msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.440.2025.11.19

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-19 16:21:33 +00:00
parent 3132c53b85
commit 793bf07e18
9 changed files with 61 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/MAN_CISS_ISO_BOOT_CHAIN.md
View File

@@ -168,7 +168,7 @@ cryptsetup luksFormat \
**Goal:** After LUKS unlock, validate the **decrypted** contents and the **actual** mapping topology.
* **Attestation files:** `/.ciss/attest/rootfs.sha512[.sig]`
* **Attestation files:** `/root/.ciss/attest/rootfs.sha512sum.txt[.sig]`
* **Key source:** `/etc/ciss/keys/*.gpg` (accepted only if FPR == build-pin)
* **Health check:** `dmsetup table --showkeys` → top `crypt` (AES-XTS), child `integrity` (HMAC-SHA-512, 4096 B)