V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-08 11:36:32 +02:00
parent cbb0383dfb
commit b38ca5a7ca
18 changed files with 191 additions and 91 deletions
--- a/.preseed/preseed.yaml
+++ b/.preseed/preseed.yaml
@@ -107,7 +107,7 @@ needrun: false                 # Static linking to "${TARGET}/run" can cause pro
 ################################################################################################################################
 dropbear:
  boot: true                   # Dropbear initramfs integration.
-  dhcp: true                   # Whether the '/etc/initramfs-tools/conf.d/ip' file should be configured statically or via DHCP.
+  dhcp: false                  # Whether the '/etc/initramfs-tools/conf.d/ip' file should be configured statically or via DHCP.
  firewall: false              # Yet not implemented. MUST be "false".
                               # Additional ultra hardening of the dropbear initramfs environment via firewall.
                               # The "bastion_ipv4" MUST be provided.
--- a/ciss_debian_installer.sh
+++ b/ciss_debian_installer.sh
@@ -252,6 +252,8 @@ echo "MAIN PROGRAM SEQUENCE: 4110_update_sources.sh ..."
 update_sources
 echo "MAIN PROGRAM SEQUENCE: 4120_installation_kernel.sh ..."
 installation_kernel
+echo "MAIN PROGRAM SEQUENCE: 4121_installation_initramfs.sh ..."
+installation_initramfs
 echo "MAIN PROGRAM SEQUENCE: 4130_installation_toolset.sh ..."
 installation_toolset
 echo "MAIN PROGRAM SEQUENCE: 4131_installation_systemd.sh ..."
--- a/func/cdi_1000_helper/1030_check_nic.sh
+++ b/func/cdi_1000_helper/1030_check_nic.sh
@@ -38,7 +38,7 @@ check_nic() {
  var_nic=$(dialog --ascii-lines --clear --backtitle "Specify the NIC for setup" --radiolist "NIC available" 0 0 ${var_counter} ${var_radiolist} 3>&1 1>&2 2>&3)
  clear

-  do_log "info" "file_only" "You have selected: '${var_nic}' - proceeding with setup."
-  return 0
+  do_log "info" "file_only" "1030() You have selected: '${var_nic}' - proceeding with setup."
+  guard_dir && return 0
 }
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_1000_helper/1080_helper_chroot.sh
+++ b/func/cdi_1000_helper/1080_helper_chroot.sh
@@ -64,12 +64,12 @@ do_in_target() {

  then

-    do_log "emergency" "file_only" "1080() Command of [${var_mod}]: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none ${ary_chroot_command[*]}] failed."
+    do_log "emergency" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none ${ary_chroot_command[*]}] failed."
    return "${ERR_CHRT_COMMAND}"

  else

-    do_log "info" "file_only" "1080() Command of [${var_mod}]: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none ${ary_chroot_command[*]}] successful."
+    do_log "info" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none ${ary_chroot_command[*]}] successful."
    return 0

  fi
@@ -115,7 +115,7 @@ do_in_target_script() {

  then

-    do_log "${var_log_level_on_error}" "file_only" "1080() Command of [${var_mod}]: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -c ${var_chroot_script}] failed."
+    do_log "${var_log_level_on_error}" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -c ${var_chroot_script}] failed."
    return "${ERR_CHRT_COMMAND}"

    # TODO: Test with Dialog Wrapper in interactive mode.
@@ -127,7 +127,7 @@ do_in_target_script() {

  else

-    do_log "info" "file_only" "1080() Command of [${var_mod}]: [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -c ${var_chroot_script}] successful."
+    do_log "info" "file_only" "1080() Command of ${var_mod} [chroot ${var_chroot_target} /usr/bin/env -i HOME=/root PATH=${var_default_path} TERM=${TERM} LANG=C.UTF-8 LC_ALL=C.UTF-8 DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none /bin/bash -c ${var_chroot_script}] successful."
    return 0

  fi
--- a/func/cdi_1000_helper/1082_helper_modules.sh
+++ b/func/cdi_1000_helper/1082_helper_modules.sh
@@ -34,6 +34,42 @@ generate_subnetmask() {
  return 0
 }

