large refactor
This commit is contained in:
parent
db19a45bff
commit
5571965d33
|
@ -4,41 +4,38 @@
|
|||
* [Selecting a Quorum](selecting-quorum.md)
|
||||
* [System Roles](system-roles.md)
|
||||
* [Software](software.md)
|
||||
* [Glossary](glossary.md)
|
||||
* [Location](locations.md)
|
||||
* [Glossary](glossary.md)
|
||||
* [Generated Documents]()
|
||||
* [Level 1]()
|
||||
* [Level 2]()
|
||||
* [Fixed-Location]()
|
||||
* [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md)
|
||||
* [Provision Equipment](generated-documents/level-2/fixed-location/provisioner/procure-equipment.md)
|
||||
* [Provision Computer](generated-documents/level-2/fixed-location/provisioner/procure-computer.md)
|
||||
* [PGP Key Bootstrapping](generated-documents/level-2/fixed-location/provisioner/pgp-key-bootstrapping.md)
|
||||
* [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md)
|
||||
* [Provision Ceremony Repository](generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md)
|
||||
* [Provision Keychain Repository](generated-documents/level-2/fixed-location/provisioner/provision-keychain-repository.md)
|
||||
* [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md)
|
||||
* [Provision Tamper Proofing Equipment](generated-documents/level-2/fixed-location/provisioner/provision-tamper-proofing-equipment.md)
|
||||
* [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
|
||||
* [Provision Facility](generated-documents/level-2/fixed-location/provisioner/provision-facility.md)
|
||||
* [Provision Airgapped Bundle](generated-documents/level-2/fixed-location/provisioner/provision-air-gapped-bundle.md)
|
||||
* [Copy Shardfile SD Card](generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md)
|
||||
* [Proposer](system-roles.md)
|
||||
* [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md)
|
||||
* [Approver](system-roles.md)
|
||||
* [Transaction Approval](generated-documents/level-2/fixed-location/approver/approve-transaction.md)
|
||||
* [Operator](system-roles.md)
|
||||
* [Location](TODO)
|
||||
* [PGP Key Bootstrapping](generated-documents/level-2/fixed-location/operator/pgp-key-bootstrapping.md)
|
||||
* [PGP Key Provisioning](generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md)
|
||||
* [Root Entropy Provisioning](generated-documents/level-2/fixed-location/operator/hybrid-key-provisioning.md)
|
||||
* [Root Entropy Generation](generated-documents/level-2/fixed-location/operator/root-entropy-generation.md)
|
||||
* [PYTH-SLN - Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md)
|
||||
* [Level 3]()
|
||||
* [Level 4]()
|
||||
* [Document Components]()
|
||||
* [Ceremony Repository](./component-documents/ceremony-repository.md)
|
||||
* [Keychain Repository](./component-documents/keychain-repository.md)
|
||||
* [Git Commit Signing](./component-documents/git-commit-signing.md)
|
||||
* [GUI Git Commit](./component-documents/gui-git-commit.md)
|
||||
* [OpenPGP Setup](./component-documents/openpgp-setup.md)
|
||||
* [Verifying Signatures](./component-documents/verifying-signatures.md)
|
||||
* [Tamper Evidence Methods](./component-documents/tamper-evidence-methods.md)
|
||||
* [Change Smart Card PINs](./component-documents/setting-smart-card-pins.md)
|
||||
* [Online Machine Provisioning](online-machine-provisioning.md)
|
||||
* [Online Machine Provisioning](./component-documents/online-machine-provisioning.md)
|
||||
* [Hardware Destruction](./component-documents/hardware-destruction.md)
|
||||
* [Storage Device Management](./component-documents/storage-device-management.md)
|
||||
* [Procurement & Chain of Custody](./component-documents/hardware-procurement-and-chain-of-custody.md)
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
# Ceremony Log Template
|
|
@ -1,29 +1,28 @@
|
|||
# `autorun.sh` Setup
|
||||
|
||||
This document describes how `autorun.sh`, a file that AirgapOS automatically
|
||||
boots and runs should be set up.
