V8.13.408.2025.11.13

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

docs/MAN_CISS_ISO_BOOT_CHAIN.md

@@ -192,9 +192,9 @@ flowchart TD
 
 A["Build time: pin EXP_FPR + embed ISO key"] --> B["ISO artifacts: sha512sum.txt + .sig"];
 B --> C["Boot early (0030): gpgv verify + FPR pin"];
-C -->|OK| D["LUKS open (0025)"];
+C -->|OK| D["LUKS open (0024)"];
 D --> E["Mount RootFS"];
-E --> F["Boot late (0045): gpgv verify + FPR pin (root key)"];
+E --> F["Boot late (0042): gpgv verify + FPR pin (root key)"];
 F --> G["dmsetup health: crypt(XTS) over integrity(HMAC-SHA-512)"];
 C -- FAIL --> X["Abort"];
 F -- FAIL --> X;

lib/lib_ciss_upgrades_boot.sh

@@ -44,7 +44,7 @@ ciss_upgrades_boot() {
     declare target="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot/${_target}"
 
     declare var_sha="${target}sha512sum.txt"
-    declare var_sig="${var_sig}.sig"
+    declare var_sig="${var_sha}.sig"
     declare var_fil="${target}"
     declare var_prefix="${VAR_HANDLER_BUILD_DIR}/config/includes.chroot"