+#######################################
+# Collect NIC driver modules for initramfs installation.
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+grep_nic_driver_modules() {
+  ### Collect all ethernet driver names and sort them uniquely.
+  declare -a _mods
+  declare var_nic_module var_nic_modules
+  # shellcheck disable=SC2312
+  readarray -t _mods < <(
+    lspci -k \
+      | grep -A2 -i ethernet \
+      | grep 'Kernel driver in use' \
+      | awk '{print $5}' \
+      | sort -u
+  )
+
+  ### If only one entry remains, save it in 'var_nic_module', otherwise save all modules in 'var_nic_modules'.
+  if [[ "${#_mods[@]}" -eq 1 ]]; then
+    var_nic_module="${_mods[0]}"
+  else
+    var_nic_modules="${_mods[*]}"
+  fi
+
+  if [[ -n "${var_nic_module}" ]]; then
+    echo "${var_nic_module}"
+  else
+    echo "${var_nic_modules}"
+  fi
+
+  return 0
+}
+
 #######################################
 # Helper module for update, full dist-upgrade, autoclean, autopurge and autoremove.
 # Arguments:
--- a/func/cdi_4000_debootstrap/4035_setup_resolv.sh
+++ b/func/cdi_4000_debootstrap/4035_setup_resolv.sh
@@ -57,9 +57,9 @@ setup_resolv() {
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/resolv.conf      : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture          : ${VAR_ARCHITECTURE}
-# Distribution          : ${VAR_CODENAME}
+# /etc/resolv.conf                             : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 # Static file system information '/etc/resolv.conf '.

