 individuals in order to have the flexibility for washroom breaks, fetching food and drinks etc.
* AirgapOS SD Card: [Provisioning Guide](./provision-airgapos.md)
* Tamper Proofing Equipment: [Provisioning Guide](./provision-tamper-proofing-equipment.md)
* Smart Cards (whatever number of PGP keys are being provisioned): [Smart Cards](TODO link to hardware)
* SD Cards: [Provisioning Guide](./provision-sd-card.md)
## Procedure
1. Set up AirgapOS (can be done ahead of time)
- [ ] add guide
1. Procure hardware
* Dual custody
1. Enter the designated location with an operator and individual keys are being generated for and all required equipment
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
1. Gut the laptop before using it: radio cards, speakers, microphones, storage drive
1. Boot AirgapOS from verified SD card
1. Check AirgapOS hashes when it's booted
{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}}
1. Create tamper proofed bundle (airgapos, laptop)
1. Submit evidence to ceremonies repo
#### Creation of Initial Air-Gapped Bundle
- [ ] TODO there is a reference to air gapped bundle in provisioner: procure-equipment... doc
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

View File

@ -1,114 +0,0 @@
# Provisioner - Procure Hardware
The provisioner is responsible for:
* Procuring equipment
* Setting up the [Facility](#facility)
* Maintaining stock of supplies in the [Facility](#facility)
* Minimizing hardware supply chain security risks
## Directives
* MUST maintain chain of custody for all hardware until after it's properly stored or where necessary tamper-proofed
The different procedures are ordered in chronological preference, to improve the efficiency of setting up the system.
## Preparing SD Cards
SD cards don't require special chain of custody, but ideally should be purchased from a reputable supplier.
### SD Card Models
{{ #include ../../../../hardware-models.md:sd-models }}
### Notes
* The facility should always be well stocked with freshly formatted SD cards
* There should be at least 20 microSD and 20 SD cards available for use
* Both microSD and regular SD cards should be available
* They should be formatted to `fat32` format
* Usage of these SD cards:
* Transferring transaction data from online to air-gapped machine
* Storing tamper proofing evidence produced at the end of the ceremony
### Procedure: formatting SD Card to `fat32`
{{ #include ../../../../component-documents/sd-formatting.md:steps }}
## Tamper Proofing Equipment
### Vacuum Sealer and roll
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-equipment}}
### Colored beads
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-filler}}
### Digital camera
{{ #include ../../../../component-documents/tamper-evidence-methods.md:digital-cameras}}
### Polaroid camera
{{ #include ../../../../component-documents/tamper-evidence-methods.md:polaroid-cameras}}
### Shardfile (SD Card)
There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](todo) derivation ceremony.
The Shardfile SD Card once provisioned will be used in creating the [tamper proofed airgap bundle](#air-gapped-bundle)
* Label: "Shardfile"
## Keychain (SD Card)
This procedure requires 2 individuals in order to witness the process and verify that the data being burned to the card is correct.
The Keychain SD Card once provisioned will be used in creating the [tamper proofed airgap bundle](#air-gapped-bundle)
### Procedure
1. Get a freshly formatted SD card
1. Plug it into a computer
1. Navigate the the official Keychain repository of your organization
1. Select provisioner and approver keys from the Keychain repository
1. Download the desired keys along with detached signatures
1. Copy the `.asc` and signature files to the SD card
1. Use the `sdtool` to lock the card
{{ #include ../../../../sdtool-instructions.md:steps }}
1. Label the card "Keychain <date>"
## Air-gapped bundle
* Tamper proof together the following objects:
* [Air-gapped machine](#computer-procurement)
* [AirgapOS SD card](#airgapos)
* [Keychain SD card](#trusted-keys)
* [Shardfile SD card](#shardfile)
### Procedure
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}

View File

@ -0,0 +1,15 @@
## Provision Air-gapped Bundle
* Tamper proof together the following objects:
* [Air-gapped machine](#computer-procurement)
* [AirgapOS SD card](#airgapos)
* [Keychain SD card](#trusted-keys)
* [Shardfile SD card](#shardfile)
### Procedure
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}

View File

@ -1,4 +1,4 @@
## Procure Computer # Provision Computer
For [Level 2](../../../../threat-model.md#level-2) security, air-gapped computers which are used for cryptographic material management and operations are required. For [Level 2](../../../../threat-model.md#level-2) security, air-gapped computers which are used for cryptographic material management and operations are required.

View File

@ -1,3 +1 @@
# Keychain Repository # Keychain Repository
{{ #include ../../../../component-documents/keychain-repository.md:content }}

View File

@ -0,0 +1,27 @@
## Preparing SD Cards
SD cards don't require special chain of custody, but ideally should be purchased from a reputable supplier.
### SD Card Models
{{ #include ../../../../hardware-models.md:sd-models }}
### Notes
* The facility should always be well stocked with freshly formatted SD cards
* There should be at least 20 microSD and 20 SD cards available for use
* Both microSD and regular SD cards should be available
* They should be formatted to `fat32` format
* Usage of these SD cards:
* Transferring transaction data from online to air-gapped machine
* Storing tamper proofing evidence produced at the end of the ceremony
### Procedure: formatting SD Card to `fat32`
{{ #include ../../../../component-documents/sd-formatting.md:steps }}

View File

@ -0,0 +1,17 @@
# Provision Tamper Proofing Equipment
### Vacuum Sealer and roll
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-equipment}}
### Colored beads
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-filler}}
### Digital camera
{{ #include ../../../../component-documents/tamper-evidence-methods.md:digital-cameras}}
### Polaroid camera
{{ #include ../../../../component-documents/tamper-evidence-methods.md:polaroid-cameras}}

View File

@ -24,7 +24,7 @@
* microSD to SD adapter * microSD to SD adapter
* TODO find specific products * [64GB Kingston Canvas Select Plus Class 10 MicroSDXC Memory Card with SD Adapter (SDCS2/64GB)](https://bulkmemorycards.com/shop/microsd-cards/microsd-64gb/microsd-64gb-class-10/microsd-64gb-class-10-w-sd-adapter/64gb-kingston-canvas-select-class-10-microsdxc-memory-card-with-sd-adapter-sdcs-64gb/?_gl=1*1r3cz3m*_up*MQ..*_gs*MQ..&gclid=Cj0KCQiAvvO7BhC-ARIsAGFyToVLF285A59zXpHQEDA0sc7NML5JQohdIOPnS1o-6IfjqClWWZdMruUaAupkEALw_wcB)
* SD Card USB Adapters * SD Card USB Adapters

View File

@ -1 +0,0 @@
# Root Entropy Provisioning

View File

@ -1 +0,0 @@
# Selecting Locations

View File

@ -1 +0,0 @@
# Online Machine

View File

@ -1,14 +0,0 @@
# Root Entropy Ceremonies
There are 3 primary types of [Root Entropy](glossary.md#root-entropy-re)
derivation ceremonies:
* **Local**: where all cryptographic material, including the Operator Keys,
Location Keys, and the Root Entropy are all generated during a single in-person
ceremony
* **Hybrid**: where the Operator Keys and Location Keys are generated separately
prior to the in-person ceremony where the Root Entropy is generated
* **Remote**: where all cryptographic material is generated in a decentralized
manner, remotely.

View File

@ -1 +0,0 @@
# Change Smart Card PINs

View File

@ -24,7 +24,7 @@ This is an administrative role which participates in the decision making capacit
## Operator ## Operator
Trained on how the QVS(todo) system operates, with intimate knowledge of the processes which are required to maintain the integrity, confidentiality and availability (CIA triad) of the system. Trained on how the QVS system operates, with intimate knowledge of the processes which are required to maintain the integrity, confidentiality and availability (CIA triad) of the system.
Operators conduct ceremonies and ensure that the controls around QVS are in tact. They verify instructions from [Approvers](#approver) and perform different actions which are part of the QVS system, ranging across hardware procurement, accessing SCIFs, preparing field kits, performing ceremonies and more. Operators conduct ceremonies and ensure that the controls around QVS are in tact. They verify instructions from [Approvers](#approver) and perform different actions which are part of the QVS system, ranging across hardware procurement, accessing SCIFs, preparing field kits, performing ceremonies and more.

View File

@ -370,7 +370,6 @@ This level focuses on defending against adversaries who are nation states.
* MUST ensure that individuals are scanned for devices before entering the vault * MUST ensure that individuals are scanned for devices before entering the vault
* MUST only communicate with outside world via fiber optic serial terminal * MUST only communicate with outside world via fiber optic serial terminal
- [ ] TODO do we even want this in the facility?
* MUST be housed in Class III bank vault or better * MUST be housed in Class III bank vault or better