From e7e65c35c003fdfc27b00dfc36a567c03e677dc7 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Tue, 28 Jan 2025 00:05:10 -0500 Subject: [PATCH] more cleanup --- quorum-key-management/src/SUMMARY.md | 2 +- .../operator/ceremony-sd-card-provisioning.md | 4 +-- .../operator/namespace-entropy-ceremony.md | 30 +++++++++++-------- .../operator/quorum-entropy-ceremony.md | 25 ++++++++-------- .../procurer/procure-sd-card-pack.md | 21 +++++++++++++ .../procure-tamper-proofing-equipment.md | 8 ++++- .../provisioner/provision-ceremony-sd-card.md | 1 - .../provisioner/provision-sd-card.md | 21 ------------- 8 files changed, 60 insertions(+), 52 deletions(-) create mode 100644 quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md delete mode 100644 quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md diff --git a/quorum-key-management/src/SUMMARY.md b/quorum-key-management/src/SUMMARY.md index b0a983b..bbd04e3 100644 --- a/quorum-key-management/src/SUMMARY.md +++ b/quorum-key-management/src/SUMMARY.md @@ -14,12 +14,12 @@ * [Fixed-Location]() * [Procurer](generated-documents/level-2/fixed-location/procurer/index.md) * [Procure Facility](generated-documents/level-2/fixed-location/procurer/procure-facility.md) + * [Procure SD Card Pack](generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md) * [Procure Tamper Proofing Equipment](generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md) * [Procure Hardware](generated-documents/level-2/fixed-location/procurer/procure-hardware.md) * [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md) * [Provision Ceremony Repository](generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md) * [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md) - * [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md) * [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md) * [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md) * [Proposer](system-roles.md) diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md index 5bb38c5..b6e5fc8 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md @@ -2,7 +2,7 @@ ## Requirements -* [SD Card Booster Pack](../provisioner/provision-sd-card.md) +* [SD Card Pack](../procurer/procure-sd-card-pack.md) * [Personal PGP Keys](/key-types.html#personal-pgp-keypair) @@ -12,7 +12,7 @@ 1. Turn on the computer -1. Open the SD Card Booster Pack +1. Open the SD Card Pack {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md index 7682b05..5aac581 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md @@ -6,9 +6,9 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor {{ #include ../../operator-requirements.md:requirements }} -* [SD Card Booster Pack](../provisioner/provision-sd-card.md) +* [SD Card Pack](../procurer/procure-sd-card-pack.md) -* [Shardfile SD Card](../provisioner/copy-shardfile-sd-card.md) +* [Ceremony SD Card](../operator/ceremony-sd-card-provisioning.md) * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. @@ -20,21 +20,15 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor 1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage -### Unsealing Tamper Proofing - {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} -1. Place all materials except for the laptop into High Visibility Storage - -### Generating Entropy - -1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop +1. Plug the AirgapOS SD card into the laptop 1. Turn on the machine 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage -1. Retrieve Shardfile SD card from High Visibility Storage and plug it into air-gapped laptop +1. Plug the Ceremony SD card into the machine 1. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile: @@ -42,14 +36,24 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor * TODO: NOT IMPLEMENTED YET -1. Back up the `` to any desired number of SD cards, and label each "Shardfile [unique_id] [date]" +1. Unseal an SD card pack + +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + +1. Place all unsealed SD cards into High Visibility Storage + +1. Back up the `` to any desired number of SD cards, and label each "Shardfile [unique_name] [date]" + + 1. `lsblk` to find media name + + 1. `cp /media/` + + 1. Each backup should be placed into High Visibility Storage after it's made 1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command: * `keyfork recover shard --daemon` -### Finalizing Ceremony - 1. Gather all the original items that were in the air-gapped bundle: * Air-gapped computer diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md index 8d5db9f..ec77963 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md @@ -10,8 +10,6 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key * `N` Smart Cards in the chosen `M of N` quorum -* [Shardfile SD Card](../provisioner/copy-shardfile-sd-card.md) - * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. ## Procedure @@ -22,14 +20,10 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key 1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage -### Unsealing Tamper Proofing - {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} 1. Place all materials except for the laptop into High Visibility Storage -### Generating Entropy - 1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop 1. Turn on the machine @@ -42,27 +36,32 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key * NOT IMPLEMENTED YET -1. Unplug the Shardfile SD card and place it into High Visibility Storage +1. Unseal an SD card pack -1. Open the SD Card Booster Pack, and place all cards into High Visibility Storage +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + +1. Place all unsealed SD cards into High Visibility Storage 1. Plug in SD cards one at a time and use following steps to back up ceremony artifacts + 1. Find media name using `lsblk` + 1. Back up the `shardfile.asc` + * `cp shardfile.asc /media/` + 1. Back up the `keyring.asc` - + + * `cp keyring.asc /media/` + 1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command: - * `keyfork recover shard --daemon` + * `echo -e '#!/bin/bash\nkeyfork recover shard --daemon' > /media//autorun.sh` 1. Unplug the SD card and place it in High Visibility Storage 1. Label the SD card "Shardfile [date]" - -### Finalizing Ceremony - 1. Gather all the original items that were in the air-gapped bundle: * Air-gapped computer diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md new file mode 100644 index 0000000..bb2096e --- /dev/null +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md @@ -0,0 +1,21 @@ +# Procure SD Card Pack + +## Requirements + +{{ #include ../../basic-requirements.md:requirements }} + +* Tamper proofing evidence (photographs) + +* 5 Fresh SD card(s) per booster pack + +* High Visibility Storage + +## Procedure + +{{ #include ../../../../component-documents/hardware-procurement-and-chain-of-custody.md:steps}} + +1. Select 5 SD cards to be tamper proofed from High Visibility Storage + +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }} + +1. Label the tamper proofed package "SD Booster Pack [date]" \ No newline at end of file diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md index ca9df73..362c7b2 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md @@ -22,4 +22,10 @@ There are two options: * Hand-held label printer with a built in keyboard -* Non-standalone label printer that needs a computer to send it the file to print \ No newline at end of file +* Non-standalone label printer that needs a computer to send it the file to print + +#### Examples + +* [Brother P-Touch PT- D610BT Business Professional Connected Label Maker ](https://www.amazon.com/Brother-Business-Professional-Connected-Bluetooth%C2%AE/dp/B0B1KZJXPG/ref=sr_1_4) + +* [Bluetooth Thermal Label Printer](https://www.amazon.com/LabelRange-Bluetooth-Wireless-Shipping-Packages/dp/B0DFC9GB5D/ref=sr_1_1_sspa) \ No newline at end of file diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md deleted file mode 100644 index f230776..0000000 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md +++ /dev/null @@ -1 +0,0 @@ -# Provision Ceremony SD Card diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md index 1a6be25..e69de29 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md @@ -1,21 +0,0 @@ -# Provisioning SD Cards - -SD cards are provisioned and tamper proofed in packs of 5 referred to as "SD Booster Packs" - -## Requirements - -{{ #include ../../basic-requirements.md:requirements }} - -* Tamper proofing evidence (photographs) - -* 5 Fresh SD card(s) per booster pack - -* High Visibility Storage - -## Procedure - -1. Select 5 SD cards to be tamper proofed from High Visibility Storage - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }} - -1. Label the tamper proofed package "SD Booster Pack [date]" \ No newline at end of file