Add TODOs following PR discussions

2024-12-17 14:48:57 -05:00 · 2024-12-17 14:48:57 -05:00 · 5bae471906
parent 5489afbbed
commit 5bae471906
5 changed files with 19 additions and 3 deletions
--- a/quorum-key-management/src/fixed-location-reusable-hardware-procurement.md
+++ b/quorum-key-management/src/fixed-location-reusable-hardware-procurement.md
@ -26,10 +26,14 @@

    * Seal the screws on the bottom of the laptop using glitter of chosen color

+        * TODO: Add detail around using glitter with larger pieces and layering several types, per this discussion: https://git.distrust.co/public/docs/pulls/10#issuecomment-996
+
    * Take photographs of the inside of the laptop, then of the outside after it's sealed

    * The photographs will be signed by Purism and encrypted to the PGP key used for communications to protect the integrity of the images

+        * TODO: Add information about verifying the authenticity of the Purism signing key, per this discussion: https://git.distrust.co/public/docs/pulls/10#issuecomment-961
+
    * The firmware verification hardware token can be sent to a separate location from the laptop, and will be tamper sealed using tamper proofing tape 
        
        * TODO: find out if we can have vacuum sealing with filler as a tamper proofing method be provided by Purism
--- a/quorum-key-management/src/fixed-location-reusable-laptop-ceremony.md
+++ b/quorum-key-management/src/fixed-location-reusable-laptop-ceremony.md
@ -34,6 +34,8 @@ The primary tamper proofing methods for the fixed location device are:

    * Approximate time of entry

+    * TODO: Document how this access log is implemented.
+
 4. Enter the SCIF, ensuring to lock the door behind you from the inside. The room should not be accessible from the outside during a ceremony.

    * Ensure that no individual is bringing in any electronic devices. A hand-held or gate metal detector can be used for this.
--- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md
+++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md
@ -4,6 +4,8 @@

 ## Requirements

+* TODO: Move this into the "provisioner" document, per this discussion: https://git.distrust.co/public/docs/pulls/10#issuecomment-1002
+
 * 2 primary operators will be operating the offline machine and online machine

    * Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)
@ -68,7 +70,7 @@

 0. Plug in SD card labelled "Trusted Keys"

-    * Load well known PGP keys of proposer and approver, and sign them using operator keys (NOT IMPLEMENTED)
+    * Load well known PGP keys of proposer and approver, and sign them using operator keys (TODO: NOT IMPLEMENTED)

        * `gpg --import <keyfile_name>`

@ -107,13 +109,13 @@

 1. Plug in SD card with transaction payload

-2. Wait for the screen to display the transaction information. (NOT IMPLEMENTED)
+2. Wait for the screen to display the transaction information. (TODO: NOT IMPLEMENTED)

    * In the background:

        * The transaction is constructed

-        * Signatures of tx data are verified against well known keys which were loaded by operators into local GPG keychain and signed by operators (NOT IMPLEMENTED)
+        * Signatures of tx data are verified against well known keys which were loaded by operators into local GPG keychain and signed by operators (TODO: NOT IMPLEMENTED)

 3. If any issues are detected with data you will be prompted and should initiate [incident response (todo)](todo)

@ -135,6 +137,8 @@

 * Shut down the air gapped machine

+* TODO: Add information about material disposal, per this discussion: https://git.distrust.co/public/docs/pulls/10#issuecomment-1004
+
 #### Sealing

 {{ #include ../../../../../../tamper-evidence-methods.md:vsbwf-procedure-sealing}}
--- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/procure-hardware.md
+++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/procure-hardware.md
@ -40,6 +40,8 @@ This guide contains specific equipment models: [guide](../../../../tamper-eviden

 * SD cards

+    * TODO: Add clarification around formatting and labeling SD cards, per this discussion: https://git.distrust.co/public/docs/pulls/10#issuecomment-1004
+
    * [Kingston Industrial 8GB SD Memory Card](https://www.kingston.com/en/memory-cards/industrial-grade-sd-uhs-i-u3?capacity=8gb)

    * [Kingston Indsutrial 8GB microSD Memory Card](https://shop.kingston.com/products/industrial-microsd-card-memory-card?variant=40558543405248)
--- a/quorum-key-management/src/hardware-procurement-and-chain-of-custody.md
+++ b/quorum-key-management/src/hardware-procurement-and-chain-of-custody.md
@ -20,6 +20,8 @@ The following steps must all be completed under the continued supervision and wi

 3. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location", which is ideally just a access controlled space. The bag MUST be a sealable see-through tamper evident bag.

+    * TODO: Add sources for suitable tamper evidence bags, per this discussion: https://git.distrust.co/public/docs/pulls/10#issuecomment-897
+
 4. At the processing location, one of the individuals is responsible for observing while the other opens the back of the laptop and removes:

 * Radio cards (wifi, bluetooth)
@ -32,6 +34,8 @@ The following steps must all be completed under the continued supervision and wi

 Each laptop model is laid out slightly differently so use an online reference and/or read the names of the components which are found in the laptop to determine which parts to remove.

+    * TODO: Add example online reference, per this discussion: https://git.distrust.co/public/docs/pulls/10#issuecomment-898
+
 5. Apply a [tamper proofing](./tamper-evidence-methods.md) method to the device depending on the [device designation](TODO)

 ## Tested Hardware (AirgapOS Compatibility)