V8.13.432.2025.11.18

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs

@@ -25,6 +25,7 @@ PHASE="${1:-}"
 case "${PHASE}" in
 
   premount)
+    exit 0
     ;;      ### Continue.
   *)
     exit 0  ### Do nothing in other phases.

docs/MAN_CISS_ISO_BOOT_CHAIN.md

@@ -56,7 +56,6 @@ participant 0050 as grubx64.efi
 end
 
 box lightgreen Trusted CISS.debian.live.builder
-
 participant 0060 as initrd.img
 participant 0070 as Kernel Entry Point
 participant 0080 as Kernel Decompress
@@ -82,7 +81,7 @@ end
 0030->>0040: Loading \EFI\BOOT\BOOTX64.EFI
 0040->>0050: Loading \EFI\BOOT\GRUBX64.EFI
 0050->>0060: Loading initrd.img
-0060->>0070: Transfer Controle to Kernel Entry Point
+0060->>0070: Transfer Control to Kernel Entry Point
 0070->>0080: Decompress Kernel
 0080->>0090: /init Phase
 0090->>0100: Starting CISS.hardened dropbear
@@ -93,18 +92,21 @@ end
 0124->>LUKS: Unlocking [Argon2id PBKDF → XTS + HMAC-SHA512]
 LUKS->>ROOT: Assemble RootFS OverlayFS
 ROOT->>0126: Executing 0026-ciss: Hardening early sysctls
+
 0126->>0130: Executing 0030-ciss: Verify ISO edge (gpgv, FPR pin)
 alt 0130 SUCCESSFUL
 0130->>0060: Verified authenticity and integrity of ISO edge
 else 0130 FAIL
 0130-x 0060: CISS boot process stopped
 end
+
 0130->>0142: Executing 0042-ciss: RootFS attestation, dmsetup health checking
 alt 0142 SUCCESSFUL
 0142->>0060: Verified confidentiality, authenticity and integrity of opened LUKS2 RootFS
 else 0142 FAIL
 0142-x 0060: CISS boot process stopped
 end
+
 0142->>9000: Switching root
 9000->>9010: Starting /sbin/init -> systemd
 9010->>9020: Starting Target Units