msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.432.2025.11.18
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m2s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m14s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-18 10:35:01 +00:00
parent 4b2362d6a2
commit a57cac41a5
42 changed files with 98 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/MAN_CISS_ISO_BOOT_CHAIN.md
View File

@@ -8,13 +8,13 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.416.2025.11.17<br>
**Build**: V8.13.432.2025.11.18<br>
# 2. CISS.debian.live.builder Boot & Trust Chain (Technical Documentation)
**Status:** 2025-11-12
**Audience:** CICA CISO, CISS staff, technically proficient administrators
**Summary:** The CISS.debian Live-ISO establishes a two-stage verification chain without Microsoft-db: an early ISO-edge check (signature and FPR pin) *before* LUKS unlock, and a late root-FS attestation *after* unlock, reinforced by `dm-crypt (AES-XTS)` and `dm-integrity (HMAC-SHA-512)`.
**Status:** 2025-11-12<br>
**Audience:** CICA CISO, CISS staff, technically proficient administrators<br>
**Summary:** The CISS.debian.live.builder Live-ISO establishes a two-stage verification chain without Microsoft-db: an early ISO-edge check (signature and FPR pin) *before* LUKS unlock, and a late root-FS attestation *after* unlock, reinforced by `dm-crypt (AES-XTS)` and `dm-integrity (HMAC-SHA-512)`.<br>
# 3. Overview