public
/
docs
5
0
Fork 0
Code Issues 14 Pull Requests 1 Packages Projects Releases Wiki Activity

integrate more feedback

This commit is contained in:
Anton Livaja 2025-01-27 20:29:17 -05:00
parent 3533f07b89
commit 6b1ad8db35
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
10 changed files with 5 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
quorum-key-management/src/SUMMARY.md
View File

@ -21,8 +21,6 @@
* [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md)
* [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md)
* [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
* [Provision Ceremony SD Card](generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md)
* [Copy Shardfile SD Card](generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md)
* [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
* [Proposer](system-roles.md)
* [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md)

2
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md
View File

@ -14,6 +14,8 @@
1. Open the SD Card Booster Pack
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Plug in a fresh SD card into computer
1. Navigate to the ceremony repository for the ceremony being executed

2
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
View File

@ -36,8 +36,6 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
1. Retrieve Shardfile SD card from High Visibility Storage and plug it into air-gapped laptop
1. Run the keyfork wizard to generate entropy, derive OpenPGP certs, load them into smart cards, and shard the secret to the generated OpenPGP keys
* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<num_of_smart_cards_to_provision> --output shardfile.asc --cert-output keyring.asc`

8
quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-facility.md
View File

@ -10,13 +10,7 @@
## Maintenance
* The facility should always be well stocked with freshly formatted SD cards
* There should be at least 20 microSD and 20 SD cards available for use
* Both microSD and regular SD cards should be available
* They should be formatted to `fat32` format
* The facility should always be well stocked with SD cards
* Usage of these SD cards:

26
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md
View File

@ -1,26 +0,0 @@
# Copy Shardfile SD Card
There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](../operator/hybrid-key-provisioning.md) derivation ceremony.
## Requirements
* Existing Shardfile SD card
* Fresh SD card(s)
## Procedure
1. Get the shardfile content from an existing Shardfile SD card or ceremony repository
1. Plug in a fresh SD card
1. Copy the shardfile to the new SD card
1. Label the SD card: "Shardfile [date]"
1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
* `keyfork recover shard --daemon`
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}

2
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md
View File

@ -17,5 +17,3 @@ The provisioner is responsible for:
* Requires tamper proofing equipment to be available
* [Provision Air Gapped Bundle](./provision-air-gapped-bundle.md)
* Requires operators to have smart cards with PGP keys, tamper proofing equipment, AirgapOS SD card
* [Copy Shardfile SD Card](./copy-shardfile-sd-card.md)
* Requires Root Entropy ceremony to be completed in order to have "Shardfile" SD cards available for copying

1
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md
View File

@ -13,6 +13,7 @@
## Procedure
{{ #include ../../../../component-documents/sd-formatting.md:steps }}
- remove steps 5 through 8
{{ #include ../../../../component-documents/one-time-use-airgapos.md:steps }}

10
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md
View File

@ -1,11 +1 @@
# Provision Ceremony SD Card
## Requirements
{{ #include ../../basic-requirements.md:requirements }}
* Booster pack of fresh SD Cards
## Procedure
{{ #include ../../../../component-documents/ceremony-repository.md:provision-ceremony-sd-card }}

4
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md
View File

@ -10,10 +10,6 @@
## Procedure
1. Retrieve non-provisioned laptop from inventory
1. Enter facility with required items and personnel and lock the facility
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }}
1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone

8
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md
View File

@ -12,13 +12,7 @@ SD cards are provisioned and tamper proofed in packs of 5 referred to as "SD Boo
* High Visibility Storage
## Procedure: formatting SD Card to `fat32`
{{ #include ../../../../component-documents/sd-formatting.md:steps }}
1. Place the provisioned SD card into High Visibility Storage
### Tamper Proofing
## Procedure
1. Select 5 SD cards to be tamper proofed from High Visibility Storage