qkm-ceremonies/2024-08-x/prod/location-keys/anton-livaja/ceremony.yml

68 lines
2.6 KiB
YAML
Raw Normal View History

2024-08-06 02:08:07 +00:00
usage: Location Key
officiant: Anton Livaja
location: Private Home (Address Redacted)
witnesses: N/A
2024-08-06 16:01:02 +00:00
hardware:
- Dell XPS 13 9630
2024-08-06 02:08:07 +00:00
firmware: BIOS 2.13.0
laptop_modifications:
2024-08-06 16:01:02 +00:00
- Removed WLAN Card
- Removed speakers
- Removed microphone
- Removed all drives
2024-08-06 02:08:07 +00:00
boot_media: Kingston Type 2 SD Card 1GB
backup_media: TeamGroup High Endurance Micro SDXC 128GB
smart_cards: Yubikey 5 NFC
software:
2024-08-06 16:01:02 +00:00
- name: Airgap OS
repo: https://git.distrust.co/public/airgap
ref: 485fc58bfb1b4dc75a81138d93948385cc5bf600
2024-08-06 02:08:07 +00:00
playbooks:
2024-08-06 16:01:02 +00:00
- name: location-key-provisioning.md
repo: https://git.distrust.co/public/docs
ref: 5438f99c9c8a174334cd45623a9b09143ead79c3
inputs:
- name: operator.pub.asc
identifier: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
2024-08-06 02:08:07 +00:00
outputs:
2024-08-06 16:01:02 +00:00
- name: location.pub.asc
identifier: BBDEC472E16A7D11830B07F7582CC40F8A9BB54E
2024-08-06 02:08:07 +00:00
log:
2024-08-06 16:01:02 +00:00
- 2024-08-05:1723: >-
Selected a room in residence which has no electronics in it and closed window
and window blinds.
- 2024-08-05:1727: >-
Booted the laptop with AirgapOS of an SD card using the built in card reader.
- 2024-08-05:1730: >-
Plugged in SanDisk Ultra 32GB with operator PGP pub key and imported it into
the local GPG keychain using a USB card reader. Then the SD card was
disconnected from the computer.
- 2024-08-05:1752: >-
Followed the ceremony guide to generate artifacts.
- 2024-08-05:1813: >-
Plugged in one of the backup SD cards using the USB reader and copied over
public artifacts, repeated with second SD card.
- 2024-08-05:1832: >-
Plugged in a new smart card and seeded it with the Location Key PGP private
key and repeated with the second smart card.
- 2024-08-05:1840: >-
Deleted all plaintext data from the laptop.
- 2024-08-05:1848: >-
Placed the Location Key PGP pub cert onto the SanDisk Ultra 32GB which was
used to bring the Operator Key cert to the air-gapped machine, so that it can
be brought to the ceremony.
- 2024-08-05:1855: >-
Deleted the remaining data and shut down the computer.
- 2024-08-05:1949: >-
Created two packages, each consisting of a YubiKey that was seeded, and backup
SD card, inside of a static proof bag, then both inside of a faraday bag.
- 2024-08-06:1622: >-
Put the laptop and backup SD cards and smart cards into a plastic roll, filled
it with confetti and vacuum sealed it.
2024-08-06 02:08:07 +00:00
general_notes:
2024-08-06 16:01:02 +00:00
- Nobody entered the part of the house where the ceremony was conducted for
2024-08-06 02:08:07 +00:00
the duration of the ceremony, up to the point where all data was securely
2024-08-06 16:01:02 +00:00
stored and destroyed where applicable.
- While away from the private residence to procure seal bag, the laptop was
stored inside of a locked room.