1 Visit date & time: 2 12.03.2016, 13:40 - 16:10 CEST 3 4 Persons: 5 Bas van den Dikkenberg (secure-u) 6 Mendel Mobach (CAcert) 7 Martin Simons (CAcert) 8 Benedikt Heintel (CAcert internal auditor) 9 10 Actions performed during this site visit: 11 12 In the BIT workplace we received a machine from secure-u where we disconnected the harddrive, connected keyboard and mouse and monitor. 13 14 For boot we used a Ubuntu DVD provided by Wytze van der Raay (cacert). 15 Everyone received a print of implementation.txt also provided by Wytze. 16 17 1 USB Stick containing .deb files and execute.sh 18 1 USB stick provided by Bas van den Dikkenberg that we formatted 19 20 In short, for the exact commands please see implementation.txt. 21 * Booted the DVD 22 * We checked the checksum of the Ubuntu DVD 23 * Formatted the USB Stick from Secure-U 24 * Turned the PC off and started it again. 25 * Copied the software 26 * Installed the software with execute.sh 27 * Killed the ubuntu process that held software install back 28 * Installed the software with execute.sh 29 * Took note of the checksum (all of the people on site) 30 * Copied the script output logs to the usb stick. 31 * Noticed the USB stick was broken. 32 * Turned the PC off and started it again. 33 * Formatted the replacement USB Stick from Secure-U 34 * Turned the PC off and started it again. 35 * Copied the software 36 * Installed the software with execute.sh 37 * Took note of the checksum (all of the people on site) 38 * Copied the script output logs to the usb stick. 39 * Turned the PC off 40 * Handed the USB Stick to Bas 41 * Turned the PC on and started it again to start memtest while doing the datacenter visit 42 43 Data center visit: 44 * Connected a monitor and keyboard to the signer 45 * Received the USB stick from Bas 46 * Inserted the USB stick into the signer 47 * Synced the time and date of the signer 48 * Create the ramfs and copied the documented files from the USB stick to the ramfs 49 * Checked the checksums 50 * Copied the key and certificate to the ramfs 51 * started main 52 * main complained about not able to load the certificate 53 * Verified the contents of the root.crt, turned out to be the key 54 At this point the contents of the private key file might have ended up in the script log 55 * Stopped the script log 56 * umounted the tmpfs (RAM) 57 Doing it all again 58 * Created the ramfs and copied the documented files from the USB stick to the ramfs 59 * Checked the checksums 60 * Copied the key and certificate to the ramfs 61 * started main 62 * Inspected the results, they looked fine 63 * Noted down the checksum 64 * Copied the results to the usb stick and the server directory. 65 * exited the script logger 66 * copied the script log outputs to the USB stick 67 * verified that this data was on the USB stick 68 * umounted and ejected the stick 69 70 Copying it to the webserver: 71 * Inserted the stick into the webserver 72 * logged in onto the webserver 73 * Copied the files to the webserver 74 * ejected the USB stick 75 * Handed the USB stick to secure-U 76 77 In the workplace again: 78 * Checked memtest, it ran for more than 53 minutes without errors, 79 only to show 1 memory bank having about 500G ram, which might be a 80 strange bug somewhere, probably not inflicting the memorytest 81 (total mem shown was 12G) 82 * Shut down the PC 83 * Handed over the USB stick with program input, 84 The USB Stick with program output 85 The ubuntu DVD 86 all over to Benedikt. 87 * Packed our stuff and left. 88 89 -- end.
Attached FilesTo refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.
You are not allowed to attach a file to this page.