From fca9b3eba4b0b9aa8374d76ca58145299f6b94b8 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Tue, 6 Aug 2024 12:01:02 -0400 Subject: [PATCH] fix: clean up ceremony.yml --- .../location-keys/anton-livaja/ceremony.yml | 91 +++++++++++-------- 1 file changed, 52 insertions(+), 39 deletions(-) diff --git a/2024-08-x/prod/location-keys/anton-livaja/ceremony.yml b/2024-08-x/prod/location-keys/anton-livaja/ceremony.yml index 3b0329f..9c26cbc 100644 --- a/2024-08-x/prod/location-keys/anton-livaja/ceremony.yml +++ b/2024-08-x/prod/location-keys/anton-livaja/ceremony.yml @@ -2,53 +2,66 @@ usage: Location Key officiant: Anton Livaja location: Private Home (Address Redacted) witnesses: N/A -hardware: Dell XPS 13 9630 +hardware: +- Dell XPS 13 9630 firmware: BIOS 2.13.0 laptop_modifications: - - Removed WLAN Card - - Removed speakers - - Removed microphone - - Removed all drives +- Removed WLAN Card +- Removed speakers +- Removed microphone +- Removed all drives boot_media: Kingston Type 2 SD Card 1GB backup_media: TeamGroup High Endurance Micro SDXC 128GB smart_cards: Yubikey 5 NFC software: - - name: Airgap OS - repo: https://git.distrust.co/public/airgap - ref: main - hash: 485fc58bfb1b4dc75a81138d93948385cc5bf600 +- name: Airgap OS + repo: https://git.distrust.co/public/airgap + ref: 485fc58bfb1b4dc75a81138d93948385cc5bf600 playbooks: - - name: location-key-provisioning.md - ref: https://git.distrust.co/public/docs/src/commit/0df2c9ce08ba2381e2cc448b080721373de13539/quorum-key-management/src/location-key-provisioning.md +- name: location-key-provisioning.md + repo: https://git.distrust.co/public/docs + ref: 5438f99c9c8a174334cd45623a9b09143ead79c3 +inputs: +- name: operator.pub.asc + identifier: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D outputs: - - location.pub.asc -public_key_fingerprints: - - type: location - fingerprint: BBDEC472E16A7D11830B07F7582CC40F8A9BB54E - - type: operator - fingerprint: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D +- name: location.pub.asc + identifier: BBDEC472E16A7D11830B07F7582CC40F8A9BB54E log: - - 2024-08-05:1723: Selected a room in residence which has no electronics in it - and closed window and window blinds. - - 2024-08-05:1727: Booted the laptop with AirgapOS of an SD card using the - built in card reader. - - 2024-08-05:1730: Plugged in SanDisk Ultra 32GB with operator PGP pub key and - imported it into the local GPG keychain using a USB card reader. - - 2024-08-05:1752: Followed the ceremony guide to generate artifacts. - - 2024-08-05:1813: Plugged in one of the backup SD cards using the USB reader - and copied over public artifacts, repeated with second SD card. - - 2024-08-05:1832: Plugged in a new smart card and seeded it with the Location - Key PGP private key and repeated with the second smart card. - - 2024-08-05:1848: Placed the Location Key PGP pub cert onto the SanDisk Ultra - 32GB which was used to bring the Operator Key cert to the airgapped machine, - so that it can be brought to the ceremony - - 2024-08-05:1902: Deleted all data from laptop and shut it down. - - 2024-08-05:1949: Created two packages, each consisting of a YubiKey that was - seeded, and backup SD card, inside of a static proof bag, then both inside of - a faraday bag. - - 2024-08-TODO:TODO: Put the laptop and backup SD cards and smart cards into - a plastic roll, filled it with confetti and vacuum sealed it. +- 2024-08-05:1723: >- + Selected a room in residence which has no electronics in it and closed window + and window blinds. +- 2024-08-05:1727: >- + Booted the laptop with AirgapOS of an SD card using the built in card reader. +- 2024-08-05:1730: >- + Plugged in SanDisk Ultra 32GB with operator PGP pub key and imported it into + the local GPG keychain using a USB card reader. Then the SD card was + disconnected from the computer. +- 2024-08-05:1752: >- + Followed the ceremony guide to generate artifacts. +- 2024-08-05:1813: >- + Plugged in one of the backup SD cards using the USB reader and copied over + public artifacts, repeated with second SD card. +- 2024-08-05:1832: >- + Plugged in a new smart card and seeded it with the Location Key PGP private + key and repeated with the second smart card. +- 2024-08-05:1840: >- + Deleted all plaintext data from the laptop. +- 2024-08-05:1848: >- + Placed the Location Key PGP pub cert onto the SanDisk Ultra 32GB which was + used to bring the Operator Key cert to the air-gapped machine, so that it can + be brought to the ceremony. +- 2024-08-05:1855: >- + Deleted the remaining data and shut down the computer. +- 2024-08-05:1949: >- + Created two packages, each consisting of a YubiKey that was seeded, and backup + SD card, inside of a static proof bag, then both inside of a faraday bag. +- 2024-08-06:1622: >- + Put the laptop and backup SD cards and smart cards into a plastic roll, filled + it with confetti and vacuum sealed it. general_notes: - - Nobody entered the part of the house where the ceremony was conducted for +- Nobody entered the part of the house where the ceremony was conducted for the duration of the ceremony, up to the point where all data was securely - stored and destroyed where applicable + stored and destroyed where applicable. +- While away from the private residence to procure seal bag, the laptop was + stored inside of a locked room.