V9.14.022.2026.06.10: Attest selected decrypted rootfs mapper

lib/lib_ciss_upgrades_boot.sh

@@ -9,12 +9,12 @@
 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
 # SPDX-PackageName: CISS.debian.live.builder
 # SPDX-Security-Contact: security@coresecret.eu
+# shellcheck disable=SC2154
 
 guard_sourcing || return "${ERR_GUARD_SRCE}"
 
 #######################################
 # Integrates and generates sha512sum and GPG signatures on CISS specific LIVE boot artifacts:
-#  - /root/.ciss/attestation/VAR_SIGNING_KEY_FPR.*
 #  - /etc/initramfs-tools/files/unlock_wrapper.sh
 #  - /usr/lib/live/boot/0030-ciss-verify-checksums
 # Globals:
@@ -31,10 +31,7 @@ guard_sourcing || return "${ERR_GUARD_SRCE}"
 ciss_upgrades_boot() {
   printf "\e[95m🧪 %s starting ... \e[0m\n" "${BASH_SOURCE[0]}"
 
-  gpg --batch --yes --export "${VAR_SIGNING_KEY_FPR}" >| "${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/root/.ciss/attestation/${VAR_SIGNING_KEY_FPR}.gpg"
-
   declare -ar _ary_target=(
-    "/root/.ciss/attestation/${VAR_SIGNING_KEY_FPR}.gpg"
     "/etc/initramfs-tools/files/unlock_wrapper.sh"
     "/usr/lib/live/boot/0030-ciss-verify-checksums"
   )