From b19c0380e6948d1a0bda91622b647397c5c5bcdccf45d8d60f6aae16285817b8 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Tue, 18 Nov 2025 13:59:55 +0000
Subject: [PATCH] V8.13.432.2025.11.18

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 .../usr/lib/live/boot/0022-ciss-overlay-tmpfs               | 1 +
 docs/MAN_CISS_ISO_BOOT_CHAIN.md                             | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs b/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
index ff50472..92276b9 100644
--- a/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
+++ b/config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
@@ -25,6 +25,7 @@ PHASE="${1:-}"
 case "${PHASE}" in
 
   premount)
+    exit 0
     ;;      ### Continue.
   *)
     exit 0  ### Do nothing in other phases.
diff --git a/docs/MAN_CISS_ISO_BOOT_CHAIN.md b/docs/MAN_CISS_ISO_BOOT_CHAIN.md
index beb1ca8..93e267b 100644
--- a/docs/MAN_CISS_ISO_BOOT_CHAIN.md
+++ b/docs/MAN_CISS_ISO_BOOT_CHAIN.md
@@ -56,7 +56,6 @@ participant 0050 as grubx64.efi
 end
 
 box lightgreen Trusted CISS.debian.live.builder
-
 participant 0060 as initrd.img
 participant 0070 as Kernel Entry Point
 participant 0080 as Kernel Decompress
@@ -82,7 +81,7 @@ end
 0030->>0040: Loading \EFI\BOOT\BOOTX64.EFI
 0040->>0050: Loading \EFI\BOOT\GRUBX64.EFI
 0050->>0060: Loading initrd.img
-0060->>0070: Transfer Controle to Kernel Entry Point
+0060->>0070: Transfer Control to Kernel Entry Point
 0070->>0080: Decompress Kernel
 0080->>0090: /init Phase
 0090->>0100: Starting CISS.hardened dropbear
@@ -93,18 +92,21 @@ end
 0124->>LUKS: Unlocking [Argon2id PBKDF → XTS + HMAC-SHA512]
 LUKS->>ROOT: Assemble RootFS OverlayFS
 ROOT->>0126: Executing 0026-ciss: Hardening early sysctls
+
 0126->>0130: Executing 0030-ciss: Verify ISO edge (gpgv, FPR pin)
 alt 0130 SUCCESSFUL
 0130->>0060: Verified authenticity and integrity of ISO edge
 else 0130 FAIL
 0130-x 0060: CISS boot process stopped
 end
+
 0130->>0142: Executing 0042-ciss: RootFS attestation, dmsetup health checking
 alt 0142 SUCCESSFUL
 0142->>0060: Verified confidentiality, authenticity and integrity of opened LUKS2 RootFS
 else 0142 FAIL
 0142-x 0060: CISS boot process stopped
 end
+
 0142->>9000: Switching root
 9000->>9010: Starting /sbin/init -> systemd
 9010->>9020: Starting Target Units