integrate more feedback
This commit is contained in:
parent
3533f07b89
commit
6b1ad8db35
GPG Key ID:
44A86CFF1FDF0E85
|
|
@ -21,8 +21,6 @@
|
||||||
* [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md)
|
* [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md)
|
||||||
* [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md)
|
* [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md)
|
||||||
* [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
|
* [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
|
||||||
* [Provision Ceremony SD Card](generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md)
|
|
||||||
* [Copy Shardfile SD Card](generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md)
|
|
||||||
* [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
|
* [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
|
||||||
* [Proposer](system-roles.md)
|
* [Proposer](system-roles.md)
|
||||||
* [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md)
|
* [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md)
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,8 @@
|
||||||
|
|
||||||
1. Open the SD Card Booster Pack
|
1. Open the SD Card Booster Pack
|
||||||
|
|
||||||
|
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
|
||||||
|
|
||||||
1. Plug in a fresh SD card into computer
|
1. Plug in a fresh SD card into computer
|
||||||
|
|
||||||
1. Navigate to the ceremony repository for the ceremony being executed
|
1. Navigate to the ceremony repository for the ceremony being executed
|
||||||
|
|
|
||||||
|
|
@ -36,8 +36,6 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
|
||||||
|
|
||||||
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
|
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
|
||||||
|
|
||||||
1. Retrieve Shardfile SD card from High Visibility Storage and plug it into air-gapped laptop
|
|
||||||
|
|
||||||
1. Run the keyfork wizard to generate entropy, derive OpenPGP certs, load them into smart cards, and shard the secret to the generated OpenPGP keys
|
1. Run the keyfork wizard to generate entropy, derive OpenPGP certs, load them into smart cards, and shard the secret to the generated OpenPGP keys
|
||||||
|
|
||||||
* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<num_of_smart_cards_to_provision> --output shardfile.asc --cert-output keyring.asc`
|
* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<num_of_smart_cards_to_provision> --output shardfile.asc --cert-output keyring.asc`
|
||||||
|
|
|
||||||
|
|
@ -10,13 +10,7 @@
|
||||||
|
|
||||||
## Maintenance
|
## Maintenance
|
||||||
|
|
||||||
* The facility should always be well stocked with freshly formatted SD cards
|
* The facility should always be well stocked with SD cards
|
||||||
|
|
||||||
* There should be at least 20 microSD and 20 SD cards available for use
|
|
||||||
|
|
||||||
* Both microSD and regular SD cards should be available
|
|
||||||
|
|
||||||
* They should be formatted to `fat32` format
|
|
||||||
|
|
||||||
* Usage of these SD cards:
|
* Usage of these SD cards:
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
||||||
# Copy Shardfile SD Card
|
|
||||||
|
|
||||||
There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](../operator/hybrid-key-provisioning.md) derivation ceremony.
|
|
||||||
|
|
||||||
## Requirements
|
|
||||||
|
|
||||||
* Existing Shardfile SD card
|
|
||||||
|
|
||||||
* Fresh SD card(s)
|
|
||||||
|
|
||||||
## Procedure
|
|
||||||
|
|
||||||
1. Get the shardfile content from an existing Shardfile SD card or ceremony repository
|
|
||||||
|
|
||||||
1. Plug in a fresh SD card
|
|
||||||
|
|
||||||
1. Copy the shardfile to the new SD card
|
|
||||||
|
|
||||||
1. Label the SD card: "Shardfile [date]"
|
|
||||||
|
|
||||||
1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
|
|
||||||
|
|
||||||
* `keyfork recover shard --daemon`
|
|
||||||
|
|
||||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
|
|
||||||
|
|
||||||
|
|
@ -17,5 +17,3 @@ The provisioner is responsible for:
|
||||||
* Requires tamper proofing equipment to be available
|
* Requires tamper proofing equipment to be available
|
||||||
* [Provision Air Gapped Bundle](./provision-air-gapped-bundle.md)
|
* [Provision Air Gapped Bundle](./provision-air-gapped-bundle.md)
|
||||||
* Requires operators to have smart cards with PGP keys, tamper proofing equipment, AirgapOS SD card
|
* Requires operators to have smart cards with PGP keys, tamper proofing equipment, AirgapOS SD card
|
||||||
* [Copy Shardfile SD Card](./copy-shardfile-sd-card.md)
|
|
||||||
* Requires Root Entropy ceremony to be completed in order to have "Shardfile" SD cards available for copying
|
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@
|
||||||
## Procedure
|
## Procedure
|
||||||
|
|
||||||
{{ #include ../../../../component-documents/sd-formatting.md:steps }}
|
{{ #include ../../../../component-documents/sd-formatting.md:steps }}
|
||||||
|
- remove steps 5 through 8
|
||||||
|
|
||||||
{{ #include ../../../../component-documents/one-time-use-airgapos.md:steps }}
|
{{ #include ../../../../component-documents/one-time-use-airgapos.md:steps }}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1 @@
|
||||||
# Provision Ceremony SD Card
|
# Provision Ceremony SD Card
|
||||||
|
|
||||||
## Requirements
|
|
||||||
|
|
||||||
{{ #include ../../basic-requirements.md:requirements }}
|
|
||||||
|
|
||||||
* Booster pack of fresh SD Cards
|
|
||||||
|
|
||||||
## Procedure
|
|
||||||
|
|
||||||
{{ #include ../../../../component-documents/ceremony-repository.md:provision-ceremony-sd-card }}
|
|
||||||
|
|
@ -10,10 +10,6 @@
|
||||||
|
|
||||||
## Procedure
|
## Procedure
|
||||||
|
|
||||||
1. Retrieve non-provisioned laptop from inventory
|
|
||||||
|
|
||||||
1. Enter facility with required items and personnel and lock the facility
|
|
||||||
|
|
||||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }}
|
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }}
|
||||||
|
|
||||||
1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone
|
1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone
|
||||||
|
|
|
||||||
|
|
@ -12,13 +12,7 @@ SD cards are provisioned and tamper proofed in packs of 5 referred to as "SD Boo
|
||||||
|
|
||||||
* High Visibility Storage
|
* High Visibility Storage
|
||||||
|
|
||||||
## Procedure: formatting SD Card to `fat32`
|
## Procedure
|
||||||
|
|
||||||
{{ #include ../../../../component-documents/sd-formatting.md:steps }}
|
|
||||||
|
|
||||||
1. Place the provisioned SD card into High Visibility Storage
|
|
||||||
|
|
||||||
### Tamper Proofing
|
|
||||||
|
|
||||||
1. Select 5 SD cards to be tamper proofed from High Visibility Storage
|
1. Select 5 SD cards to be tamper proofed from High Visibility Storage
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue