diff --git a/docs/MAN_CISS_ISO_BOOT_CHAIN.md b/docs/MAN_CISS_ISO_BOOT_CHAIN.md
index 649f38d..beb1ca8 100644
--- a/docs/MAN_CISS_ISO_BOOT_CHAIN.md
+++ b/docs/MAN_CISS_ISO_BOOT_CHAIN.md
@@ -42,39 +42,73 @@ include_toc: true
 ```mermaid
 sequenceDiagram
 autonumber
-participant FW as UEFI/BIOS
-participant GRUB as GRUB
-participant K as Kernel
-participant I as initramfs + live-boot
-participant D as Dropbear (optional)
-participant C30 as CISS 0030 (early verify)
-participant C22 as CISS 0024 (unlock)
-participant LUKS as LUKS2 + dm-integrity
-participant RS as RootFS (SquashFS/Overlay)
-participant C42 as CISS 0042 (late attestation)
 
-FW->>GRUB: Load kernel + initramfs
-GRUB->>K: Boot kernel
-K->>I: Pivot to initramfs (live-boot phases)
-I->>D: (optional) Start Dropbear (remote unlock)
-
-I->>C30: Run 0030: Verify ISO edge (gpgv, FPR pin)
-alt 0030 OK
-C30-->>I: Verified
-else 0030 FAIL
-C30-x I: Abort boot
+box lightgrey Trusted Manufacturer
+participant 0000 as Power On
+participant 0010 as POST
+participant 0020 as UEFI Initialisation
 end
 
-I->>C24: Run 0024: LUKS open (dm-crypt + integrity), mount SquashFS
-C24->>LUKS: Unlock (Argon2id PBKDF → XTS + HMAC)
-
-I->>RS: Assemble overlay, switch_root
-I->>C42: Run 0042: Verify root FS (gpgv, FPR pin) + dmsetup health
-alt 0042 OK
-C42-->>I: Verified
-else 0045 FAIL
-C42-x I: Abort boot
+box lightblue Trusted Secure Boot
+participant 0030 as Secure Boot Initialisation
+participant 0040 as bootx64.efi
+participant 0050 as grubx64.efi
 end
+
+box lightgreen Trusted CISS.debian.live.builder
+
+participant 0060 as initrd.img
+participant 0070 as Kernel Entry Point
+participant 0080 as Kernel Decompress
+participant 0090 as /init
+participant 0100 as Dropbear Remote Unlock
+participant 0110 as live-boot mounts ISO FS
+participant 0122 as 0022-ciss
+participant 0124 as 0024-ciss
+participant LUKS as LUKS2 & dm-integrity
+participant ROOT as RootFS (SquashFS/Overlay)
+participant 0126 as 0026-ciss
+participant 0130 as 0030-ciss
+participant 0142 as 0042-ciss
+participant 9000 as switch_root
+participant 9010 as /sbin/init
+participant 9020 as Target Units
+participant 9030 as Login
+end
+
+0000->>0010: CPU reset 0xFFFFFFF0, POST
+0010->>0020: UEFI DXE Phase enumerates devices
+0020->>0030: Secure Boot (if enabled): db, dbx, KEK, PK loaded from NVRAM
+0030->>0040: Loading \EFI\BOOT\BOOTX64.EFI
+0040->>0050: Loading \EFI\BOOT\GRUBX64.EFI
+0050->>0060: Loading initrd.img
+0060->>0070: Transfer Controle to Kernel Entry Point
+0070->>0080: Decompress Kernel
+0080->>0090: /init Phase
+0090->>0100: Starting CISS.hardened dropbear
+0100->>9000: Living CISS.hardened dropbear
+0100->>0110: Executing live-boot, mounting ISO FS
+0110->>0122: Executing 0022-ciss: Hardening tmpfs for OverlayFS upper/work
+0122->>0124: Executing 0024-ciss: LUKS open (dm-crypt & integrity)
+0124->>LUKS: Unlocking [Argon2id PBKDF → XTS + HMAC-SHA512]
+LUKS->>ROOT: Assemble RootFS OverlayFS
+ROOT->>0126: Executing 0026-ciss: Hardening early sysctls
+0126->>0130: Executing 0030-ciss: Verify ISO edge (gpgv, FPR pin)
+alt 0130 SUCCESSFUL
+0130->>0060: Verified authenticity and integrity of ISO edge
+else 0130 FAIL
+0130-x 0060: CISS boot process stopped
+end
+0130->>0142: Executing 0042-ciss: RootFS attestation, dmsetup health checking
+alt 0142 SUCCESSFUL
+0142->>0060: Verified confidentiality, authenticity and integrity of opened LUKS2 RootFS
+else 0142 FAIL
+0142-x 0060: CISS boot process stopped
+end
+0142->>9000: Switching root
+9000->>9010: Starting /sbin/init -> systemd
+9010->>9020: Starting Target Units
+9020->>9030: Waiting for Login
 ```
 
 # 6. LUKS/dm-integrity Layering