21 lines
532 B
Markdown
21 lines
532 B
Markdown
# Lease: op-console-mac
|
|
|
|
## Grant
|
|
|
|
- Lease type: device (console)
|
|
- Issued to role: operator
|
|
- Issued at (UTC):
|
|
- Expires at (UTC):
|
|
- Revoked at (UTC):
|
|
|
|
## Scope
|
|
|
|
- Permits: physical and local access required to operate `op-core-vm`.
|
|
- Forbids: treating the host OS as a source of trust.
|
|
|
|
## Rotation / revocation
|
|
|
|
- Revoke: remove local access, rotate any credentials that could have been exposed, and rebuild `op-core-vm` if integrity is in doubt.
|
|
- Verify: confirm operator access is only possible from a trusted, rebuilt core.
|
|
|