--- a/func/cdi_4100_base/4100_generate_sources.sh
+++ b/func/cdi_4100_base/4100_generate_sources.sh
@@ -94,9 +94,9 @@ generate_sources() {
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/apt/sources.list        : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture                 : ${VAR_ARCHITECTURE}
-# Distribution                 : ${VAR_CODENAME}
+# /etc/apt/sources.list                        : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 #------------------------------------------------------------------------------------------------------------------------------#
 #                                                     OFFICIAL DEBIAN REPOS                                                    #
--- a/func/cdi_4100_base/4121_installation_initramfs.sh
+++ b/func/cdi_4100_base/4121_installation_initramfs.sh
@@ -0,0 +1,101 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+guard_sourcing
+
+#######################################
+# Installation of the specified kernel.
+# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
+# to suppress the 'update-initramfs'-Kernel-Hooks, according to the initramfs-tools manpage:
+# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
+# Globals:
+#   TARGET
+#   VAR_KERNEL
+#   image
+# Arguments:
+#   None
+# Returns:
+#   0: on success
+#######################################
+installation_initramfs() {
+  ### Declare Arrays, HashMaps, and Variables.
+  declare     var_modules=""
+
+  ### Install the script to be called by 'update-initramfs' for installing the necessary modules to load into initramfs environment.
+  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/modules" \
+    "${TARGET}/etc/initramfs-tools/"
+
+  insert_initramfs_comments "${TARGET}/etc/initramfs-tools/modules"
+
+  var_modules=$(grep_nic_driver_modules)
+
+  cat << EOF >> "${TARGET}/etc/initramfs-tools/modules"
+
+### Custom NIC driver
+${var_modules}
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+EOF
+
+  ### MODULES: [ most | netboot | dep | list ]
+  ## 'most' - Add most filesystem and all hard-drive drivers.
+  ## 'dep'  - Try and guess the modules to load.
+
+  cat << EOF >| "${TARGET}/etc/initramfs-tools/conf.d/driver-policy"
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.installer
+# SPDX-Security-Contact: security@coresecret.eu
+
+# /etc/initramfs-tools/conf.d/driver-policy    : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}
+
+# Driver inclusion policy selected during installation.
+# Note: this setting overrides the value set in the file '/etc/initramfs-tools/initramfs.conf'.
+
+MODULES=dep
+
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
+EOF
+
+  guard_dir && return 0
+}
+
+#######################################
+# Helper to insert the Metadata field into '/etc/initramfs-tools/modules'.
+# Globals:
+#   VAR_ARCHITECTURE
+#   VAR_CODENAME
+#   VAR_VERSION
+# Arguments:
+#   1: /etc/initramfs-tools/modules
+# Returns:
+#   0: on success
+#######################################
+insert_initramfs_comments() {
+  declare file="${1}"
+  sed -i '/^# SPDX-Security-Contact: security@coresecret\.eu$/a\
+\
+# /etc/initramfs-tools/modules                 : Generated by CISS.debian.installer '"${VAR_VERSION}"'\
+# Architecture                                 : '"${VAR_ARCHITECTURE}"'\
+# Distribution                                 : '"${VAR_CODENAME}"'
+' "${file}"
+  return 0
+}
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/func/cdi_4100_base/4130_installation_toolset.sh
+++ b/func/cdi_4100_base/4130_installation_toolset.sh
@@ -35,6 +35,7 @@ installation_toolset() {
    [hexdump]="bsdmainutils"
    [btrfs]="btrfs-progs"
    [bunzip2]="bzip2"
+    [setupcon]="console-setup"
    [base64]="coreutils"
    [cat]="coreutils"
    [chmod]="coreutils"
--- a/func/cdi_4100_base/4150_installation_chrony.sh
+++ b/func/cdi_4100_base/4150_installation_chrony.sh
@@ -96,9 +96,9 @@ insert_chrony_comments() {
  declare file="${1}"
  sed -i '/^# SPDX-Security-Contact: security@coresecret\.eu$/a\
 \
-# /etc/chrony/conf.d           : Generated by CISS.debian.installer '"${VAR_VERSION}"'\
-# Architecture                 : '"${VAR_ARCHITECTURE}"'\
-# Distribution                 : '"${VAR_CODENAME}"'
+# /etc/chrony/conf.d                           : Generated by CISS.debian.installer '"${VAR_VERSION}"'\
+# Architecture                                 : '"${VAR_ARCHITECTURE}"'\
+# Distribution                                 : '"${VAR_CODENAME}"'
 ' "${file}"
  return 0
 }
--- a/func/cdi_4200_boot/4200_generate_fstab.sh
+++ b/func/cdi_4200_boot/4200_generate_fstab.sh
@@ -78,9 +78,9 @@ generate_fstab() {
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/fstab                   : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture                 : ${VAR_ARCHITECTURE}
-# Distribution                 : ${VAR_CODENAME}
+# /etc/fstab                                   : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 # Static file system information '/etc/fstab'.
 #
--- a/func/cdi_4200_boot/4210_generate_crypttab.sh
+++ b/func/cdi_4200_boot/4210_generate_crypttab.sh
@@ -71,9 +71,9 @@ generate_crypttab() {
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/crypttab                : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture                 : ${VAR_ARCHITECTURE}
-# Distribution                 : ${VAR_CODENAME}
+# /etc/crypttab                                : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 # Static file system information: '/etc/crypttab'.
 #
--- a/func/cdi_4300_network/4300_installation_network.sh
+++ b/func/cdi_4300_network/4300_installation_network.sh
@@ -65,9 +65,9 @@ installation_network() {
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/network/interfaces      : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture                 : ${VAR_ARCHITECTURE}
-# Distribution                 : ${VAR_CODENAME}
+# /etc/network/interfaces                      : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
@@ -106,9 +106,9 @@ EOF
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/network/interfaces      : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture                 : ${VAR_ARCHITECTURE}
-# Distribution                 : ${VAR_CODENAME}
+# /etc/network/interfaces.d/10-ipv4-dhcp       : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 # The primary network interface IPv4
 auto ${VAR_FINAL_NIC}
@@ -133,9 +133,9 @@ EOF
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/network/interfaces      : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture                 : ${VAR_ARCHITECTURE}
-# Distribution                 : ${VAR_CODENAME}
+# /etc/network/interfaces.d/10-ipv4-dhcp       : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 # The primary network interface IPv4
 auto ${VAR_FINAL_NIC}
@@ -163,9 +163,9 @@ EOF
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/network/interfaces      : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture                 : ${VAR_ARCHITECTURE}
-# Distribution                 : ${VAR_CODENAME}
+# /etc/network/interfaces.d/10-ipv4-static     : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 # The primary network interface IPv4
 auto ${VAR_FINAL_NIC}
@@ -197,9 +197,9 @@ EOF
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

-# /etc/network/interfaces      : Generated by CISS.debian.installer ${VAR_VERSION}
-# Architecture                 : ${VAR_ARCHITECTURE}
-# Distribution                 : ${VAR_CODENAME}
+# /etc/network/interfaces.d/10-ipv6-dhcp       : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}

 # The primary network interface IPv6
 auto ${VAR_FINAL_NIC}
@@ -227,6 +227,10 @@ EOF
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu

+# /etc/network/interfaces.d/10-ipv6-static     : Generated by CISS.debian.installer ${VAR_VERSION}
+# Architecture                                 : ${VAR_ARCHITECTURE}
+# Distribution                                 : ${VAR_CODENAME}
+
 # The primary network interface IPv6
 auto ${VAR_FINAL_NIC}
 iface ${VAR_FINAL_NIC} inet6 static
--- a/func/cdi_4300_network/4312_dropbear_setup.sh
+++ b/func/cdi_4300_network/4312_dropbear_setup.sh
@@ -97,19 +97,6 @@ dropbear_setup() {
  install -D -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper_signer.sh" \
    "${TARGET}/etc/initramfs-tools/files/"

-  ### Install the script to be called by 'update-initramfs' for installing the necessary modules to load into initramfs environment.
-  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/modules" \
-    "${TARGET}/etc/initramfs-tools/"
-
-  var_modules=$(grep_nic_driver_modules)
-
-  cat << EOF >> "${TARGET}/etc/initramfs-tools/modules"
-### Custom NIC driver
-${var_modules}
-
-# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
-EOF
-
  ### Install the script to be called inside the initramfs environment for preparing dropbear execution.
  do_in_target "${TARGET}" mv /usr/share/initramfs-tools/scripts/init-premount/dropbear /usr/share/initramfs-tools/scripts/init-premount/dropbear.2022.83
  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/target/usr/share/initramfs-tools/scripts/init-premount/dropbear" \
@@ -211,40 +198,4 @@ EOF
  do_log "info" "file_only" "4312() Written: '${TARGET}/etc/dropbear/initramfs/dropbear.conf'."
  return 0
 }
-
-#######################################
-# Collect NIC driver modules for initramfs installation.
-# Arguments:
-#   None
-# Returns:
-#   0: on success
-#######################################
-grep_nic_driver_modules() {
-  ### Collect all ethernet driver names and sort them uniquely.
-  declare -a _mods
-  declare var_nic_module var_nic_modules
-  # shellcheck disable=SC2312
-  readarray -t _mods < <(
-    lspci -k \
-      | grep -A2 -i ethernet \
-      | grep 'Kernel driver in use' \
-      | awk '{print $5}' \
-      | sort -u
-  )
-
-  ### If only one entry remains, save it in 'var_nic_module', otherwise save all modules in 'var_nic_modules'.
-  if [[ "${#_mods[@]}" -eq 1 ]]; then
-    var_nic_module="${_mods[0]}"
-  else
-    var_nic_modules="${_mods[*]}"
-  fi
-
-  if [[ -n "${var_nic_module}" ]]; then
-    echo "${var_nic_module}"
-  else
-    echo "${var_nic_modules}"
-  fi
-
-  return 0
-}
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/includes/target/etc/initramfs-tools/hooks/custom-initramfs.sh
+++ b/includes/target/etc/initramfs-tools/hooks/custom-initramfs.sh
@@ -11,8 +11,6 @@
 # SPDX-Security-Contact: security@coresecret.eu
 # SPDX-Comment: Hook script (initramfs) for setting up the CISS.debian.installer hardened dropbear environment, incl. Luks Nuke.

-# TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock_wrapper.sh
-
 set -e

 PREREQ=""
@@ -76,6 +74,7 @@ install -m 0444 /etc/dropbear/initramfs/dropbear.conf "${DESTDIR}/etc/dropbear/d

 ### Install Dropbear Cryptroot Unlock Wrapper
 install -m 0555 /etc/initramfs-tools/files/unlock_wrapper.sh "${DESTDIR}/usr/local/bin/unlock_wrapper.sh"
+# TODO: Update preseed.yaml for pgp signing key AND / OR implementation of presigned unlock_wrapper.sh
 #install -m 0444 /etc/initramfs-tools/files/unlock_wrapper.sh.sha384 "${DESTDIR}/usr/local/bin/unlock_wrapper.sh.sha384"
 #install -m 0444 /etc/initramfs-tools/files/unlock_wrapper.sh.sha512 "${DESTDIR}/usr/local/bin/unlock_wrapper.sh.sha512"
 #install -m 0444 /etc/initramfs-tools/files/unlock_wrapper.sh.sha384.sig "${DESTDIR}/usr/local/bin/unlock_wrapper.sh.sha384.sig"
@@ -87,4 +86,6 @@ install -m 0555 /etc/initramfs-tools/files/unlock_wrapper.sh "${DESTDIR}/usr/loc
 ### Install Dropbear Banner
 #install -m 0444 /etc/dropbear/initramfs/banner "${DESTDIR}/etc/dropbear/banner"

+echo "Successfully executed: [/etc/initramfs-tools/hooks/custom-initramfs.sh]."
+
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/includes/target/etc/initramfs-tools/hooks/custom-prompt.sh
+++ b/includes/target/etc/initramfs-tools/hooks/custom-prompt.sh
@@ -9,11 +9,12 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.installer
 # SPDX-Security-Contact: security@coresecret.eu
+# SPDX-Comment: Hook script (initramfs) for setting up the CISS.debian.installer initramfs prompt.

 set -e

 PREREQ=""
-prereqs() { echo "$PREREQ"; }
+prereqs() { echo "${PREREQ}"; }
 case $1 in
  prereqs) prereqs; exit 0 ;;
 esac
@@ -31,4 +32,6 @@ export PS1='$( STATUS=$?; \
  fi; ) '
 EOF

+echo "Successfully executed: [/etc/initramfs-tools/hooks/custom-prompt.sh]."
+
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
--- a/lib/cdi_0025_logging/0025_logging_modules.sh
+++ b/lib/cdi_0025_logging/0025_logging_modules.sh
@@ -39,9 +39,9 @@ log_level_value() {
 #######################################
 do_should_log() {
  # shellcheck disable=SC2155
-  declare -i var_desired_log_value=$(log_level_value "$1")                   # Desired log level
+  declare -i var_desired_log_value=$(log_level_value "$1")                       # Desired log level.
  # shellcheck disable=SC2155
-  declare -i var_default_log_value=$(log_level_value "${VAR_DEFAULT_LOG_LEVEL}") # Current threshold
+  declare -i var_default_log_value=$(log_level_value "${VAR_DEFAULT_LOG_LEVEL}") # The current threshold.
  ###  Return true if a message should be logged.
  [[ ${var_desired_log_value} -le ${var_default_log_value} ]]
 }
--- a/meta_loader_func.sh
+++ b/meta_loader_func.sh
@@ -51,6 +51,7 @@ source_guard "./func/cdi_4000_debootstrap/4050_setup_locales.sh"
 source_guard "./func/cdi_4100_base/4100_generate_sources.sh"
 source_guard "./func/cdi_4100_base/4110_update_sources.sh"
 source_guard "./func/cdi_4100_base/4120_installation_kernel.sh"
+source_guard "./func/cdi_4100_base/4121_installation_initramfs.sh"
 source_guard "./func/cdi_4100_base/4130_installation_toolset.sh"
 source_guard "./func/cdi_4100_base/4131_installation_systemd.sh"
 source_guard "./func/cdi_4100_base/4132_installation_machineid.sh"