diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md index 3e68337..dcf539e 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md @@ -8,9 +8,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor {{ #include ../../operator-requirements.md:requirements }} -* Minimum of 2 fresh SD cards - -* [Ceremony SD Card](../provisioner/provision-root-entropy-ceremony-sd-card.md) +* [SD Card Booster Pack](../provisioner/provision-sd-card.md) * [Namespace Ceremony SD Card](../provisioner/provision-namespace-ceremony-sd-card.md) @@ -38,7 +36,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage -1. Plug in the Ceremony SD card +1. Retrieve Namespace Ceremony SD card from High Visibility Storage and plug it into air-gapped laptop 1. Run `ceremony.sh` from the SD card diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md index a952533..1702c4a 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md @@ -2,15 +2,13 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP keys, load them into smart cards and shard entropy to them. Optionally a disaster recovery PGP key can be derived. -- [ ] add step for deriving root entropy pgp key - ## Requirements {{ #include ../../operator-requirements.md:requirements }} -* `N` SD cards in the chosen `M of N` quorum +* [SD Card Booster Pack](../provisioner/provision-sd-card.md) -* [Ceremony SD Card](../provisioner/provision-root-entropy-ceremony-sd-card.md) +* `N` SD cards in the chosen `M of N` quorum * [Quorum Entropy Ceremony SD Card](../provisioner/provision-quorum-ceremony-sd-card.md) @@ -38,19 +36,30 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage -1. Plug in the Ceremony SD card +1. Retrieve Quorum Entropy Ceremony SD card from High Visibility Storage and plug it into air-gapped laptop 1. Run `ceremony.sh` from the SD card 1. Button mash to ensure adequate entropy on the OS -1. Back up the `shardfile` to any desired number of SD cards, and label each "Shardfile [date]" +1. Unplug the Quorum Entropy Ceremony SD card and place it into High Visibility Storage -1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command: +1. Open the SD Card Booster Pack, and place all cards into High Visibility Storage - * `keyfork recover shard --daemon` +1. Plug in SD cards one at a time and use following steps to back up ceremony artifacts + + 1. Back up the `shardfile` + + 1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command: + + * `keyfork recover shard --daemon` + + 1. If an OpenPGP certificate was derived, store the public key on a SD card, separate from the shardfiles + + 1. Unplug the SD card and place it in High Visibility Storage + + 1. Label the SD card "Shardfile [date]" -1. If an OpenPGP certificate was derived, store the public key on a SD card, separate from the shardfiles ### Finalizing Ceremony