From 6b1ad8db350f5211762dbb24058e52cd63bd5931 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 27 Jan 2025 20:29:17 -0500 Subject: [PATCH] integrate more feedback --- quorum-key-management/src/SUMMARY.md | 2 -- .../operator/ceremony-sd-card-provisioning.md | 2 ++ .../operator/quorum-entropy-ceremony.md | 2 -- .../procurer/procure-facility.md | 8 +----- .../provisioner/copy-shardfile-sd-card.md | 26 ------------------- .../fixed-location/provisioner/index.md | 2 -- .../provisioner/provision-airgapos.md | 1 + .../provisioner/provision-ceremony-sd-card.md | 10 ------- .../provisioner/provision-computer.md | 4 --- .../provisioner/provision-sd-card.md | 8 +----- 10 files changed, 5 insertions(+), 60 deletions(-) delete mode 100644 quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md diff --git a/quorum-key-management/src/SUMMARY.md b/quorum-key-management/src/SUMMARY.md index 393a710..0224508 100644 --- a/quorum-key-management/src/SUMMARY.md +++ b/quorum-key-management/src/SUMMARY.md @@ -21,8 +21,6 @@ * [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md) * [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md) * [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md) - * [Provision Ceremony SD Card](generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md) - * [Copy Shardfile SD Card](generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md) * [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md) * [Proposer](system-roles.md) * [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md) diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md index b11b0e1..5bb38c5 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md @@ -14,6 +14,8 @@ 1. Open the SD Card Booster Pack +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + 1. Plug in a fresh SD card into computer 1. Navigate to the ceremony repository for the ceremony being executed diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md index 681c6e7..8d5db9f 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md @@ -36,8 +36,6 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage -1. Retrieve Shardfile SD card from High Visibility Storage and plug it into air-gapped laptop - 1. Run the keyfork wizard to generate entropy, derive OpenPGP certs, load them into smart cards, and shard the secret to the generated OpenPGP keys * `keyfork wizard generate-shard-secret --threshold --max --keys-per-shard= --output shardfile.asc --cert-output keyring.asc` diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-facility.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-facility.md index e163026..ace56d3 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-facility.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-facility.md @@ -10,13 +10,7 @@ ## Maintenance -* The facility should always be well stocked with freshly formatted SD cards - - * There should be at least 20 microSD and 20 SD cards available for use - - * Both microSD and regular SD cards should be available - - * They should be formatted to `fat32` format +* The facility should always be well stocked with SD cards * Usage of these SD cards: diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md deleted file mode 100644 index 6fe7564..0000000 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md +++ /dev/null @@ -1,26 +0,0 @@ -# Copy Shardfile SD Card - -There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](../operator/hybrid-key-provisioning.md) derivation ceremony. - -## Requirements - -* Existing Shardfile SD card - -* Fresh SD card(s) - -## Procedure - -1. Get the shardfile content from an existing Shardfile SD card or ceremony repository - -1. Plug in a fresh SD card - -1. Copy the shardfile to the new SD card - -1. Label the SD card: "Shardfile [date]" - -1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command: - - * `keyfork recover shard --daemon` - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }} - diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md index 24aefe9..3a83ef7 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md @@ -17,5 +17,3 @@ The provisioner is responsible for: * Requires tamper proofing equipment to be available * [Provision Air Gapped Bundle](./provision-air-gapped-bundle.md) * Requires operators to have smart cards with PGP keys, tamper proofing equipment, AirgapOS SD card -* [Copy Shardfile SD Card](./copy-shardfile-sd-card.md) - * Requires Root Entropy ceremony to be completed in order to have "Shardfile" SD cards available for copying diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md index d7def1e..035ea6b 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md @@ -13,6 +13,7 @@ ## Procedure {{ #include ../../../../component-documents/sd-formatting.md:steps }} +- remove steps 5 through 8 {{ #include ../../../../component-documents/one-time-use-airgapos.md:steps }} diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md index 89f9f92..f230776 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md @@ -1,11 +1 @@ # Provision Ceremony SD Card - -## Requirements - -{{ #include ../../basic-requirements.md:requirements }} - -* Booster pack of fresh SD Cards - -## Procedure - -{{ #include ../../../../component-documents/ceremony-repository.md:provision-ceremony-sd-card }} \ No newline at end of file diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md index 2070389..97d6d3e 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md @@ -10,10 +10,6 @@ ## Procedure -1. Retrieve non-provisioned laptop from inventory - -1. Enter facility with required items and personnel and lock the facility - {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }} 1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md index 4cbf470..1a6be25 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md @@ -12,13 +12,7 @@ SD cards are provisioned and tamper proofed in packs of 5 referred to as "SD Boo * High Visibility Storage -## Procedure: formatting SD Card to `fat32` - -{{ #include ../../../../component-documents/sd-formatting.md:steps }} - -1. Place the provisioned SD card into High Visibility Storage - -### Tamper Proofing +## Procedure 1. Select 5 SD cards to be tamper proofed from High Visibility Storage