many updates

This commit is contained in:
Anton Livaja 2024-12-17 17:10:10 -05:00
parent 5489afbbed
commit fcc3bae04f
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
8 changed files with 114 additions and 54 deletions

View File

@ -16,8 +16,6 @@
* Warranty: 1 Year
* Privacy Screen: Privacy Screen for Librem 14
* USB Flash Drive: No USB Flash Drive
2. Purism will reach out via email and establish secure communications using PGP, so ensure that the individual who is in charge of procurement has a PGP key that's been set up securely. Purism will:

View File

@ -24,7 +24,7 @@ The primary tamper proofing methods for the fixed location device are:
2. Print photographs of tamper proofing of the laptop which will be used for the ceremony
* Both photos of vacuum sealed bar with filler and glitter on the bottom screws of laptop are required
* Both photos of vacuum sealed bag with filler and glitter on the bottom screws of laptop are required
- [ ] TODO how is hardware token stored (for pureboot/heads)

View File

@ -4,49 +4,21 @@
## Requirements
* 2 primary operators will be operating the offline machine and online machine
* Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)
* Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)
* Photographic tamper proofing evidence
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys
* TODO: where do we refer to permitted PGP keys
* TODO: where do we refer to permitted PGP keys
* Each operator should hash the `keychain` repository
* Ensure location has [tamper proofing tools](../../../../../../tamper-evidence-methods.md#vacuum-sealed-bags-with-filler)
* `sha256sum keychain/`
* Vacuum sealer
* Write it down on a piece of paper as it will be used during the ceremony
* Vacuum roll
* Colored beads
* PureBoot smart card (TODO)
* 5 SD cards (2 fresh, formatted as ext4, and 3 cards with prepared data)
* 1 SD card for transferring transaction data from online to air-gapped machine
* 1 SD card for storing tamper proofing evidence produced at the end of the ceremony
* 1 SD card which has the shardfile, labelled "Shardile"
* This should be write-locked and stored in tamper proofing along with air-gapped machine
* 1 SD card with "trusted keys" for proposers and approvers, both signed by each operator using their operator key (TODO)
* This should be write-locked and stored in tamper proofing along with air-gapped machine
* 1 SD card with AirgapOS
* This should be write-locked and stored in tamper proofing along with air-gapped machine
* Digital camera (TODO selection)
* [Online machine](../../../../../../online-machine-provisioning.md) used for fetching transaction data
## Procedure

View File

@ -1,26 +1,36 @@
# Provisioner - Procure Hardware
The provisioner is responsible for procuring equipment. Their main focus is:
The provisioner is responsible for:
* Procuring equipment
* Setting up the Location
* Maintaining stock of supplies in the [Location]()
* Minimizing hardware supply chain security risks
* Ensuring availability of necessary equipment
## Directives
* MUST maintain chain of custody for all hardware until after it's properly tamper-proofed
- [ ] do we need to tamper proof usb equipment?
* no because we verify hashes of data on the ceremony machines
## Laptops
### Air-Gapped Machine
1. Procure a [Purism Librem 14](../../../../hardware.md#air-gapped-computer)
2. Provision AirgapOS using [this guide](../../../../one-time-use-airgapos.md)
* [Purism Librem 14](../../../../hardware.md#air-gapped-computer)
3. Apply [vacuum sealing + filler tamper proofing](../../../../tamper-evidence-methods.md#vacuum-sealed-bags-with-filler) to the laptop and the SD card
* ChromeBook or a computer capable of running QubesOS according to [this guide](../../../../online-machine-provisioning.md)
4. Store the sealed package in a secure location
## Provisioning AirgapOS
### Online Machine
Provision AirgapOS using [this guide](../../../../one-time-use-airgapos.md)
Procure either a ChromeBook or a computer capable of running QubesOS according to [this guide](../../../../online-machine-provisioning.md)
## Tamper Proofing Equipment
@ -44,6 +54,10 @@ This guide contains specific equipment models: [guide](../../../../tamper-eviden
* [Kingston Indsutrial 8GB microSD Memory Card](https://shop.kingston.com/products/industrial-microsd-card-memory-card?variant=40558543405248)
* microSD to SD adapter
* TODO find specific products
* SD Card USB Adapter
* SD card reader: https://www.kingston.com/en/memory-card-readers/mobilelite-plus-sd-reader
@ -52,3 +66,67 @@ This guide contains specific equipment models: [guide](../../../../tamper-eviden
* Workflow station hub (may prove helpful with workflows): https://www.kingston.com/en/memory-card-readers/workflow-station-hub
* PureBoot smart card (TODO)
* [Online machine](../../../../../../online-machine-provisioning.md) used for fetching transaction data
## Preparing SD Cards
### Freshly Formatted Cards
* The location should always be well stocked with freshly formatted SD cards
* There should be at least 20 microSD and 20 SD cards available for use
* It is the provisioner's responsibility to keep track of the number of ceremonies and replenish stock as needed
* Both microSD and regular SD cards should be available
* They should be formatted to `ext4` format
- [ ] consider renaming location ot vault/facility
- [ ] TODO find a way to format many cards at once
* Usage of these SD cards:
* Transferring transaction data from online to air-gapped machine
* Storing tamper proofing evidence produced at the end of the ceremony
### Shardfile
There should be multiple SD cards containing the shardfile data. Shardfile data is produced during a [Root Entropy](todo) derivation ceremony.
* Label: "Shardfile"
* This should be write-locked and stored in tamper proofing along with air-gapped machine
### Trusted Keys
* Label: Trusted Keys
* 1 SD card with "trusted keys" for proposers and approvers, both signed by each operator using their operator key
* This should be write-locked and stored in tamper proofing along with air-gapped machine
### AirgapOS
* Label: "AirgapOS <version>"
* This should be write-locked and stored in tamper proofing along with air-gapped machine
## Preparing The Location
### Locker / Safe
* establish a means of locking up equipment
### Air-gapped bundle
* tamper proof together: Apply [vacuum sealing + filler tamper proofing](../../../../tamper-evidence-methods.md#vacuum-sealed-bags-with-filler) to the laptop and the AirgapOS SD card
* air-gapped machine
* airgapos sd card

View File

@ -0,0 +1,15 @@
/* ANCHOR: all */
# Hardware Models
## Computers
// ANCHOR: models
* HP 13" Intel Celeron - 4GB Memory - 64GB eMMC, HP 14-dq0052dx, SKU: 6499749, UPC: 196548430192, DCS: 6.768.5321, ~USD $179.99
* [Illustrated Parts Catalog](https://h10032.www1.hp.com/ctg/Manual/c04501162.pdf#%5B%7B%22num%22%3A3160%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2Cnull%2C732%2Cnull%5D)
* Lenovo 14" Flex 5i FHD Touchscreen 2-in-1 Laptop - Intel Core i3-1215U - 8GB Memory - Intel UHD Graphics, SKU: 6571565, ~USD $379.99
* Purism Librem 14
// ANCHOR_END: models
/* ANCHOR_END: all */

View File

@ -36,9 +36,4 @@ Each laptop model is laid out slightly differently so use an online reference an
## Tested Hardware (AirgapOS Compatibility)
* HP 13" Intel Celeron - 4GB Memory - 64GB eMMC, HP 14-dq0052dx, SKU: 6499749, UPC: 196548430192, DCS: 6.768.5321, ~USD $179.99
* [Illustrated Parts Catalog](https://h10032.www1.hp.com/ctg/Manual/c04501162.pdf#%5B%7B%22num%22%3A3160%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2Cnull%2C732%2Cnull%5D)
* Lenovo 14" Flex 5i FHD Touchscreen 2-in-1 Laptop - Intel Core i3-1215U - 8GB Memory - Intel UHD Graphics, SKU: 6571565, ~USD $379.99
To ensure that hardware is compatible, it can be tested by bringing an SD card with AirgapOS loaded on it, and testing booting to a floor model in the store.
{{ #include hardware-models.md:models }}

View File

@ -1,6 +1,6 @@
# Introduction
Quorum Vaulting System (QVM) is an open source system of playbooks and
Quorum Vaulting System (QVS) is an open source system of playbooks and
tooling which facilitates the creation and maintenance of highly resilient
[quorum](glossary.md#quorum)-based key management systems based on a strict
[threat model](threat-model.md) which can be used for a variety of different

View File

@ -30,10 +30,12 @@ instead the AirgapOS `.iso` image is flashed to an SD card, locked using
* `dd if=out/airgap.iso of=/dev/sdb bs=1M conv=sync status=progress`
* Label the SD card "AirgapOS - <version>"
* Verify that the hash of `airgap.iso` matches what's flashed on the SD card:
* `head -c $(stat -c '%s' out/airgap.iso) /dev/sdb | sha256sum`
* `sha256sum out/airgap.iso`
* Commit the hash of airgap to a git repo, ensuring the commit is signed
* Commit the hash of airgap to a git repo, ensuring the commit is signed