1.
Introduction
1.1.
Threat Model
1.2.
Selecting a Quorum
1.3.
Software
1.4.
Hardware
1.5.
Glossary
2.
Preparations
2.1.
Repeat Use
2.1.1.
Flash PureBoot to Librem
2.1.2.
Initialize PureBoot Smart Card
2.1.3.
Change Smart Card PINs
2.1.4.
PureBoot Restricted Boot
2.1.5.
AirgapOS Setup
2.1.6.
autorun.sh Setup
2.1.7.
Secure Boot Sequence
2.1.8.
Selecting Locations
2.2.
One Time Use
2.2.1.
Procure Hardware
2.2.2.
AirgapOS Setup
2.2.3.
Repository Setup
2.2.4.
Selecting Locations
3.
Key Ceremonies
3.1.
Ceremony Log Template
3.2.
Root Entropy Ceremonies
3.2.1.
Local Key Provisioning
3.2.2.
Hybrid Key Provisioning
3.2.3.
Remote Key Provisioning
3.3.
Additional Key Ceremonies
3.3.1.
Operator Key Provisioning
3.3.2.
Location Key Provisioning
3.4.
Post Ceremony
3.4.1.
Online Artifact Storage
3.4.2.
Physical Artifact Storage
4.
Lifecycle Management
4.1.
Destroying Hardware
4.2.
Storage Device Management
Light
Rust
Coal
Navy
Ayu
Quorum Key Management (QKM)
Remote Key Provisioning
TODO