public
/
docs
5
0
Fork 0
Code Issues 14 Pull Requests 1 Packages Projects Releases Wiki Activity

minor cleanup

This commit is contained in:
Anton Livaja 2025-01-25 06:22:21 -05:00
parent 573c13b462
commit fd0907d07a
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
2 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
View File

@ -8,9 +8,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
{{ #include ../../operator-requirements.md:requirements }} {{ #include ../../operator-requirements.md:requirements }}
* Minimum of 2 fresh SD cards * [SD Card Booster Pack](../provisioner/provision-sd-card.md)
* [Ceremony SD Card](../provisioner/provision-root-entropy-ceremony-sd-card.md)
* [Namespace Ceremony SD Card](../provisioner/provision-namespace-ceremony-sd-card.md) * [Namespace Ceremony SD Card](../provisioner/provision-namespace-ceremony-sd-card.md)
@ -38,7 +36,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
1. Plug in the Ceremony SD card 1. Retrieve Namespace Ceremony SD card from High Visibility Storage and plug it into air-gapped laptop
1. Run `ceremony.sh` from the SD card 1. Run `ceremony.sh` from the SD card

21
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
View File

@ -2,15 +2,13 @@
This is a ceremony for generating entropy which is used to derive Quorum PGP keys, load them into smart cards and shard entropy to them. Optionally a disaster recovery PGP key can be derived. This is a ceremony for generating entropy which is used to derive Quorum PGP keys, load them into smart cards and shard entropy to them. Optionally a disaster recovery PGP key can be derived.
- [ ] add step for deriving root entropy pgp key
## Requirements ## Requirements
{{ #include ../../operator-requirements.md:requirements }} {{ #include ../../operator-requirements.md:requirements }}
* `N` SD cards in the chosen `M of N` quorum * [SD Card Booster Pack](../provisioner/provision-sd-card.md)
* [Ceremony SD Card](../provisioner/provision-root-entropy-ceremony-sd-card.md) * `N` SD cards in the chosen `M of N` quorum
* [Quorum Entropy Ceremony SD Card](../provisioner/provision-quorum-ceremony-sd-card.md) * [Quorum Entropy Ceremony SD Card](../provisioner/provision-quorum-ceremony-sd-card.md)
@ -38,13 +36,19 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
1. Plug in the Ceremony SD card 1. Retrieve Quorum Entropy Ceremony SD card from High Visibility Storage and plug it into air-gapped laptop
1. Run `ceremony.sh` from the SD card 1. Run `ceremony.sh` from the SD card
1. Button mash to ensure adequate entropy on the OS 1. Button mash to ensure adequate entropy on the OS
1. Back up the `shardfile` to any desired number of SD cards, and label each "Shardfile [date]" 1. Unplug the Quorum Entropy Ceremony SD card and place it into High Visibility Storage
1. Open the SD Card Booster Pack, and place all cards into High Visibility Storage
1. Plug in SD cards one at a time and use following steps to back up ceremony artifacts
1. Back up the `shardfile`
1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command: 1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
@ -52,6 +56,11 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
1. If an OpenPGP certificate was derived, store the public key on a SD card, separate from the shardfiles 1. If an OpenPGP certificate was derived, store the public key on a SD card, separate from the shardfiles
1. Unplug the SD card and place it in High Visibility Storage
1. Label the SD card "Shardfile [date]"
### Finalizing Ceremony ### Finalizing Ceremony
1. Gather all the original items that were in the air-gapped bundle: 1. Gather all the original items that were in the air-gapped bundle: