diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/procure-hardware.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/procure-hardware.md index 13910ca..c802978 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/procure-hardware.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/procure-hardware.md @@ -71,6 +71,8 @@ SD cards don't require special chain of custody, but ideally should be purchased ## AirgapOS +An SD card with AirgapOS written to it will be required to run ceremonies. + {{ #include ../../../../one-time-use-airgapos.md:steps }} ## Computer Procurement diff --git a/quorum-key-management/src/sdtool-instructions.md b/quorum-key-management/src/sdtool-instructions.md index 68a8e40..d938286 100644 --- a/quorum-key-management/src/sdtool-instructions.md +++ b/quorum-key-management/src/sdtool-instructions.md @@ -8,22 +8,22 @@ This tool is also available via [stagex](https://registry.hub.docker.com/r/stagex/sdtool). The binary can be exported from the image by doing the following: // ANCHOR: steps -* Get deterministically built binary of `sdtool` from StageX: - * `docker pull stagex/sdtool` +1. Get deterministically built binary of `sdtool` from StageX: + * `docker pull stagex/sdtool` -* Extracting binary: - * Run docker container: `docker run -p 4000:80 --name sdtool stagex/sdtool` - * This will error out the first time, run the command again and then you will get an error that's different that looks like this: `docker: Error response from daemon: Conflict. The container name "/sdtool" is already in use by container "679a52775dfce91f66d8894925449242eacbf4b0aeccaf2effe2c5e213e60a6b". You have to remove (or rename) that container to be able to reuse that name.`. Copy the container ID from the error message and use it in the next command - * This issue occurs because of bin/sh missing in the image so we can't run the container properly - * Copy image to tar: `docker export -o sdtool.tar` - * Extract binary from tar: `mkdir -p sdtool-dir | tar -xvf sdtool.tar -C sdtool-dir | cp sdtool-dir/usr/bin/sdtool ./sdtool` - * You can verify the container hash: - * To get container hash: `docker inspect --format='{{json .RepoDigests}}' stagex/sdtool` - * Check the [signatures dir](https://codeberg.org/stagex/stagex/src/branch/main/signatures/stagex) in stagex project for latest signed hashes +1. Extracting binary: + * Run docker container: `docker run -p 4000:80 --name sdtool stagex/sdtool` + * This will error out the first time, run the command again and then you will get an error that's different that looks like this: `docker: Error response from daemon: Conflict. The container name "/sdtool" is already in use by container "679a52775dfce91f66d8894925449242eacbf4b0aeccaf2effe2c5e213e60a6b". You have to remove (or rename) that container to be able to reuse that name.`. Copy the container ID from the error message and use it in the next command + * This issue occurs because of bin/sh missing in the image so we can't run the container properly + * Copy image to tar: `docker export -o sdtool.tar` + * Extract binary from tar: `mkdir -p sdtool-dir | tar -xvf sdtool.tar -C sdtool-dir | cp sdtool-dir/usr/bin/sdtool ./sdtool` + * You can verify the container hash: + * To get container hash: `docker inspect --format='{{json .RepoDigests}}' stagex/sdtool` + * Check the [signatures dir](https://codeberg.org/stagex/stagex/src/branch/main/signatures/stagex) in stagex project for latest signed hashes -* `./sdtool /dev/mmcblk permlock` +1. `./sdtool /dev/mmcblk permlock` -* Test that the card can't be written to: +1. Test that the card can't be written to: * `dd if=out/airgap.iso of=/dev/sdb bs=1M conv=sync status=progress`