From 653f702169e2fff2eb7361556db6dbeba197cef844c03008cf3520f1cd7bb6ab Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Tue, 18 Nov 2025 15:54:48 +0000
Subject: [PATCH] V8.13.432.2025.11.18

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 docs/MAN_CISS_ISO_BOOT_CHAIN.md | 55 ++++++++++++++++++++-------------
 1 file changed, 34 insertions(+), 21 deletions(-)

diff --git a/docs/MAN_CISS_ISO_BOOT_CHAIN.md b/docs/MAN_CISS_ISO_BOOT_CHAIN.md
index 9c5efaf..d26ed18 100644
--- a/docs/MAN_CISS_ISO_BOOT_CHAIN.md
+++ b/docs/MAN_CISS_ISO_BOOT_CHAIN.md
@@ -224,29 +224,42 @@ dmsetup table --showkeys CHILD  # expect integrity hmac sha512 4096
 
 ```mermaid
 flowchart TD
-A["ISO build time: embedded and pinned GPG FPR"] e1@--> B["ISO build time: generate sha512sum.txt and .sig"];
-B e2@--> C["ISO build time: LUKS2 dm-integrity encryption of filesystem.squashfs in ciss_rootfs.crypt"];
-C e3@--> D["ISO boot time: 0024 LUKS2, dm-integrity HMAC-SHA512"];
-D e4@-->|SUCCESSFUL| E["ISO boot time: ciss_rootfs.crypt opened"];
-E e5@--> F["ISO boot time: mounting RootFS"];
-F e6@--> G["ISO boot time: 0030 verification of authenticity and integrity via embedded and pinned GPG of ISO edge"];
-G e7@-->|SUCCESSFUL| H["ISO boot time: ISO edge verified"];
-H e8@--> I["ISO boot time: 0042 verification of authenticity and integrity via embedded and pinned GPG of RootFS"];
-I e9@-->|SUCCESSFUL| J["ISO boot time: ISO RootFS verified"];
-J e0@--> K{{"ISO run time: CISS.debian.live.builder ISO running"}};
-D -- FAIL --> X{{"Boot process halted"}};
+  subgraph ISO Build Time
+    direction TD
+      A["Embed and pin GPG FPR (into ISO & RootFS as needed)"] e00@--> B["Generate ISO-edge sha512sum.txt and .sig"];
+      B e01@--> C["Build filesystem.squashfs and wrap it into ciss_rootfs.crypt"];
+      e00@{ animation: fast }
+      e01@{ animation: fast }
+  end
+
+  subgraph ISO Boot Time
+    direction TD
+      C e02@--> D["0024 LUKS2, dm-integrity HMAC-SHA512"];
+      D e03@-->|SUCCESSFUL| E["ciss_rootfs.crypt opened"];
+      E e04@--> F["Mounting RootFS"];
+      F e05@--> G["0030 verification of authenticity and integrity via embedded and pinned GPG of ISO edge"];
+      G e06@-->|SUCCESSFUL| H["ISO edge verified"];
+      H e07@--> I["0042 post-decrypt-attestation of RootFS"];
+      I e08@-->|SUCCESSFUL| J["RootFS attestation successful"];
+      e02@{ animation: fast }
+      e03@{ animation: fast }
+      e04@{ animation: fast }
+      e05@{ animation: fast }
+      e06@{ animation: fast }
+      e07@{ animation: fast }
+      e08@{ animation: fast }
+  end
+
+  subgraph ISO Run Time
+    direction TD
+      J e09@--> K{{"CISS.debian.live.builder ISO running"}};
+      X{{"Boot process halted"}};
+      e09@{ animation: fast }
+  end
+
+D -- FAIL --> X;
 G -- FAIL --> X;
 I -- FAIL --> X;
-e0@{ animation: fast }
-e1@{ animation: fast }
-e2@{ animation: fast }
-e3@{ animation: fast }
-e4@{ animation: fast }
-e5@{ animation: fast }
-e6@{ animation: fast }
-e7@{ animation: fast }
-e8@{ animation: fast }
-e9@{ animation: fast }
 ```
 
 # 14. Closing Remark