Visit date & time: 12.03.2016, 13:40 - 16:10 CEST Persons: Bas van den Dikkenberg (secure-u) Mendel Mobach (CAcert) Martin Simons (CAcert) Benedikt Heintel (CAcert internal auditor) Actions performed during this site visit: In the BIT workplace we received a machine from secure-u where we disconnected the harddrive, connected keyboard and mouse and monitor. For boot we used a Ubuntu DVD provided by Wytze van der Raay (cacert). Everyone received a print of implementation.txt also provided by Wytze. 1 USB Stick containing .deb files and execute.sh 1 USB stick provided by Bas van den Dikkenberg that we formatted In short, for the exact commands please see implementation.txt. * Booted the DVD * We checked the checksum of the Ubuntu DVD * Formatted the USB Stick from Secure-U * Turned the PC off and started it again. * Copied the software * Installed the software with execute.sh * Killed the ubuntu process that held software install back * Installed the software with execute.sh * Took note of the checksum (all of the people on site) * Copied the script output logs to the usb stick. * Noticed the USB stick was broken. * Turned the PC off and started it again. * Formatted the replacement USB Stick from Secure-U * Turned the PC off and started it again. * Copied the software * Installed the software with execute.sh * Took note of the checksum (all of the people on site) * Copied the script output logs to the usb stick. * Turned the PC off * Handed the USB Stick to Bas * Turned the PC on and started it again to start memtest while doing the datacenter visit Data center visit: * Connected a monitor and keyboard to the signer * Received the USB stick from Bas * Inserted the USB stick into the signer * Synced the time and date of the signer * Create the ramfs and copied the documented files from the USB stick to the ramfs * Checked the checksums * Copied the key and certificate to the ramfs * started main * main complained about not able to load the certificate * Verified the contents of the root.crt, turned out to be the key At this point the contents of the private key file might have ended up in the script log * Stopped the script log * umounted the tmpfs (RAM) Doing it all again * Created the ramfs and copied the documented files from the USB stick to the ramfs * Checked the checksums * Copied the key and certificate to the ramfs * started main * Inspected the results, they looked fine * Noted down the checksum * Copied the results to the usb stick and the server directory. * exited the script logger * copied the script log outputs to the USB stick * verified that this data was on the USB stick * umounted and ejected the stick Copying it to the webserver: * Inserted the stick into the webserver * logged in onto the webserver * Copied the files to the webserver * ejected the USB stick * Handed the USB stick to secure-U In the workplace again: * Checked memtest, it ran for more than 53 minutes without errors, only to show 1 memory bank having about 500G ram, which might be a strange bug somewhere, probably not inflicting the memorytest (total mem shown was 12G) * Shut down the PC * Handed over the USB stick with program input, The USB Stick with program output The ubuntu DVD all over to Benedikt. * Packed our stuff and left. -- end.