feat: clean up Level 1

trove/src/component-documents/airgapos.md

@@ -24,6 +24,10 @@
 
 1. {{ #include finding-device-name.md:content }}
 
+1. Hash the .iso file and make note of it (it will be required later)
+
+	* `sha256sum out/airgap.iso`
+
 1. Flash `airgap.iso` to an SD Card:
 
     * `dd if=out/airgap.iso of=/dev/<device_name> bs=4M conv=fsync`
@@ -48,6 +52,16 @@
 
     * `echo "42" | dd of=/dev/<device_name>`
 
+1. Verify the contents on the SD card match the recorded hash
+
+	* Build AirgapOS once more according to the [readme](https://git.distrust.co/public/airgap) in the repository.
+
+		* Ensure it's the same version as in the previous step
+
+	* `head -c $(stat -c '%s' out/airgap.iso) /dev/<device_name> | sha256sum`
+
+	* Additionally, the user can refer to the [StageX](https://codeberg.org/stagex/stagex) hashes of AirgapOS for a given version
+
 {{ #include tamper-evidence-methods.md:vsbwf-procedure-sealing }}
 // ANCHOR_END: procedure
 /* ANCHOR_END: all */

trove/src/component-documents/openpgp-setup.md

@@ -19,7 +19,7 @@
     $ export KEYFORK_OPENPGP_EXPIRE=2y
     ```
 
-1. Generate a mnemonic, encrypting to a newly-generated key:
+1. Generate a mnemonic, and shard (encrypt) it to the newly-generated key:
 
 	Ensure the User ID is your name and your email.
 
@@ -33,6 +33,17 @@
 
 	Note: The PIN can't use sequential numbers, characters or repeated patterns.
 
+	---
+
+	Alternatively, if the user wants to see the mnemonic, and encrypt it in a
+	different manner, the `--encrypt-to-self encrypted.asc` portion of the
+	command can be ommited and the command piped into a file by appending
+	`> mnemonic.txt` to the end of the command.
+
+    ```
+	$ keyfork mnemonic generate --provision openpgp-card --derive='openpgp --public "Your Name <your@email.co>"' > mnemonic.txt
+    ```
+
 // ANCHOR_END: steps-keyfork
 
 ## Generating Keys on Smartcard

trove/src/component-documents/vaults-repository.md

@@ -1,7 +1,7 @@
 /* ANCHOR: all */
 # Vaults Repository
 
-// ANCHOR: content
+// ANCHOR: data
 This repository holds data pertaining to vaults. The primary data consists of:
 
 * Operation proposals
@@ -19,7 +19,9 @@ This repository holds data pertaining to vaults. The primary data consists of:
 * Policies (such as spending rules)
 
 * Ceremony logs
+// ANCHOR_END: data
 
+// ANCHOR: content
 ## Directives
 
 * MUST be a private repository

trove/src/generated-documents/level-1/create-vaults-repository.md

@@ -1,3 +1,11 @@
 # Provision Trove Git Repository
 
+This repository is meant for storing data pertaining to vaults. The primary data consists of:
+
+* Shardfiles
+
+* Blockchain metadata (addresses, nonces etc.)
+
+* Ceremony logs
+
 {{ #include ../../component-documents/vaults-repository.md:content }}

trove/src/generated-documents/level-1/provision-entropy-and-pgp.md

@@ -24,5 +24,12 @@ This step does two things:
 
 {{ #include ../../component-documents/openpgp-setup.md:steps-keyfork}}
 
+1. Plug in fresh SD card and save data you wish to store (encrypted.asc,
+<key_id>.asc, mnenmonic.txt.asc, mnemonic.txt etc.)
+
+	* WARNING: If you store your mnemonic in plaintext, if someone gains access
+	to it, your Trove system will be fully compromised.
+
 1. Power down AirgapOS Laptop
 
+

trove/src/generated-documents/level-1/provision-laptop.md

@@ -4,28 +4,9 @@ If performing multiple provisioning steps, you may skip the tamper proofing step
 as long as you retain continued supervision of the hardware.
 
 1. If tamper proofed, unseal tamper proofed equipment
-
+{{ #include ../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }}
-	<details>
-		<summary>Vacuum sealing based tamper proofing</summary>
-		{{ #include ../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }}
-	</details>
-
-	<details>
-		<summary>Safe based tamper proofing</summary>
-		{{ #include ../../component-documents/tamper-evidence-methods.md:safe-unsealing }}
-	</details>
 
 1. Remove all radio cards, storage drive, speakers, and microphone using standard industry laptop repair tactics
 
 1. Re-apply tamper proofing
-
+{{ #include ../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
-	<details>
-		<summary>Vacuum sealing based tamper proofing</summary>
-		{{ #include ../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
-	</details>
-
-	<details>
-		<summary>Safe based tamper proofing</summary>
-		{{ #include ../../component-documents/tamper-evidence-methods.md:safe-sealing }}
-	</details>
-

trove/src/generated-documents/level-2/fixed-location/provisioner/create-vaults-repository.md

@@ -1,3 +1,4 @@
 # Provision Trove Git Repository
 
+{{ #include ../../../../component-documents/vaults-repository.md:data }}
 {{ #include ../../../../component-documents/vaults-repository.md:content }}

trove/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md

@@ -1,3 +0,0 @@
-# Provision Ceremony Repository
-
-{{ #include ../../../../component-documents/vaults-repository.md:content }}

trove/src/hardware.md

@@ -65,7 +65,8 @@ To achieve the best level of randomness and difficulty of reproducing the arrang
 
 ### Safes
 // ANCHOR:safes
-Select an appropriate safe, ideally with a high TL rating.
+Select an appropriate safe, ideally with a high TL rating and a highest tamper
+evident lock your budget supports (e.g FF-L-2740b).
 
 | Rating        | Time (Minutes) | Tested Against      | Tested Sides |
 |---------------|----------------|---------------------|--------------|