many updates
This commit is contained in:
parent
5489afbbed
commit
fcc3bae04f
|
@ -16,8 +16,6 @@
|
|||
|
||||
* Warranty: 1 Year
|
||||
|
||||
* Privacy Screen: Privacy Screen for Librem 14
|
||||
|
||||
* USB Flash Drive: No USB Flash Drive
|
||||
|
||||
2. Purism will reach out via email and establish secure communications using PGP, so ensure that the individual who is in charge of procurement has a PGP key that's been set up securely. Purism will:
|
||||
|
|
|
@ -24,7 +24,7 @@ The primary tamper proofing methods for the fixed location device are:
|
|||
|
||||
2. Print photographs of tamper proofing of the laptop which will be used for the ceremony
|
||||
|
||||
* Both photos of vacuum sealed bar with filler and glitter on the bottom screws of laptop are required
|
||||
* Both photos of vacuum sealed bag with filler and glitter on the bottom screws of laptop are required
|
||||
|
||||
- [ ] TODO how is hardware token stored (for pureboot/heads)
|
||||
|
||||
|
|
|
@ -4,49 +4,21 @@
|
|||
|
||||
## Requirements
|
||||
|
||||
* 2 primary operators will be operating the offline machine and online machine
|
||||
* Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)
|
||||
|
||||
* Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)
|
||||
|
||||
* Photographic tamper proofing evidence
|
||||
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
|
||||
|
||||
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
|
||||
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys
|
||||
|
||||
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys
|
||||
* TODO: where do we refer to permitted PGP keys
|
||||
|
||||
* TODO: where do we refer to permitted PGP keys
|
||||
* Each operator should hash the `keychain` repository
|
||||
|
||||
* Ensure location has [tamper proofing tools](../../../../../../tamper-evidence-methods.md#vacuum-sealed-bags-with-filler)
|
||||
* `sha256sum keychain/`
|
||||
|
||||
* Vacuum sealer
|
||||
* Write it down on a piece of paper as it will be used during the ceremony
|
||||
|
||||
* Vacuum roll
|
||||
|
||||
* Colored beads
|
||||
|
||||
* PureBoot smart card (TODO)
|
||||
|
||||
* 5 SD cards (2 fresh, formatted as ext4, and 3 cards with prepared data)
|
||||
|
||||
* 1 SD card for transferring transaction data from online to air-gapped machine
|
||||
|
||||
* 1 SD card for storing tamper proofing evidence produced at the end of the ceremony
|
||||
|
||||
* 1 SD card which has the shardfile, labelled "Shardile"
|
||||
|
||||
* This should be write-locked and stored in tamper proofing along with air-gapped machine
|
||||
|
||||
* 1 SD card with "trusted keys" for proposers and approvers, both signed by each operator using their operator key (TODO)
|
||||
|
||||
* This should be write-locked and stored in tamper proofing along with air-gapped machine
|
||||
|
||||
* 1 SD card with AirgapOS
|
||||
|
||||
* This should be write-locked and stored in tamper proofing along with air-gapped machine
|
||||
|
||||
* Digital camera (TODO selection)
|
||||
|
||||
* [Online machine](../../../../../../online-machine-provisioning.md) used for fetching transaction data
|
||||
|
||||
## Procedure
|
||||
|
||||
|
|
|
@ -1,26 +1,36 @@
|
|||
# Provisioner - Procure Hardware
|
||||
|
||||
The provisioner is responsible for procuring equipment. Their main focus is:
|
||||
The provisioner is responsible for:
|
||||
|
||||
* Procuring equipment
|
||||
|
||||
* Setting up the Location
|
||||
|
||||
* Maintaining stock of supplies in the [Location]()
|
||||
|
||||
* Minimizing hardware supply chain security risks
|
||||
|
||||
* Ensuring availability of necessary equipment
|
||||
|
||||
## Directives
|
||||
|
||||
* MUST maintain chain of custody for all hardware until after it's properly tamper-proofed
|
||||
|
||||
- [ ] do we need to tamper proof usb equipment?
|
||||
* no because we verify hashes of data on the ceremony machines
|
||||
|
||||
## Laptops
|
||||
|
||||
### Air-Gapped Machine
|
||||
|
||||
1. Procure a [Purism Librem 14](../../../../hardware.md#air-gapped-computer)
|
||||
|
||||
2. Provision AirgapOS using [this guide](../../../../one-time-use-airgapos.md)
|
||||
* [Purism Librem 14](../../../../hardware.md#air-gapped-computer)
|
||||
|
||||
3. Apply [vacuum sealing + filler tamper proofing](../../../../tamper-evidence-methods.md#vacuum-sealed-bags-with-filler) to the laptop and the SD card
|
||||
* ChromeBook or a computer capable of running QubesOS according to [this guide](../../../../online-machine-provisioning.md)
|
||||
|
||||
4. Store the sealed package in a secure location
|
||||
## Provisioning AirgapOS
|
||||
|
||||
### Online Machine
|
||||
Provision AirgapOS using [this guide](../../../../one-time-use-airgapos.md)
|
||||
|
||||
Procure either a ChromeBook or a computer capable of running QubesOS according to [this guide](../../../../online-machine-provisioning.md)
|
||||
|
||||
## Tamper Proofing Equipment
|
||||
|
||||
|
@ -44,6 +54,10 @@ This guide contains specific equipment models: [guide](../../../../tamper-eviden
|
|||
|
||||
* [Kingston Indsutrial 8GB microSD Memory Card](https://shop.kingston.com/products/industrial-microsd-card-memory-card?variant=40558543405248)
|
||||
|
||||
* microSD to SD adapter
|
||||
|
||||
* TODO find specific products
|
||||
|
||||
* SD Card USB Adapter
|
||||
|
||||
* SD card reader: https://www.kingston.com/en/memory-card-readers/mobilelite-plus-sd-reader
|
||||
|
@ -52,3 +66,67 @@ This guide contains specific equipment models: [guide](../../../../tamper-eviden
|
|||
|
||||
* Workflow station hub (may prove helpful with workflows): https://www.kingston.com/en/memory-card-readers/workflow-station-hub
|
||||
|
||||
* PureBoot smart card (TODO)
|
||||
|
||||
* [Online machine](../../../../../../online-machine-provisioning.md) used for fetching transaction data
|
||||
|
||||
## Preparing SD Cards
|
||||
|
||||
### Freshly Formatted Cards
|
||||
|
||||
* The location should always be well stocked with freshly formatted SD cards
|
||||
|
||||
* There should be at least 20 microSD and 20 SD cards available for use
|
||||
|
||||
* It is the provisioner's responsibility to keep track of the number of ceremonies and replenish stock as needed
|
||||
|
||||
* Both microSD and regular SD cards should be available
|
||||
|
||||
* They should be formatted to `ext4` format
|
||||
|
||||
- [ ] consider renaming location ot vault/facility
|
||||
|
||||
- [ ] TODO find a way to format many cards at once
|
||||
|
||||
* Usage of these SD cards:
|
||||
|
||||
* Transferring transaction data from online to air-gapped machine
|
||||
|
||||
* Storing tamper proofing evidence produced at the end of the ceremony
|
||||
|
||||
### Shardfile
|
||||
|
||||
There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](todo) derivation ceremony.