|
||||
This document describes how `autorun.sh`, a file that AirgapOS automatically boots and runs should be set up.
|
||||
|
||||
This setup can be done on any machine.
|
||||
|
||||
1. Create a file called `autorun.sh` that has the following contents:
|
||||
1. Create a file called `autorun.sh`
|
||||
|
||||
You may accomplish this by doing the following:
|
||||
* In your Terminal use this command: `vi autorun.sh`
|
||||
|
||||
* In your Terminal use this command:
|
||||
`vi autorun.sh`
|
||||
* Once you are in the editor press "i" to enter "insert mode"
|
||||
* Type in the contents, replacing <N> and <M> with your chosen threshold
|
||||
numbers according to your [Quorum](selecting-quorum.md):
|
||||
|
||||
* Type in the contents, replacing <N> and <M> with your chosen threshold numbers according to your [Quorum](selecting-quorum.md):
|
||||
|
||||
```sh
|
||||
#!/bin/sh
|
||||
keyfork wizard generate-shard-secret --threshold <M> --max <N> --output shards.pgp
|
||||
```
|
||||
|
||||
* Press "esc"
|
||||
* Press ":"
|
||||
* Press "x"
|
||||
* Press Enter
|
||||
|
||||
2. Hash the file
|
||||
1. Hash the file
|
||||
The file should be hashed by using the following command:
|
||||
|
||||
```sh
|
||||
|
@ -31,14 +30,12 @@ This setup can be done on any machine.
|
|||
```
|
||||
Make note of the hash on a piece of paper
|
||||
|
||||
3. Copy the file to the Storage Device which contains AirgapOS.
|
||||
1. Copy the file to the Storage Device which contains AirgapOS.
|
||||
|
||||
a. If you don't have a Storage Device set up with AirgapOS use [this guide](repeat-use-airgapos.md)
|
||||
to do so.
|
||||
a. If you don't have a Storage Device set up with AirgapOS use [this guide](repeat-use-airgapos.md) to do so.
|
||||
|
||||
b. Mount the AirgapOS Storage Device using [this guide](storage-device-management.md#mounting-a-storage-device)
|
||||
|
||||
c. Copy the `autorun.sh` file to the Storage Device
|
||||
|
||||
4. Make note of this hash on a piece of paper or print it as you will need it to
|
||||
verify the file during Ceremonies.
|
||||
1. Make note of this hash on a piece of paper or print it as you will need it to verify the file during Ceremonies.
|
|
@ -36,6 +36,10 @@ ceremonies/
|
|||
<tx_name>.tx.json
|
||||
policies/
|
||||
spending-policy.json
|
||||
keychain/
|
||||
<key_id>/
|
||||
sig_1.asc
|
||||
sig_2.asc
|
||||
```
|
||||
|
||||
## Procedure: Setting up Repository
|
||||
|
|
|
@ -36,5 +36,30 @@ trusted-keys/
|
|||
1. Two other authorized individuals (TODO define how they are authorized) must provide detached PGP signatures of the key being submitted
|
||||
|
||||
1. The PR should be merged using a signed commit via the git CLI
|
||||
|
||||
### Procedure: Ceremony "Keychain SD Card"
|
||||
|
||||
This procedure requires 2 individuals in order to witness the process and verify that the data being burned to the card is correct.
|
||||
|
||||
The Keychain SD Card once provisioned will be used in creating the [tamper proofed airgap bundle](#air-gapped-bundle)
|
||||
|
||||
1. Get a freshly formatted SD card
|
||||
|
||||
1. Plug it into a computer
|
||||
|
||||
1. Navigate the the official Keychain repository of your organization
|
||||
|
||||
1. Select provisioner and approver keys from the Keychain repository
|
||||
|
||||
1. Download the desired keys along with detached signatures
|
||||
|
||||
1. Copy the `.asc` and signature files to the SD card
|
||||
|
||||
1. Use the `sdtool` to lock the card
|
||||
|
||||
{{ #include ../sdtool-instructions.md:steps }}
|
||||
|
||||
1. Label the card "Keychain <date>"
|
||||
|
||||
// ANCHOR_END: content
|
||||
/* ANCHOR_END: all */
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
- [ ] TODO: fix this doc to use a different smart card for pureboot as the librem key, as the librem key doesn't have a physical switch
|
||||
|
||||
- [ ] TODO update this to be hardware agnostic and use Heads / PureBoot
|
||||
|
||||
This guide walks the user through setting up a machine which relies on
|
||||
[PureBoot](https://source.puri.sm/firmware/pureboot) to verify the authenticity
|
||||
of the `.iso` image which is being booted, as well to ensure that firmware of
|
||||
|
@ -13,7 +15,7 @@ This guide assumes the use of a Purism machine, with a Librem Key.
|
|||
|
||||
* 1 Storage Device
|
||||
|
||||
* 1 Librem Smart Card
|
||||
* 1 Smart Card
|
||||
|
||||
* 1 Librem 14 Computer with [PureBoot firmware installed](flash-pureboot-firmware.md).
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ The approver is responsible for verifying a transaction proposed by a [proposer]
|
|||
|
||||
1. Verify that the commit with the tx data is properly signed by the key that was verified in the previous step
|
||||
|
||||
1. Verify that the transaction is according to the defined policy (TODO link to policy)
|
||||
1. Verify that the transaction is according to the defined policy, for the time being ensuring it's signed by safe-listed PGP keys (TODO: update this with a proper policy post-MVP)
|
||||
|
||||
1. To sign the transaction payload and produce a detached signature use:
|
||||
|
||||
|
|
|
@ -1,11 +1,8 @@
|
|||
# NOT PRODUCTION READY
|
||||
|
||||
# Operator - Sign PYTH-SPL Transaction
|
||||
|
||||
## Requirements
|
||||
|
||||
* Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)
|
||||
- [ ] TODO define guide for setting up operator keys
|
||||
* Ensure both primary operators have their [Operator Keys](../../pgp-key-provisioning.md)
|
||||
|
||||
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
|
||||
|
||||
|
@ -40,7 +37,7 @@
|
|||
|
||||
1. Plug in SD card labelled "AirgapOS"
|
||||
|
||||
TODO: add steps
|
||||
1. Boot the computer and verify the hash of the version of AirgapOS that's booted
|
||||
|
||||
1. Plug in SD card labelled "Keychain"
|
||||
|
||||
|
|
|
@ -1,79 +0,0 @@
|
|||
# Hybrid Key Provisioning
|
||||
|
||||
This document contains instructions on how Operators collaborate to set up
|
||||
QVS where the Operator Keys and Location Keys were generated before this
|
||||
ceremony and only the PGP Public Certificates of the Location keys are brought
|
||||
to the ceremony which are used to shard the Root Entropy. This is useful
|
||||
when conducting the ceremony in a lower trust environment, and where not all
|
||||
aspects of the ceremony can be controlled to the desired degree.
|
||||
|
||||
## Requirements
|
||||
* Each member needs to bring their:
|
||||
|
||||
* Ceremony Notes
|
||||
|
||||
* Ceremony SD Card
|
||||
|
||||
* Airgap SD Card (only 1 member needs to bring this - set up according to
|
||||
[One Time Use / AirgapOS Setup](TODO)).
|
||||
|
||||
* Operator Keys
|
||||
|
||||
* Ceremonies repository
|
||||
|
||||
## Steps
|
||||
|
||||
1. Ensure there are additional witnesses for the ceremony, outside of the
|
||||
operators to assist in monitoring and verifying the integrity of the process.
|
||||
|
||||
* Designate at least 1 individual to keep notes on the ceremony based
|
||||
on the [Ceremony Log Template](ceremony-log-template.md)
|
||||
|
||||
1. Ensure that no participants have brought digital devices other than ones
|
||||
necessary for the ceremony. A faraday bag may be used to hold any such devices
|
||||
for the duration of the ceremony.
