From 908590d2d2acd276dd00626297bd856b1a82d20788112dc6360da25c26642473 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Tue, 18 Nov 2025 16:59:31 +0000
Subject: [PATCH] V8.13.432.2025.11.18

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 docs/MAN_CISS_ISO_BOOT_CHAIN.md | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/docs/MAN_CISS_ISO_BOOT_CHAIN.md b/docs/MAN_CISS_ISO_BOOT_CHAIN.md
index 6ed9216..b4ceaf8 100644
--- a/docs/MAN_CISS_ISO_BOOT_CHAIN.md
+++ b/docs/MAN_CISS_ISO_BOOT_CHAIN.md
@@ -108,14 +108,18 @@ flowchart TD
 
 # 6. LUKS/dm-integrity Layering
 ```mermaid
+---
+config:
+      theme: forest
+---
 flowchart TD
-0{{"Plain device CD-ROM / USB "}} --> 1["ISO Image"];
-1 --> 2["Mounting ISO FS /live/filesystem.squashfs"];
-2 --> 3["Opening LUKS2 Container /live/ciss_rootfs.crypt"];
-3 --> 4["Layer dm-integrity HMAC-SHA-512, 4 KiB"];
-4 --> 5["Layer dm-crypt AES-XTS-512"];
-5 --> 6["Mounting LUKS2 FS /dev/mapper/crypt_liveiso"];
-6 --> 7["Mounting SquashFS /run/live/rootfs"];
+0{{"Plain device: CD-ROM / USB"}} --> 1["ISO image (ISO9660 + ESP)"];
+1 --> 2["Mount ISO9660 FS → /run/live/medium"];
+2 --> 3["Container file /run/live/medium/live/ciss_rootfs.crypt"];
+3 --> 4["dm-integrity layer (HMAC-SHA-512, 4 KiB)"];
+4 --> 5["dm-crypt LUKS2 (AES-XTS-512) → /dev/mapper/crypt_liveiso"];
+5 --> 6["Mount SquashFS from /dev/mapper/crypt_liveiso → /run/live/rootfs"];
+
 ```
 
 **Note:** Encrypt-then-MAC at the block layer (functionally AEAD-equivalent). Any manipulation ⇒ hard I/O error.