11 Jul 2026SECRET-tier · UK MOD · NATO SECRET · AUKUS
The literal air-gapped deployment guide for SECRET-tier buyers.
Owner-gated companion to defoneos-mod-90-day-sovereign-pilot-sow.html. This guide is for buyers who must deploy DEFONEOS in a fully disconnected environment — no inbound or outbound internet at runtime, no remote support, updates only by physical media (sneakernet). Covers hardware specification, base-image creation, deterministic build pipeline, update chain, FIPS-140-3 cryptography, incident response without internet, and named physical-delivery protocols (Royal Mail Special Delivery + tamper-evident bag + SC-cleared courier).
0Internet connections at runtime
FIPS-140-3Cryptographic module
≤ 14 dInitial deployment timeline
14Cryptographic primitives verified
1. When you need this guide
The deployment environment is OFFICIAL-SENSITIVE or above (UK Government Security Classifications Policy 2018).
The buyer is operating under JSP 440, NATO INFOSEC, or AUKUS cyber-security arrangements.
The buyer requires that no DEFONEOS component makes an outbound network call at any time after base-image installation (except pre-authorised signed telemetry on a dedicated one-way diode).
The buyer does not allow remote support engineer access. Updates are physically delivered by SC-cleared courier on tamper-evident media.
The buyer requires reproducible / deterministic builds so that any deployed binary can be re-built and verified offline from source.
2. Hardware reference specification
Role
Minimum
Recommended
Notes
Control plane (3 nodes for HA)
8 vCPU / 32 GB RAM / 200 GB NVMe per node
16 vCPU / 64 GB RAM / 1 TB NVMe per node
x86_64; physical preferred over virtual
Worker plane (5 nodes)
16 vCPU / 64 GB RAM / 500 GB NVMe per node
32 vCPU / 128 GB RAM / 2 TB NVMe per node
GPU optional (NVIDIA L4) for AI/ML workloads
Storage (Ceph / MinIO)
3 nodes × 4 TB
5 nodes × 8 TB
Erasure coding RF=2, K=4
Network
10 Gbps internal, air-gapped
25 Gbps internal, air-gapped
One-way diode ONLY for outbound telemetry
Cryptographic accelerator
HSM (e.g. Thales Luna T-7)
Thales Luna T-7 + Utimaco CryptoServer
FIPS 140-3 Level 3
Operator workstation
SC-cleared laptop, no wireless
Same, hardened OS
Hardware RF shielding bag for transit
3. Base-image delivery — the physical chain
Step 1 — Build offline (Supplier site)
• CSOAI engineer builds base image on air-gapped build farm.
• Build environment: Debian 12 (Bookworm) + reproducible-build toolchain.
• Toolchain pinned via Debian snapshot.debian.org (timestamp recorded in SIGIL).
• Build script determinism: SOURCE_DATE_EPOCH set, timezone=UTC, locale=C.UTF-8.
Step 2 — Sign the artefact (offline HSM)
• SHA-512 of the image computed; signed with the Supplier's offline Ed25519 key.
• Signing key held in a FIPS 140-3 Level 3 HSM (Luna T-7) at Supplier site.
• Public key fingerprint published at defoneos.org/keys/release-2026.key.
Step 3 — Burn to physical media
• Image written to two identical USB SSDs (Samsung T7 Shield, hardware-encrypted).
• SSDs encrypted with LUKS2 + Argon2id (memory=1 GB, iterations=4, parallelism=4).
• LUKS passphrase split across 3 Shamir shares; any 2 of 3 needed to decrypt.
Step 4 — Tamper-evident packaging
• Each SSD sealed in a tamper-evident bag (Tyvek serial-numbered, vendor: Ameripack).
• Bag serial numbers logged in the SIGIL chain at proofof.ai/defoneos-air-gap-2026-[NN].
• Both bags shipped in a single hard-shell case (Pelican 1500) with handle lock.
Step 5 — Physical delivery
• Shipped by Royal Mail Special Delivery Guaranteed by 9am (or named SC-cleared
courier for higher classifications) to the buyer's named SC-cleared recipient.
• Chain-of-custody form signed at dispatch, in transit, on receipt.
• Buyer verifies bag serial numbers match SIGIL record before opening.
4. Installation procedure (on buyer's site, by SC-cleared personnel)
Verify tamper-evident bag serial numbers against SIGIL record at proofof.ai/defoneos-air-gap-2026-[NN]; reject if mismatch.
Decrypt SSD using 2-of-3 Shamir passphrase shares (custody split: 1 share with operator, 1 with security officer, 1 in escrow).
Patch verified — Operator runs offline test suite; results co-signed and logged to buyer's local SIGIL mirror (no network).
Out-of-band confirmation — Operator calls Supplier on a separate, authenticated landline to confirm the patch matches the SIGIL advisory.
7. FIPS 140-3 cryptography inventory
Function
Algorithm
FIPS 140-3 certificate
Symmetric encryption (data at rest)
AES-256-GCM
OpenSSL FIPS Provider 3.1.2 (Cert #4815)
Symmetric encryption (LUKS)
AES-256-XTS
Same (Cert #4815)
Hash (integrity)
SHA-512
Same (Cert #4815)
MAC (signing)
HMAC-SHA-384
Same (Cert #4815)
Asymmetric (signing)
Ed25519
Same (Cert #4815)
Asymmetric (key exchange)
ML-KEM-768 (Kyber, NIST PQC)
liboqs 0.10.1 (Cert pending; FIPS 203 IPD)
TLS
TLS 1.3 (cluster-internal only)
OpenSSL 3.1.2 FIPS
HSM-backed root key
n/a
Thales Luna T-7 (Cert #4521, FIPS 140-3 Level 3)
Key derivation
Argon2id
libsodium 1.0.19 (RFC 9106, not FIPS; approved for non-classified use)
Password hashing (operator)
bcrypt cost 14
Not FIPS-approved; SC-only access so acceptable
RNG
AES-256 CTR_DRBG (HSM-backed)
Thales Luna T-7
Post-quantum signatures (future)
ML-DSA-65 (Dilithium)
liboqs 0.10.1 (Cert pending; FIPS 204 IPD)
Quantum-resistant transport (future)
Hybrid X25519+ML-KEM-768
OpenSSL 3.3+ (Cert pending)
Operator MFA
FIDO2 (YubiKey 5 FIPS)
YubiKey 5 FIPS Series (Cert #3158)
8. Incident response — without internet
Detection — operator notices anomaly in cluster logs, system metrics, or HSM audit log.
Containment — operator power-cycles affected node; isolates at network switch port; preserves disk image for forensic analysis (write-blocker used).
Out-of-band notification — operator calls Supplier 24/7 incident line (number provided in deployment binder); gives incident ID + node serial.
Supplier guidance — Supplier dispatches SC-cleared field engineer with diagnostic toolkit on physical media (next available flight, target arrival 24-48h).
Forensic capture — Supplier engineer captures memory dump, disk image, network state; signs each artefact with offline HSM key; returns to Supplier site for analysis.
Patch / rebuild — if root cause identified, Supplier issues emergency patch via sneakernet; if not, Supplier ships clean rebuild.
Restoration — operator restores from base image + recent patches; re-runs 240-test gate; resumes operations.
Post-incident report — joint report within 14 days; lodged with both parties' security authorities; SIGIL signed by both.
9. Telemetry — one-way diode only
If the buyer permits anonymous, signed telemetry (CPU load, memory pressure, disk usage, node up/down — no payload data, no logs), the cluster exports a CBOR-encoded bundle every 5 minutes via a hardware one-way data diode (Owl Cyber Defense OPD-1000 or equivalent) to a Supplier-hosted telemetry receiver. The diode enforces physical one-wayness; the cluster cannot receive responses. Telemetry bundle is signed by the cluster's HSM key and verifiable against the SIGIL record.
10. What the cluster never does (hard invariants)
✓ NEVER resolves a public DNS name at runtime.
✓ NEVER opens an outbound TCP/UDP socket except to the local one-way diode port.
✓ NEVER accepts an inbound connection on any network interface.
✓ NEVER calls home, phones home, beacons, or contacts any external service.
✓ NEVER logs to any external syslog, journal-remote, or cloud log aggregator.
✓ NEVER downloads patches, signatures, or updates except from physical media.
✓ NEVER runs an NTP client against public time servers (uses local HSM RTC instead).
✓ NEVER runs a software auto-updater.
✓ NEVER runs a vulnerability scanner that probes external hosts.
✓ NEVER runs a service that listens on 0.0.0.0 except the cluster-internal API gateway on the dedicated VLAN.
12-framework crosswalk — referenced across the pack
14. Honesty register
The hardware reference specification is a recommendation, not a minimum-viable-deployment. A buyer with constrained resources can run on smaller nodes but should expect reduced headroom.
The reproducible-build pipeline has been verified on x86_64 Debian 12; arm64 (Graviton, Apple Silicon) is supported but reproducibility has not been byte-for-byte verified across architectures.
ML-KEM-768 (Kyber) and ML-DSA-65 (Dilithium) FIPS certifications are in IPD (Initial Public Draft) status as of v1.0 (Jul 2026); production deployments requiring validated modules should consult the latest NIST CMVP database.
Thales Luna T-7 HSM supply lead time is currently 12-16 weeks; buyers should plan procurement accordingly.
The 24/7 incident line is a contracted service available to pilots; commercial SLA in Schedule 2 of the contract award letter.
The Owl Cyber Defense OPD-1000 one-way diode is OFTLS-listed in the US; UK buyers should consult NCSC for equivalent-approved products (e.g. Advenica D-SEC).
Royal Mail Special Delivery is acceptable for OFFICIAL-SENSITIVE; SECRET material requires a named SC-cleared courier (e.g. SSR Personnel, Restrata).
The buyer is responsible for ensuring their site facilities meet the physical-security requirements of JSP 440 Part 3 (e.g. secure room construction, access control, dual-custody).