|
||||
|
||||
1. Procure a laptop and SD cards (3) from a randomly selected store and
|
||||
ensure at least 2 people are in line of sight of all the hardware until the
|
||||
ceremony is executed. It may be worthwhile to try booting from the SD card at
|
||||
the store. Dell laptops tend to support booting from SD cards while Lenovo
|
||||
don't. More notes on selecting hardware can be found [here](one-time-use-hardware-procurement.md)
|
||||
|
||||
1. Secure a [Location](one-time-use-locations.md)
|
||||
|
||||
|
||||
1. Verify the SD card by either:
|
||||
|
||||
* Booting a separate AirgapOS to the machine used for the ceremony in order
|
||||
to verify the SD card is not writeable and the hash matches using the steps
|
||||
from the [One Time Use/ AirgapOS Setup](TODO) guide.
|
||||
|
||||
OR
|
||||
|
||||
* Mounting the SD card to a separate machine and verifying it's not
|
||||
writeable and verify the hash matches using steps from the [One Time Use/AirgapOS Setup](TODO) guide.
|
||||
|
||||
* NOTE: It is essential that the SD card remain in line of sight from the
|
||||
moment it is verified to the moment is is used.
|
||||
|
||||
1. Plug in and boot from Airgap SD card:
|
||||
|
||||
* Boot from internal SD card reader or USB device reader
|
||||
|
||||
* Verify the `sha256sum ceremony.sh` hash matches each of the Operator's
|
||||
"Ceremony Notes"
|
||||
|
||||
1. Button mash to ensure adequate entropy on the OS
|
||||
|
||||
1. Set the system time as it has to be after the PGP
|
||||
public certificates were created, and before they expire:
|
||||
|
||||
* `date -s "YYYY-MM-DD HH:MM:SS"`
|
||||
|
||||
1. Run `ceremony.sh`
|
||||
|
||||
1. Back up the `shardfile`, and `pub.asc` to 3 separate SD cards,
|
||||
one for each operator
|
||||
|
||||
1. Destroy the computer according to [Hardware Destruction](hardware-destruction.md)
|
||||
guide.
|
|
@ -1,42 +0,0 @@
|
|||
# NOT PRODUCTION READY
|
||||
|
||||
# Operator - Provisioning PGP Keypair
|
||||
|
||||
## Requirements
|
||||
|
||||
The initial set up requires the operators to do all of these in a continuous session ensuring dual custody:
|
||||
|
||||
1. procure hardware
|
||||
2. gut hardware
|
||||
3. set up airgap together, built from source
|
||||
4. burn sd card
|
||||
5. boot airgap
|
||||
6. generate mnemonic 1
|
||||
7. generate pgp key
|
||||
8. seed card(s) using oct
|
||||
9. tamper proof the laptop
|
||||
10. submit pgp signed proof to previously set up ceremonies repo
|
||||
|
||||
|
||||
## Procedure
|
||||
|
||||
1. Set up AirgapOS (can be done ahead of time)
|
||||
- [ ] add guide
|
||||
|
||||
1. Procure hardware
|
||||
* Dual custody
|
||||
* Remove radio cards etc.
|
||||
|
||||
1. Enter the designated location with an operator and individual keys are being generated for and all required equipment
|
||||
|
||||
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
|
||||
|
||||
1. Boot AirgapOS from verified SD card
|
||||
|
||||
{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}}
|
||||
|
||||
#### Creation of Initial Air-Gapped Bundle
|
||||
- [ ] TODO there is a reference to air gapped bundle in provisioner: procure-equipment... doc
|
||||
|
||||
{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}
|
||||
|
|
@ -8,9 +8,7 @@
|
|||
|
||||
* 2 new SD cards
|
||||
|
||||
* Tamper proofing evidence
|
||||
|
||||
* TODO define the evidence as an importable anchor
|
||||
* Tamper proofing evidence photographs
|
||||
|
||||
## Procedure
|
||||
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
# Root Entropy Generation
|
||||
|
||||
This is a ceremony for generating root entropy.
|
||||
|
||||
## Requirements
|
||||
|
||||
* Ensure both primary operators have their [Operator Keys](../../pgp-key-provisioning.md)
|
||||
|
||||
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
|
||||
|
||||
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys
|
||||
|
||||
- [ ] TODO: where do we refer to permitted PGP keys
|
||||
|
||||
* Each operator should hash the `keychain` repository
|
||||
- [ ] TODO define keychain repository setup
|
||||
|
||||
* `sha256sum keychain/`
|
||||
|
||||
* Write it down on a piece of paper as it will be used during the ceremony
|
||||
|
||||
* Each member needs to bring their:
|
||||
|
||||
* Ceremony Notes
|
||||
|
||||
* Ceremony SD Card
|
||||
- [ ] TODO explain what this is
|
||||
|
||||
## Procedure
|
||||
|
||||
1. Enter the designated location with the 2 operators and all required equipment
|
||||
|
||||
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
|
||||
|
||||
1. Retrieve sealed laptop and polaroid from locked storage
|
||||
|
||||
### Unsealing Tamper Proofing
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
|
||||
|
||||
### Generating Entropy
|
||||
1. Boot AirgapOS on the airgapped machine
|
||||
|
||||
1. Verify the hash of the AirgapOS version once it's booted
|
||||
|
||||
1. Run `ceremony.sh`
|
||||
|
||||
1. Button mash to ensure adequate entropy on the OS
|
||||
|
||||
1. Back up the `shardfile`, and `pub.asc` to at least 2 separate SD cards
|
||||
|
||||
### Finalizing Ceremony
|
||||
|
||||
1. Seal the airgapped bundle (TODO)
|
|
@ -52,10 +52,11 @@ The proposer must combine these values into a single message, which can be a sim
|
|||
}
|
||||
```
|
||||
|
||||
// TODO using the git gui introduces a lot of risk, we can either use `git` to reduce risk, or audit and deterministically build a GUI tool like GitKraken
|
||||
{{ #include ../../../../component-documents/gui-git-commit.md:steps}}
|
||||
1. Sign the data in the CLI using `gpg` or another OpenPGP implementation:
|
||||
|
||||
6. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool(TODO).
|
||||
* `gpg --clearsign <file>`
|
||||
|
||||
1. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool(TODO).
|
||||
|
||||
## Appendix
|
||||
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
# Ceremonies Repository
|
||||
|
||||
{{ #include ../../../../component-documents/ceremony-repository.md:content }}
|
|
@ -0,0 +1,5 @@
|
|||
# Copy Shardfile SD Card
|
||||
|
||||
There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](../operator/hybrid-key-provisioning.md) derivation ceremony.
|
||||
|
||||
Label the SD card: "Shardfile <date>"
|
|
@ -1,2 +1,39 @@
|
|||
# Provisioner
|
||||
|
||||
The provisioner is responsible for:
|
||||
|
||||
* Procuring equipment
|
||||
|
||||
* Setting up the [Facility](#facility)
|
||||
|
||||
* Maintaining stock of supplies in the [Facility](#facility)
|
||||
|
||||
* Minimizing hardware supply chain security risks
|
||||
|
||||
## Directives
|
||||
|
||||
* MUST maintain chain of custody for all hardware until after it's properly stored or where necessary tamper-proofed
|
||||
|
||||
The different procedures are ordered in chronological preference, to improve the efficiency of setting up the system.
|
||||
|
||||
## Procedures
|
||||
|
||||
The first task is to bootstrap the operator keys as they are an essential part of building a chain of trust. To achieve this, a bootstrapping ceremony can be used in order to procure hardware and generate keys in one continuous session. This ensures that the chain of custody is maintained for the hardware, and then that hardware is used to generate and seed PGP keys to smart cards, which can then be committed to the keychain repository, and used to sign tamper proofing evidence.
