clean up multiple docs

quorum-vault-system/src/SUMMARY.md

@@ -3,7 +3,7 @@
     * [Threat Model](threat-model.md)
     * [Selecting a Quorum](selecting-quorum.md)
     * [System Roles](system-roles.md)
-    * [Key Types](key-types.md)
+    * [PGP Key Types](key-types.md)
     * [Software](software.md)
     * [Location](locations.md)
     * [Glossary](glossary.md)

quorum-vault-system/src/component-documents/finding-device-name.md

@@ -1,6 +1,6 @@
 /* ANCHOR: all */
 // ANCHOR: content
 Look for your SD card device name (`<device_name>`) in the output of the `lsblk` command. It will typically be listed as `/dev/sdX` or `/dev/mmcblk<num>`, where X is a letter (e.g., `/dev/sdb`, `/dev/sdc`). You can identify it by its size or by checking if it has a partition (like `/dev/sdX1`)
-    * You may mount the device using: `sudo mount /dev/<your_device> /media` 
+    * Mount the device using: `sudo mount /dev/<your_device> /media`
 // ANCHOR_END: content
 /* ANCHOR_END: all */

quorum-vault-system/src/component-documents/git-repository-initialization.md

@@ -7,13 +7,13 @@ Git is used because it permits cryptographic singing of commits using PGP, as we
 
 ## Procedure: Setting up Repository
 // ANCHOR: procedure
-1. Create a git repository using a git system such as Forjego, GitLab, GitHub etc.
+1. Create a git repository using a git system such as Forgejo, GitLab, GitHub etc.
 
 1. Set appropriate permissions to limit who can write to the repository.
 
     * Require that all commits are signed using well known PGP keys
 
-1. Optionally set up a chron job that periodically pulls the data from the repository as a backup.
+1. Optionally set up a cron job that periodically pulls the data from the repository as a backup.
 // ANCHOR_END: procedure
 /* ANCHOR_END: all */
 

quorum-vault-system/src/component-documents/openpgp-setup.md

@@ -1,10 +1,6 @@
 /* ANCHOR: all */
 # OpenPGP Setup
 
-Setting up a personal PGP key pair is necessary for a number of different
-aspects while bootstrapping QVS. The keys are a fundamental building block, and
-as such need to be set up in a manner that minimizes exposure risks.
-
 ## Generating Keys using `keyfork`
 // ANCHOR: steps-keyfork
 

quorum-vault-system/src/fixed-location-reusable-laptop-ceremony.md

@@ -1,67 +0,0 @@
-# Fixed Location Reusable Laptop Ceremony
-
-This device is intended for use in a secure facility such as a [SCIF](TODO) which has the added assurances of protecting the environment from a wide range of side-channel attacks, as well as protection from physical attacks, and more comprehensive tamper proofing controls.
-
-The fixed location should include a work-station which makes it easy to perform the [tamper proofing](tamper-evidence-methods.md#tamper-proofing-station) procedure. This station may consist of a simple frame which holds a LED light, for consistent lightning, as well as a camera stand above it which can be used to take pictures. The camera should have an SD card that easily slides out of it so that the device doesn't leave and re-enter the room, only the SD card does.
-
-    * TODO: this is actually not necessary for the fixed location device, but it's good to have this setup in the same facility maybe for processing/setting up the one time use laptops
-
-The primary tamper proofing methods for the fixed location device are:
-
-* Heads firmware protection (TODO link to document which explains how to set up Purism)
-
-* Glitter to prevent physical access to hardware (TODO link to how to properly use glitter for tamper proofing)
-
-* On-premises audio and visual monitoring (TODO select appropriate equipment)
-
-* Physical vault (TODO find adequate vaults)
-
-## Procedure
-
-### Unsealing
-
-1. Select at least two authorized operators who will be participating in the ceremony
-
-2. Print photographs of tamper proofing of the laptop which will be used for the ceremony
-
-    * Both photos of vacuum sealed bag with filler and glitter on the bottom screws of laptop are required
-
-3. Make an entry into the access log, specifying the:
-
-    * Individuals involved
-
-    * Approximate time of entry
-
-4. Enter the SCIF, ensuring to lock the door behind you from the inside. The room should not be accessible from the outside during a ceremony.
-
-    * Ensure that no individual is bringing in any electronic devices. A hand-held or gate metal detector can be used for this.
-
-5. Access the laptop safe, and move the laptop, its hardware token, and polaroid to the Tamper Proofing Workstation
-
-    * Compare the polaroid and digital photographs for any differences
-
-    * Then compare the photographs to the actual object
-
-    * Check the glitter on the bottom screws of the laptop ensuring there are no scratch marks, and compare the screws to photos
-
-    * If there are any issues detected, initiate incident response
-
-6. Initiate the [Secure Boot Sequence](secure-boot-sequence.md)
-
-{{ #include secure-boot-sequence.md }}
-
-7. Use one of the [Playbooks](todo) to carry out a task
-
-#### Sealing
-
-{{ #include tamper-evidence-methods.md:vsbwf-procedure-sealing}}
-
-2. Remove the SD card from the camera and use chain of custody principles to ensure the integrity of the data
-
-3. Place the sealed laptop and signed polaroids, as well as the hardware token back in the safe
-
-4. Exit the SCIF and lock it
-
-5. Update the log with the exit time
-
-6. Upload the photos to a git repository, ensuring the commit is signed using PGP

quorum-vault-system/src/generated-documents/all-levels/pgp-key-provisioning.md

@@ -3,11 +3,11 @@
 ## Requirements
 
 * [AirgapOS SD card](../level-2/fixed-location/provisioner/provision-airgapos.md)
-  * Provided by [AirGapped Bundle](../level-2/fixed-location/provisioner/air-gapped-bundle.md)
+  * Provided by [Air-Gapped Bundle](../level-2/fixed-location/provisioner/air-gapped-bundle.md)
   * Alternative: Create your own from documentation in [AirgapOS Repository](https://git.distrust.co/public/airgap)
 
 * AirgapOS Laptop
-  * Provided by [AirGapped Bundle](../level-2/fixed-location/provisioner/air-gapped-bundle.md)
+  * Provided by [Air-Gapped Bundle](../level-2/fixed-location/provisioner/air-gapped-bundle.md)
   * Alternative: Computer that can load AirgapOS ([compatibility reference](https://git.distrust.co/public/airgap#tested-models))
 
 {{ #include ../../component-documents/linux-workstation.md:content }}
@@ -40,7 +40,7 @@
 1. Import newly generated public key into local keychain
 
     ```
-    $ gpg --import /media/transport/*.pub.asc
+    $ gpg --import /media/TRANSFER/*.pub.asc
     ```
 
 {{ #include ../../component-documents/git-commit-signing.md:steps }}
@@ -57,7 +57,7 @@
     $ git checkout main
     $ git pull origin main
     ```
-	b. Commit and push modifications
+	c. Commit and push modifications
     ```
     $ cp /media/TRANSFER/*.asc keys/all
     $ git add .

quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/cosmos-create-transaction-payload.md

@@ -4,19 +4,24 @@
 
 1. Use icepick to generate and sign the payload by running one of the following available workflows:
 	#### Stake
-	Stake coins on the provided chain
+	Stake coins on the provided chain.
 
 	`$ icepick workflow cosmos stake --delegate-address <delegate-address> --validator-address <validator-address> --chain-name <chain-name> --asset-name <asset-name> --asset-amount <asset-amount> --gas-factor <gas-factor> --export-for-quorum --sign`
 
 	#### Transfer
-	Transfer coins on the cosmos blockchain
+	Transfer coins on the cosmos blockchain.
 
 	`$ icepick workflow cosmos transfer --from-address <from-address> --to-address <to-address> --asset-name <asset-name> --asset-amount <asset-amount> --export-for-quorum --sign`
 
 	#### Withdraw
-	Withdraw staked coins from a validator. Staked coins may be held for an unbonding period, depending on the chain upon which they are staked
+	Withdraw staked coins from a validator. Staked coins may be held for an unbonding period, depending on the chain upon which they are staked.
 
 	`$ icepick workflow cosmos withdraw --delegate-address <delegate-address> --validator-address <validator-address> --asset-name <asset-name> --gas-factor <gas-factor> --export-for-quorum-sign`
 
 
+	#### Withdraw Rewards
+	Withdraw rewards gained from staking to a validator.
+
+	`$ icepick workflow cosmos withdraw-rewards --delegate-address <delegate-address> --validator-address <validator-address> --gas-factor <gas-factor> --export-for-quorum-sign`
+
 {{ #include template-create-tx-1.md:content }}

quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/sol-create-transaction-payload.md

@@ -4,12 +4,12 @@
 
 1. Use icepick to generate and sign the payload by running one of the following available workflows:
 	#### Transfer
-	Transfer SOL from one address to another
+	Transfer native Solana asset - SOL.
 
 	`$ icepick workflow sol transfer --to-address <to-address> --from-address <from-address> --amount <amount> --export-for-quorum --sign`
 
 	#### Transfer Token
-	Transfer SPL tokens on Solana blockchain
+	Transfer SPL tokens on Solana blockchain.
 
 	`$ icepick workflow sol transfer-token --from-address <from-address> --to-address <to-address> --token-name <token-name> --token-amount <token-amount> --export-for-quorum --sign`
 

quorum-vault-system/src/generated-documents/level-2/operator-requirements.md

@@ -9,11 +9,11 @@
     * The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo
 
 * [AirgapOS SD card](/generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
-  * Provided by [AirGapped Bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
+  * Provided by [Air-Gapped Bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
   * Alternative: Create your own from documentation in [AirgapOS Repository](https://git.distrust.co/public/airgap)
 
 * AirgapOS Laptop
-  * Provided by [AirGapped Bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
+  * Provided by [Air-Gapped Bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
   * Alternative: Computer that can load AirgapOS ([compatibility reference](https://git.distrust.co/public/airgap#tested-models))
 
 * Minimum of 1 [Operator](/system-roles.md#operator) and 1 [Witness](/system-roles.md#witness)

quorum-vault-system/src/key-types.md

@@ -1,4 +1,4 @@
-# Key Types
+# PGP Key Types
 
 ## Personal PGP Keypair
 

quorum-vault-system/src/system-roles.md

@@ -14,14 +14,14 @@ Individuals who are selected for the roles:
 
 * MUST be reinvestigated once a year to ensure they meet necessary standards to access restricted information
 
-## Provisioner
-
-Responsible for more technical aspects of preparing equipment for ceremonies such as creating air-gapped machines by removing radio cards, and tamper proofing them along with SD cards which are loaded with AirgapOS etc.
-
 ## Procurer
 
 Responsible for tasks such as procuring a location, tamper proofing equipment, hardware, and maintaining inventory.
 
+## Provisioner
+
+Responsible for more technical aspects of preparing equipment for ceremonies such as creating air-gapped machines by removing radio cards, and tamper proofing them along with SD cards which are loaded with AirgapOS etc.
+
 ## Proposer
 
 This is an individual who is a business owner or stakeholder, or a financial controller. Their role is to make fiduciary decisions which protect the financial interest of the organization and its clients. Their role is specifically to propose the movement of funds, specifying the amount, origin and destination.
@@ -40,4 +40,4 @@ As a QVS grows, it may be prudent to create more highly specialized roles whose
 
 ## Witness
 
-QVS relies of having individuals present to witness that processes which uphold the security of the system are properly followed. [Operators](#operator) make ideal witnesses as their familiarity with the QVS system allows them to detect any deviation from the processes which uphold the security of the system. While it is not required that a Witness be a trained Operator, it is highly preferred.
+QVS relies of having individuals present to witness that processes which uphold the security of the system are properly followed. [Operators](#operator) make ideal witnesses as their familiarity with the QVS system allows them to detect any deviation from the security-critical processes. While it is not required that a Witness be a trained Operator, it is highly preferred.

quorum-vault-system/src/threat-model.md

@@ -140,7 +140,7 @@ This level focuses on defending against insider threats.
 
 * Exploit any vulnerability within 24h of public knowledge
 
-### Requirements
+#### Requirements
 
 * All production access:
 
@@ -156,7 +156,7 @@ This level focuses on defending against insider threats.
 
   * MUST be anchored to keys in dedicated HSMs held by each administrator
 
-    * Consider OpenPGP or PKSC#11 smart cards that support touch-approval for ssh
+    * Consider OpenPGP or PKCS#11 smart cards that support touch-approval for ssh
 
 * Any code in the transaction signing trust supply chain:
 
@@ -198,11 +198,11 @@ This level focuses on defending against insider threats.
 
       * App phone stores already anchor to developer held signing keys
 
-### Reference Design
+#### Reference Design
 
 * Create offline CA key(s)
 
-* Consider OpenGPG key generated on airgap using keyfork, backed up, and copies transmitted to a smart cards such as a Yubikey
+* Consider OpenPGP key generated on airgap using keyfork, backed up, and copies transmitted to a smart cards such as a Yubikey
 
 * CA key smart cards are stored in dual-access tamper evident locations