From db7fde8c66dd15bfce301a24c72619cf83432a52 Mon Sep 17 00:00:00 2001
From: zyzniewski-reef <tomasz.zyzniewski@reef.pl>
Date: Wed, 6 Aug 2025 17:22:16 +0200
Subject: [PATCH 1/2] RTS-61: require disk encryption and 2FA App

---
 README.md                           | 1 +
 docs/Developer_environment_setup.md | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index af491da..4634a90 100644
--- a/README.md
+++ b/README.md
@@ -108,6 +108,7 @@ If you plan to connect your mobile device to any work-related accounts, first ma
 
 2FA is mandatory everywhere it is possible to use it (more explanation below).
 We recommend Twilio's [Authy](https://authy.com/) because it has a PIN code and end-to-end encrypted cloud backup.
+We require using an Authenticator App - email-based 2FA is forbidden.
 
 Frequently Asked Questions:
 
diff --git a/docs/Developer_environment_setup.md b/docs/Developer_environment_setup.md
index 4e78256..3fe51b7 100644
--- a/docs/Developer_environment_setup.md
+++ b/docs/Developer_environment_setup.md
@@ -4,7 +4,7 @@ This guide will show how to set up a standard, secure work environment for softw
 
 ## Ensure you have a Secure Work Environment
 
-For Secure Work Environment we recommend a Virtual Machine or dual-boot with [Full Disk Encryption](Storage_Encryption.md#full-disk-encryption) enabled.
+For Secure Work Environment we require a Virtual Machine or dual-boot with [Full Disk Encryption](Storage_Encryption.md#full-disk-encryption) enabled.
 This ensures a clear segregation between your professional and personal digital spaces, preventing accidental cross-access or data leaks involving customer data.
 
 If you have previously used your reef.pl email address (or any associated) on a personal environment, make sure to remove it from all devices and accounts.
@@ -16,7 +16,7 @@ Solely encrypting the home directory would leave these sensitive data vulnerable
 Lastly, Docker containers, which store and run client code, are to be considered secret.
 Accessing these containers from personal environments is prohibited to maintain a robust security structure, preventing any potential cross-access and preserving the integrity of our client's data.
 
-As for personal/work separation, we recommend using a separate machine (Virtual or physical) or dual-booting.
+As for personal/work separation, we require using a separate machine (Virtual or physical) or dual-booting.
 It is not recommended, but you may use multi-user setup to isolate personal and work-related applications, but take special care as it is hard to prevent personal accounts, with for example, `docker` access from accessing ANY other account on the system.
 
 # System setup

From 075b447597259cccb00856e7bd0f1ea5a924f294 Mon Sep 17 00:00:00 2001
From: zyzniewski-reef <tomasz.zyzniewski@reef.pl>
Date: Thu, 14 Aug 2025 11:07:41 +0200
Subject: [PATCH 2/2] RTS-61: more security guidelines

---
 docs/Developer_environment_setup.md | 7 +++----
 docs/Storage_Encryption.md          | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/docs/Developer_environment_setup.md b/docs/Developer_environment_setup.md
index 3fe51b7..80f8b74 100644
--- a/docs/Developer_environment_setup.md
+++ b/docs/Developer_environment_setup.md
@@ -1,10 +1,11 @@
 # Developer Environment Setup
 
 This guide will show how to set up a standard, secure work environment for software development.
+This is very important as we want to prevent unauthorized access to our data (the code, secret keys, customers' sensitive information) in case of theft or loss of hardware. With that in mind, it is required to have some form of access protection and to never leave the computer unattended without locking it.
 
 ## Ensure you have a Secure Work Environment
 
-For Secure Work Environment we require a Virtual Machine or dual-boot with [Full Disk Encryption](Storage_Encryption.md#full-disk-encryption) enabled.
+For Secure Work Environment we require either a Virtual Machine or a multi-user setup, with [Full Disk Encryption](Storage_Encryption.md#full-disk-encryption) enabled in both cases.
 This ensures a clear segregation between your professional and personal digital spaces, preventing accidental cross-access or data leaks involving customer data.
 
 If you have previously used your reef.pl email address (or any associated) on a personal environment, make sure to remove it from all devices and accounts.
@@ -16,9 +17,6 @@ Solely encrypting the home directory would leave these sensitive data vulnerable
 Lastly, Docker containers, which store and run client code, are to be considered secret.
 Accessing these containers from personal environments is prohibited to maintain a robust security structure, preventing any potential cross-access and preserving the integrity of our client's data.
 
-As for personal/work separation, we require using a separate machine (Virtual or physical) or dual-booting.
-It is not recommended, but you may use multi-user setup to isolate personal and work-related applications, but take special care as it is hard to prevent personal accounts, with for example, `docker` access from accessing ANY other account on the system.
-
 # System setup
 
 If you are undecided, by default we recommend going with Virtual Machine setup.
@@ -26,6 +24,7 @@ If you are undecided, by default we recommend going with Virtual Machine setup.
 As for the work environment Operating System, we recommend using a Linux-based system.
 Guide itself is written with Ubuntu-based distros (e.g. [Linux Mint](https://www.linuxmint.com/download.php)) in mind.
 Using such will help save time, but in the end, it is individual's responsibility to maintain a productive working environment.
+For Windows users, Microsoft Defender Antivirus must be enabled.
 
 ## 1. Virtual Machine setup
 
diff --git a/docs/Storage_Encryption.md b/docs/Storage_Encryption.md
index 9fa4103..a9f5e92 100644
--- a/docs/Storage_Encryption.md
+++ b/docs/Storage_Encryption.md
@@ -13,7 +13,7 @@ Due to the large space utilization of our projects, the minimum storage size is
 
 ### Virtual machine
 
-In any Virtual Machine, you can achieve FDE-like setup by putting the VM image on an Encrypted Volume created using [VeraCrypt or similar software](#volume-encryption).
+In any Virtual Machine, you can achieve FDE-like setup by putting the VM image on an Encrypted Volume created using [VeraCrypt or similar software](#volume-encryption) or directly in VirtualBox by using the [VirtualBox Extension Pack](https://docs.oracle.com/en/virtualization/virtualbox/7.0/user/AdvancedTopics.html#diskencryption).
 
 ### Windows