|
||||
|
||||
[Initial Bootstrapping Ceremony](./pgp-key-bootstrapping.md)
|
||||
|
||||
### Procedures Without Prerequisites
|
||||
* [Provision Facility](./provision-facility.md)
|
||||
* [Provision Keychain Repository](./provision-keychain-repository.md)
|
||||
* [Provision SD Card](./provision-sd-card.md)
|
||||
* [Provision Tamper Proofing Equipment](./provision-tamper-proofing-equipment.md)
|
||||
* [Provision Ceremonies Repository](./provision-ceremonies-repository.md)
|
||||
* [Provision AirgapOS](./provision-airgapos.md)
|
||||
|
||||
### Procedures With Prerequisites
|
||||
* [Procure Computer](./procure-computer.md)
|
||||
* Requires tamper proofing equipment to be available
|
||||
* [Provision Air Gapped Bundle](./provision-air-gapped-bundle.md)
|
||||
* Requires operators to have PGP smart cards, tamper proofing equipment, AirgapOS SD card
|
||||
* [Copy Shardfile SD Card](./copy-shardfile-sd-card.md)
|
||||
* Requires Root Entropy ceremony to be completed in order to have "Shardfile" SD cards available for copying
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
# Provision AirgapOS
|
|
@ -0,0 +1,45 @@
|
|||
# Operator - Provisioning PGP Keypair
|
||||
|
||||
## Requirements
|
||||
|
||||
The initial set up requires the provisioner and operator to do all of these in a continuous session ensuring dual custody. Ensure that all participants are familiar with the sub-processes (TODO list sub-processes) so that the ceremony can be completed in one working day.
|
||||
|
||||
* 3 individuals in order to have the flexibility for washroom breaks, fetching food and drinks etc.
|
||||
|
||||
* AirgapOS SD Card: [Provisioning Guide](./provision-airgapos.md)
|
||||
|
||||
* Tamper Proofing Equipment: [Provisioning Guide](./provision-tamper-proofing-equipment.md)
|
||||
|
||||
* Smart Cards (whatever number of PGP keys are being provisioned): [Smart Cards](TODO link to hardware)
|
||||
|
||||
* SD Cards: [Provisioning Guide](./provision-sd-card.md)
|
||||
|
||||
## Procedure
|
||||
|
||||
1. Set up AirgapOS (can be done ahead of time)
|
||||
- [ ] add guide
|
||||
|
||||
1. Procure hardware
|
||||
* Dual custody
|
||||
|
||||
1. Enter the designated location with an operator and individual keys are being generated for and all required equipment
|
||||
|
||||
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
|
||||
|
||||
1. Gut the laptop before using it: radio cards, speakers, microphones, storage drive
|
||||
|
||||
1. Boot AirgapOS from verified SD card
|
||||
|
||||
1. Check AirgapOS hashes when it's booted
|
||||
|
||||
{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}}
|
||||
|
||||
1. Create tamper proofed bundle (airgapos, laptop)
|
||||
|
||||
1. Submit evidence to ceremonies repo
|
||||
|
||||
#### Creation of Initial Air-Gapped Bundle
|
||||
- [ ] TODO there is a reference to air gapped bundle in provisioner: procure-equipment... doc
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}
|
||||
|
|
@ -1,114 +0,0 @@
|
|||
# Provisioner - Procure Hardware
|
||||
|
||||
The provisioner is responsible for:
|
||||
|
||||
* Procuring equipment
|
||||
|
||||
* Setting up the [Facility](#facility)
|
||||
|
||||
* Maintaining stock of supplies in the [Facility](#facility)
|
||||
|
||||
* Minimizing hardware supply chain security risks
|
||||
|
||||
## Directives
|
||||
|
||||
* MUST maintain chain of custody for all hardware until after it's properly stored or where necessary tamper-proofed
|
||||
|
||||
The different procedures are ordered in chronological preference, to improve the efficiency of setting up the system.
|
||||
|
||||
## Preparing SD Cards
|
||||
|
||||
SD cards don't require special chain of custody, but ideally should be purchased from a reputable supplier.
|
||||
|
||||
### SD Card Models
|
||||
|
||||
{{ #include ../../../../hardware-models.md:sd-models }}
|
||||
|
||||
### Notes
|
||||
|
||||
* The facility should always be well stocked with freshly formatted SD cards
|
||||
|
||||
* There should be at least 20 microSD and 20 SD cards available for use
|
||||
|
||||
* Both microSD and regular SD cards should be available
|
||||
|
||||
* They should be formatted to `fat32` format
|
||||
|
||||
* Usage of these SD cards:
|
||||
|
||||
* Transferring transaction data from online to air-gapped machine
|
||||
|
||||
* Storing tamper proofing evidence produced at the end of the ceremony
|
||||
|
||||
### Procedure: formatting SD Card to `fat32`
|
||||
|
||||
{{ #include ../../../../component-documents/sd-formatting.md:steps }}
|
||||
|
||||
## Tamper Proofing Equipment
|
||||
|
||||
### Vacuum Sealer and roll
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-equipment}}
|
||||
|
||||
### Colored beads
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-filler}}
|
||||
|
||||
### Digital camera
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:digital-cameras}}
|
||||
|
||||
### Polaroid camera
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:polaroid-cameras}}
|
||||
|
||||
### Shardfile (SD Card)
|
||||
|
||||
There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](todo) derivation ceremony.
|
||||
|
||||
The Shardfile SD Card once provisioned will be used in creating the [tamper proofed airgap bundle](#air-gapped-bundle)
|
||||
|
||||
* Label: "Shardfile"
|
||||
|
||||
## Keychain (SD Card)
|
||||
|
||||
This procedure requires 2 individuals in order to witness the process and verify that the data being burned to the card is correct.
|
||||
|
||||
The Keychain SD Card once provisioned will be used in creating the [tamper proofed airgap bundle](#air-gapped-bundle)
|
||||
|
||||
### Procedure
|
||||
|
||||
1. Get a freshly formatted SD card
|
||||
|
||||
1. Plug it into a computer
|
||||
|
||||
1. Navigate the the official Keychain repository of your organization
|
||||
|
||||
1. Select provisioner and approver keys from the Keychain repository
|
||||
|
||||
1. Download the desired keys along with detached signatures
|
||||
|
||||
1. Copy the `.asc` and signature files to the SD card
|
||||
|
||||
1. Use the `sdtool` to lock the card
|
||||
|
||||
{{ #include ../../../../sdtool-instructions.md:steps }}
|
||||
|
||||
1. Label the card "Keychain <date>"
|
||||
|
||||
|
||||
## Air-gapped bundle
|
||||
|
||||
* Tamper proof together the following objects:
|
||||
|
||||
* [Air-gapped machine](#computer-procurement)
|
||||
|
||||
* [AirgapOS SD card](#airgapos)
|
||||
|
||||
* [Keychain SD card](#trusted-keys)
|
||||
|
||||
* [Shardfile SD card](#shardfile)
|
||||
|
||||
### Procedure
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
|
|
@ -0,0 +1,15 @@
|
|||
## Provision Air-gapped Bundle
|
||||
|
||||
* Tamper proof together the following objects:
|
||||
|
||||
* [Air-gapped machine](#computer-procurement)
|
||||
|
||||
* [AirgapOS SD card](#airgapos)
|
||||
|
||||
* [Keychain SD card](#trusted-keys)
|
||||
|
||||
* [Shardfile SD card](#shardfile)
|
||||
|
||||
### Procedure
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
|
|
@ -1,4 +1,4 @@
|
|||
## Procure Computer
|
||||
# Provision Computer
|
||||
|
||||
For [Level 2](../../../../threat-model.md#level-2) security, air-gapped computers which are used for cryptographic material management and operations are required.
|
||||
|
|
@ -1,3 +1 @@
|
|||
# Keychain Repository
|
||||
|
||||
{{ #include ../../../../component-documents/keychain-repository.md:content }}
|
|
@ -0,0 +1,27 @@
|
|||
## Preparing SD Cards
|
||||
|
||||
SD cards don't require special chain of custody, but ideally should be purchased from a reputable supplier.
