mortenVChristiansen
/
k_card
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Record AppVM template and UI baseline

This commit is contained in:
Morten V. Christiansen 2026-04-24 05:52:44 +02:00
parent d9e9e95b5f
commit 8888601f69
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Setup.md
View File

@ -44,7 +44,7 @@ Update this file whenever environment status or verified behavior changes.
## Target Qubes Topology
- Base template for all AppVMs: Debian template.
- Base template for all AppVMs: `debian-13-xfce`.
- Allowed network paths:
- `k_client` -> `k_proxy` over TLS
- `k_proxy` -> `k_server` over TLS
@ -68,6 +68,11 @@ Functional roles:
- Provides a dummy protected resource for early integration testing (monotonic increasing number/counter).
- May hold user/session state logic needed for authorization decisions.
UI baseline for each AppVM (start-menu visible apps):
- Firefox
- XFCE Terminal
- File Manager
## Target Request Flow
1. `k_client` sends HTTPS request to `k_proxy`.
@ -125,6 +130,7 @@ Implication:
Session note (2026-04-24):
- Markdown tracking was reviewed and normalized around `Setup.md` + `Workplan.md` as the active, continuously updated execution record.
- AppVM template decision recorded: use `debian-13-xfce` for `k_client`, `k_proxy`, and `k_server`.
## Known FIDO2 Transport Boundary

4
Workplan.md
View File

@ -8,7 +8,7 @@ This is the execution plan for making ChromeCard FIDO2 development and validatio
- Treat `/home/user/chromecard/CR_SDK_CK-main` as read-only.
- Keep helper scripts such as `fido2_probe.py` and `webauthn_local_demo.py` at `/home/user/chromecard`.
- Target deployment model is Qubes OS with 3 Debian-based AppVMs: `k_client`, `k_proxy`, `k_server`.
- Target deployment model is Qubes OS with 3 AppVMs based on `debian-13-xfce`: `k_client`, `k_proxy`, `k_server`.
- Current authenticator link is card->`k_proxy` (USB), but architecture must allow migration to wireless phone-mediated validation.
## Goals
@ -26,7 +26,7 @@ This is the execution plan for making ChromeCard FIDO2 development and validatio
## Phase 0: Qubes VM Baseline (Blocking)
1. Provision/verify AppVMs.
- Ensure `k_client`, `k_proxy`, `k_server` exist and are based on the Debian template.
- Ensure `k_client`, `k_proxy`, `k_server` exist and are based on `debian-13-xfce`.
2. Assign functional responsibilities.
- `k_client`: browser client + enrollment process.