fix: clean up ceremony.yml
This commit is contained in:
parent
c88b4f94ff
commit
fca9b3eba4
GPG Key ID:
44A86CFF1FDF0E85
|
|
@ -2,7 +2,8 @@ usage: Location Key
|
||||||
officiant: Anton Livaja
|
officiant: Anton Livaja
|
||||||
location: Private Home (Address Redacted)
|
location: Private Home (Address Redacted)
|
||||||
witnesses: N/A
|
witnesses: N/A
|
||||||
hardware: Dell XPS 13 9630
|
hardware:
|
||||||
|
- Dell XPS 13 9630
|
||||||
firmware: BIOS 2.13.0
|
firmware: BIOS 2.13.0
|
||||||
laptop_modifications:
|
laptop_modifications:
|
||||||
- Removed WLAN Card
|
- Removed WLAN Card
|
||||||
|
|
@ -15,40 +16,52 @@ smart_cards: Yubikey 5 NFC
|
||||||
software:
|
software:
|
||||||
- name: Airgap OS
|
- name: Airgap OS
|
||||||
repo: https://git.distrust.co/public/airgap
|
repo: https://git.distrust.co/public/airgap
|
||||||
ref: main
|
ref: 485fc58bfb1b4dc75a81138d93948385cc5bf600
|
||||||
hash: 485fc58bfb1b4dc75a81138d93948385cc5bf600
|
|
||||||
playbooks:
|
playbooks:
|
||||||
- name: location-key-provisioning.md
|
- name: location-key-provisioning.md
|
||||||
ref: https://git.distrust.co/public/docs/src/commit/0df2c9ce08ba2381e2cc448b080721373de13539/quorum-key-management/src/location-key-provisioning.md
|
repo: https://git.distrust.co/public/docs
|
||||||
|
ref: 5438f99c9c8a174334cd45623a9b09143ead79c3
|
||||||
|
inputs:
|
||||||
|
- name: operator.pub.asc
|
||||||
|
identifier: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||||
outputs:
|
outputs:
|
||||||
- location.pub.asc
|
- name: location.pub.asc
|
||||||
public_key_fingerprints:
|
identifier: BBDEC472E16A7D11830B07F7582CC40F8A9BB54E
|
||||||
- type: location
|
|
||||||
fingerprint: BBDEC472E16A7D11830B07F7582CC40F8A9BB54E
|
|
||||||
- type: operator
|
|
||||||
fingerprint: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
|
||||||
log:
|
log:
|
||||||
- 2024-08-05:1723: Selected a room in residence which has no electronics in it
|
- 2024-08-05:1723: >-
|
||||||
and closed window and window blinds.
|
Selected a room in residence which has no electronics in it and closed window
|
||||||
- 2024-08-05:1727: Booted the laptop with AirgapOS of an SD card using the
|
and window blinds.
|
||||||
built in card reader.
|
- 2024-08-05:1727: >-
|
||||||
- 2024-08-05:1730: Plugged in SanDisk Ultra 32GB with operator PGP pub key and
|
Booted the laptop with AirgapOS of an SD card using the built in card reader.
|
||||||
imported it into the local GPG keychain using a USB card reader.
|
- 2024-08-05:1730: >-
|
||||||
- 2024-08-05:1752: Followed the ceremony guide to generate artifacts.
|
Plugged in SanDisk Ultra 32GB with operator PGP pub key and imported it into
|
||||||
- 2024-08-05:1813: Plugged in one of the backup SD cards using the USB reader
|
the local GPG keychain using a USB card reader. Then the SD card was
|
||||||
and copied over public artifacts, repeated with second SD card.
|
disconnected from the computer.
|
||||||
- 2024-08-05:1832: Plugged in a new smart card and seeded it with the Location
|
- 2024-08-05:1752: >-
|
||||||
Key PGP private key and repeated with the second smart card.
|
Followed the ceremony guide to generate artifacts.
|
||||||
- 2024-08-05:1848: Placed the Location Key PGP pub cert onto the SanDisk Ultra
|
- 2024-08-05:1813: >-
|
||||||
32GB which was used to bring the Operator Key cert to the airgapped machine,
|
Plugged in one of the backup SD cards using the USB reader and copied over
|
||||||
so that it can be brought to the ceremony
|
public artifacts, repeated with second SD card.
|
||||||
- 2024-08-05:1902: Deleted all data from laptop and shut it down.
|
- 2024-08-05:1832: >-
|
||||||
- 2024-08-05:1949: Created two packages, each consisting of a YubiKey that was
|
Plugged in a new smart card and seeded it with the Location Key PGP private
|
||||||
seeded, and backup SD card, inside of a static proof bag, then both inside of
|
key and repeated with the second smart card.
|
||||||
a faraday bag.
|
- 2024-08-05:1840: >-
|
||||||
- 2024-08-TODO:TODO: Put the laptop and backup SD cards and smart cards into
|
Deleted all plaintext data from the laptop.
|
||||||
a plastic roll, filled it with confetti and vacuum sealed it.
|
- 2024-08-05:1848: >-
|
||||||
|
Placed the Location Key PGP pub cert onto the SanDisk Ultra 32GB which was
|
||||||
|
used to bring the Operator Key cert to the air-gapped machine, so that it can
|
||||||
|
be brought to the ceremony.
|
||||||
|
- 2024-08-05:1855: >-
|
||||||
|
Deleted the remaining data and shut down the computer.
|
||||||
|
- 2024-08-05:1949: >-
|
||||||
|
Created two packages, each consisting of a YubiKey that was seeded, and backup
|
||||||
|
SD card, inside of a static proof bag, then both inside of a faraday bag.
|
||||||
|
- 2024-08-06:1622: >-
|
||||||
|
Put the laptop and backup SD cards and smart cards into a plastic roll, filled
|
||||||
|
it with confetti and vacuum sealed it.
|
||||||
general_notes:
|
general_notes:
|
||||||
- Nobody entered the part of the house where the ceremony was conducted for
|
- Nobody entered the part of the house where the ceremony was conducted for
|
||||||
the duration of the ceremony, up to the point where all data was securely
|
the duration of the ceremony, up to the point where all data was securely
|
||||||
stored and destroyed where applicable
|
stored and destroyed where applicable.
|
||||||
|
- While away from the private residence to procure seal bag, the laptop was
|
||||||
|
stored inside of a locked room.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue