From 91656bebc84a8965a17d8417f07fa40049eab0ada0a600bfba049de66a0218d1 Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Tue, 18 Nov 2025 16:47:36 +0000 Subject: [PATCH] V8.13.432.2025.11.18 Signed-off-by: Marc S. Weidner --- docs/MAN_CISS_ISO_BOOT_CHAIN.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/docs/MAN_CISS_ISO_BOOT_CHAIN.md b/docs/MAN_CISS_ISO_BOOT_CHAIN.md index da1b7b4..6ed9216 100644 --- a/docs/MAN_CISS_ISO_BOOT_CHAIN.md +++ b/docs/MAN_CISS_ISO_BOOT_CHAIN.md @@ -38,7 +38,7 @@ include_toc: true | Hash lists | `sha512sum` format | Deterministic content verification | | Dropbear | Modern KEX/AEAD (per `localoptions.h`) | Minimal attack surface, remote unlock | -# 5. End-to-End Boot Flow +# 5. Live ISO End-to-End Boot Flow ```mermaid flowchart TD subgraph Trusted HW Manufacturer @@ -109,12 +109,13 @@ flowchart TD # 6. LUKS/dm-integrity Layering ```mermaid flowchart TD - - -A["Plain device (/live/rootfs.crypt)"] --> B["dm-integrity (HMAC-SHA-512, 4 KiB)"]; -B --> C["dm-crypt (AES-XTS-512)"]; -C --> D["/dev/mapper/crypt_liveiso"]; -D --> E["SquashFS mount /run/live/rootfs"]; +0{{"Plain device CD-ROM / USB "}} --> 1["ISO Image"]; +1 --> 2["Mounting ISO FS /live/filesystem.squashfs"]; +2 --> 3["Opening LUKS2 Container /live/ciss_rootfs.crypt"]; +3 --> 4["Layer dm-integrity HMAC-SHA-512, 4 KiB"]; +4 --> 5["Layer dm-crypt AES-XTS-512"]; +5 --> 6["Mounting LUKS2 FS /dev/mapper/crypt_liveiso"]; +6 --> 7["Mounting SquashFS /run/live/rootfs"]; ``` **Note:** Encrypt-then-MAC at the block layer (functionally AEAD-equivalent). Any manipulation ⇒ hard I/O error. @@ -213,7 +214,7 @@ dmsetup table --showkeys CHILD # expect integrity hmac sha512 4096 * Root FS (for 0042): `/etc/ciss/keys/.gpg` * **Mounts (typical):** `/run/live/rootfs`, `/run/live/overlay` -# 13. Diagram: Trust Chain & Verification Paths +# 13. Diagram: Build, Boot and Run Time Trust Chain & Verification Paths ```mermaid flowchart TD @@ -244,7 +245,7 @@ flowchart TD subgraph ISO Run Time J e09@--> K{{"CISS.debian.live.builder ISO running"}}; - X{{"Boot process halted"}}; + X{{"CISS.debian.live.builder Boot process halted"}}; e09@{ animation: fast } end @@ -253,7 +254,7 @@ G -- FAIL --> X; I -- FAIL --> X; ``` -# 14. Closing Remark +# 14. Closing Remarks This achieves a portable, self-contained trust chain without a Microsoft-db, providing strong protection against medium tampering, bitrot and active attacks **both before and after decryption**. The dual verification phases plus `dmsetup` health make the state transparent and deterministic.