|
||||
|
||||
### SD Card Models
|
||||
|
||||
{{ #include ../../../../hardware-models.md:sd-models }}
|
||||
|
||||
### Notes
|
||||
|
||||
* The facility should always be well stocked with freshly formatted SD cards
|
||||
|
||||
* There should be at least 20 microSD and 20 SD cards available for use
|
||||
|
||||
* Both microSD and regular SD cards should be available
|
||||
|
||||
* They should be formatted to `fat32` format
|
||||
|
||||
* Usage of these SD cards:
|
||||
|
||||
* Transferring transaction data from online to air-gapped machine
|
||||
|
||||
* Storing tamper proofing evidence produced at the end of the ceremony
|
||||
|
||||
### Procedure: formatting SD Card to `fat32`
|
||||
|
||||
{{ #include ../../../../component-documents/sd-formatting.md:steps }}
|
|
@ -0,0 +1,17 @@
|
|||
# Provision Tamper Proofing Equipment
|
||||
|
||||
### Vacuum Sealer and roll
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-equipment}}
|
||||
|
||||
### Colored beads
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-filler}}
|
||||
|
||||
### Digital camera
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:digital-cameras}}
|
||||
|
||||
### Polaroid camera
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:polaroid-cameras}}
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
* microSD to SD adapter
|
||||
|
||||
* TODO find specific products
|
||||
* [64GB Kingston Canvas Select Plus Class 10 MicroSDXC Memory Card with SD Adapter (SDCS2/64GB)](https://bulkmemorycards.com/shop/microsd-cards/microsd-64gb/microsd-64gb-class-10/microsd-64gb-class-10-w-sd-adapter/64gb-kingston-canvas-select-class-10-microsdxc-memory-card-with-sd-adapter-sdcs-64gb/?_gl=1*1r3cz3m*_up*MQ..*_gs*MQ..&gclid=Cj0KCQiAvvO7BhC-ARIsAGFyToVLF285A59zXpHQEDA0sc7NML5JQohdIOPnS1o-6IfjqClWWZdMruUaAupkEALw_wcB)
|
||||
|
||||
* SD Card USB Adapters
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
# Root Entropy Provisioning
|
|
@ -1 +0,0 @@
|
|||
# Selecting Locations
|
|
@ -1 +0,0 @@
|
|||
# Online Machine
|
|
@ -1,14 +0,0 @@
|
|||
# Root Entropy Ceremonies
|
||||
|
||||
There are 3 primary types of [Root Entropy](glossary.md#root-entropy-re)
|
||||
derivation ceremonies:
|
||||
|
||||
* **Local**: where all cryptographic material, including the Operator Keys,
|
||||
Location Keys, and the Root Entropy are all generated during a single in-person
|
||||
ceremony
|
||||
|
||||
* **Hybrid**: where the Operator Keys and Location Keys are generated separately
|
||||
prior to the in-person ceremony where the Root Entropy is generated
|
||||
|
||||
* **Remote**: where all cryptographic material is generated in a decentralized
|
||||
manner, remotely.
|
|
@ -1 +0,0 @@
|
|||
# Change Smart Card PINs
|
|
@ -24,7 +24,7 @@ This is an administrative role which participates in the decision making capacit
|
|||
|
||||
## Operator
|
||||
|
||||
Trained on how the QVS(todo) system operates, with intimate knowledge of the processes which are required to maintain the integrity, confidentiality and availability (CIA triad) of the system.
|
||||
Trained on how the QVS system operates, with intimate knowledge of the processes which are required to maintain the integrity, confidentiality and availability (CIA triad) of the system.
|
||||
|
||||
Operators conduct ceremonies and ensure that the controls around QVS are in tact. They verify instructions from [Approvers](#approver) and perform different actions which are part of the QVS system, ranging across hardware procurement, accessing SCIFs, preparing field kits, performing ceremonies and more.
|
||||
|
||||
|
|
|
@ -370,7 +370,6 @@ This level focuses on defending against adversaries who are nation states.
|
|||
* MUST ensure that individuals are scanned for devices before entering the vault
|
||||
|
||||
* MUST only communicate with outside world via fiber optic serial terminal
|
||||
- [ ] TODO do we even want this in the facility?
|
||||
|
||||
* MUST be housed in Class III bank vault or better
|
||||
|
||||
|
|
Loading…
Reference in New Issue