diff --git a/quorum-vault-system/src/component-documents/finding-device-name.md b/quorum-vault-system/src/component-documents/finding-device-name.md index 6ef82a5..f0e62d2 100644 --- a/quorum-vault-system/src/component-documents/finding-device-name.md +++ b/quorum-vault-system/src/component-documents/finding-device-name.md @@ -1,6 +1,6 @@ /* ANCHOR: all */ // ANCHOR: content -Look for your SD card device name (``) in the output of the `lsblk` command. It will typically be listed as `/dev/sdX`, where X is a letter (e.g., `/dev/sdb`, `/dev/sdc`). You can identify it by its size or by checking if it has a partition (like `/dev/sdX1`) +Look for your SD card device name (``) in the output of the `lsblk` command. It will typically be listed as `/dev/sdX` or `/dev/mmcblk`, where X is a letter (e.g., `/dev/sdb`, `/dev/sdc`). You can identify it by its size or by checking if it has a partition (like `/dev/sdX1`) * You may mount the device using: `sudo mount /dev/ media/` // ANCHOR_END: content /* ANCHOR_END: all */ \ No newline at end of file diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md index 487ff39..6c25753 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md @@ -10,21 +10,7 @@ ## Procedure -1. Enter the designated location with required personnel and equipment - -1. Lock access to the location - there should be no inflow or outflow of people during the ceremony - -1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} - -1. Place all materials except for the laptop into High Visibility Storage - -1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop - -1. Turn on the machine - -1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage +{{ #include template-ceremony-setup.md:content }} 1. Retrieve Ceremony SD Card from High Visibility Storage and plug it into the machine @@ -34,11 +20,11 @@ * Copy the contents of the card to machine: - * `cp -r /media//* ~` + * `cp -r /media//vaults /root/` 1. Start `keyfork` using the relevant Shardfile: - * `keyfork recover shard --daemon /media//path/to/shardfile.asc` + * `keyfork recover shard --daemon /root/vaults//shardfile.asc` * Follow on screen prompts @@ -50,4 +36,14 @@ * `sq decrypt --recipient-file secret_key.asc < encrypted.asc --output decrypted` -1. Proceed to transfer the secret (`decrypted`) to desired location such as hardware wallet, power washed chromebook (via SD card) etc. \ No newline at end of file +1. Proceed to transfer the secret (`decrypted`) to desired location such as hardware wallet, power washed chromebook (via SD card) etc. + +1. Shut down the air gapped machine + +1. Gather all the original items that were in the air-gapped bundle: + + * Air-gapped computer + + * AirgapOS SD card + +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} \ No newline at end of file diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md index 69f4eb3..34622fa 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md @@ -14,8 +14,6 @@ Procedure for importing an arbitrary secret (raw key, mnemonic, state secrets) i * If not on a computer, but a hardware wallet or otherwise, perform the steps on a air-gapped machine -1. Load the OpenPGP certificate: - 1. Encrypt the secret to certificate: * `sq encrypt --for-file --output encrypted.asc` TODO: sq needs to be added to airgapOS diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/export-namespace-mnemonic.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/export-namespace-mnemonic.md index af92eaf..4db0e00 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/export-namespace-mnemonic.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/export-namespace-mnemonic.md @@ -36,7 +36,7 @@ * {{ #include ../../../../component-documents/finding-device-name.md:content }} - * `keyfork shard combine /media//shard.asc | keyfork-mnemonic-from-seed` + * `keyfork shard combine /media//shard.asc | keyfork-mnemonic-from-seed > mnemonic.txt` 1. Follow on screen prompts @@ -48,6 +48,8 @@ 1. Put the mnemonic on an SD card for transport or use `cat` command to output it in the terminal for entry into a hardware wallet or otherwise + * WARNING: if displaying on screen, ensure nothing else can see the mnemonic. It is recommended to cover the operator and the machine with a blanket to obstruct the view of the screen. + 1. Shut down the air gapped machine 1. Gather all the original items that were in the air-gapped bundle: diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md index 30b18dd..af3f8d1 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md @@ -14,19 +14,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor ## Procedure -1. Enter the designated location with the operators and all required equipment - -1. Lock access to the location - there should be no inflow or outflow of people during the ceremony - -1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} - -1. Plug the AirgapOS SD card into the laptop - -1. Turn on the machine - -1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage +{{ #include template-ceremony-setup.md:content }} 1. Plug the Ceremony SD card into the machine diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md index 792b80a..2591a2a 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md @@ -14,21 +14,7 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key ## Procedure -1. Enter the designated location with required personnel and equipment - -1. Lock access to the location - there should be no inflow or outflow of people during the ceremony - -1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} - -1. Place all materials except for the laptop into High Visibility Storage - -1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop - -1. Turn on the machine - -1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage +{{ #include template-ceremony-setup.md:content }} 1. Run the relevant keyfork wizard to perform the ceremony: diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/template-ceremony-setup.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/template-ceremony-setup.md new file mode 100644 index 0000000..2013a08 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/template-ceremony-setup.md @@ -0,0 +1,19 @@ +/* ANCHOR: all */ +// ANCHOR: content +1. Enter the designated location with required personnel and equipment + +1. Lock access to the location - there should be no inflow or outflow of people during the ceremony + +1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage + +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + +1. Place all materials except for the laptop into High Visibility Storage + +1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop + +1. Turn on the machine + +1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage +// ANCHOR_END: content +/* ANCHOR_END: all */ \ No newline at end of file