|
||||
|
||||
* Label: "Shardfile"
|
||||
|
||||
* This should be write-locked and stored in tamper proofing along with air-gapped machine
|
||||
|
||||
### Trusted Keys
|
||||
|
||||
* Label: Trusted Keys
|
||||
|
||||
* 1 SD card with "trusted keys" for proposers and approvers, both signed by each operator using their operator key
|
||||
|
||||
* This should be write-locked and stored in tamper proofing along with air-gapped machine
|
||||
|
||||
### AirgapOS
|
||||
|
||||
* Label: "AirgapOS <version>"
|
||||
|
||||
* This should be write-locked and stored in tamper proofing along with air-gapped machine
|
||||
|
||||
## Preparing The Location
|
||||
|
||||
### Locker / Safe
|
||||
|
||||
* establish a means of locking up equipment
|
||||
|
||||
### Air-gapped bundle
|
||||
|
||||
* tamper proof together: Apply [vacuum sealing + filler tamper proofing](../../../../tamper-evidence-methods.md#vacuum-sealed-bags-with-filler) to the laptop and the AirgapOS SD card
|
||||
* air-gapped machine
|
||||
* airgapos sd card
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
/* ANCHOR: all */
|
||||
# Hardware Models
|
||||
|
||||
## Computers
|
||||
// ANCHOR: models
|
||||
|
||||
* HP 13" Intel Celeron - 4GB Memory - 64GB eMMC, HP 14-dq0052dx, SKU: 6499749, UPC: 196548430192, DCS: 6.768.5321, ~USD $179.99
|
||||
* [Illustrated Parts Catalog](https://h10032.www1.hp.com/ctg/Manual/c04501162.pdf#%5B%7B%22num%22%3A3160%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2Cnull%2C732%2Cnull%5D)
|
||||
|
||||
* Lenovo 14" Flex 5i FHD Touchscreen 2-in-1 Laptop - Intel Core i3-1215U - 8GB Memory - Intel UHD Graphics, SKU: 6571565, ~USD $379.99
|
||||
|
||||
* Purism Librem 14
|
||||
// ANCHOR_END: models
|
||||
|
||||
/* ANCHOR_END: all */
|
|
@ -36,9 +36,4 @@ Each laptop model is laid out slightly differently so use an online reference an
|
|||
|
||||
## Tested Hardware (AirgapOS Compatibility)
|
||||
|
||||
* HP 13" Intel Celeron - 4GB Memory - 64GB eMMC, HP 14-dq0052dx, SKU: 6499749, UPC: 196548430192, DCS: 6.768.5321, ~USD $179.99
|
||||
* [Illustrated Parts Catalog](https://h10032.www1.hp.com/ctg/Manual/c04501162.pdf#%5B%7B%22num%22%3A3160%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2Cnull%2C732%2Cnull%5D)
|
||||
|
||||
* Lenovo 14" Flex 5i FHD Touchscreen 2-in-1 Laptop - Intel Core i3-1215U - 8GB Memory - Intel UHD Graphics, SKU: 6571565, ~USD $379.99
|
||||
|
||||
To ensure that hardware is compatible, it can be tested by bringing an SD card with AirgapOS loaded on it, and testing booting to a floor model in the store.
|
||||
{{ #include hardware-models.md:models }}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Introduction
|
||||
|
||||
Quorum Vaulting System (QVM) is an open source system of playbooks and
|
||||
Quorum Vaulting System (QVS) is an open source system of playbooks and
|
||||
tooling which facilitates the creation and maintenance of highly resilient
|
||||
[quorum](glossary.md#quorum)-based key management systems based on a strict
|
||||
[threat model](threat-model.md) which can be used for a variety of different
|
||||
|
|
|
@ -30,6 +30,8 @@ instead the AirgapOS `.iso` image is flashed to an SD card, locked using
|
|||
|
||||
* `dd if=out/airgap.iso of=/dev/sdb bs=1M conv=sync status=progress`
|
||||
|
||||
* Label the SD card "AirgapOS - <version>"
|
||||
|
||||
* Verify that the hash of `airgap.iso` matches what's flashed on the SD card:
|
||||
|
||||
* `head -c $(stat -c '%s' out/airgap.iso) /dev/sdb | sha256sum`
|
||||
|
|
Loading…
Reference in New Issue