V8.13.432.2025.11.18
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m18s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m18s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -56,7 +56,6 @@ participant 0050 as grubx64.efi
|
||||
end
|
||||
|
||||
box lightgreen Trusted CISS.debian.live.builder
|
||||
|
||||
participant 0060 as initrd.img
|
||||
participant 0070 as Kernel Entry Point
|
||||
participant 0080 as Kernel Decompress
|
||||
@@ -82,7 +81,7 @@ end
|
||||
0030->>0040: Loading \EFI\BOOT\BOOTX64.EFI
|
||||
0040->>0050: Loading \EFI\BOOT\GRUBX64.EFI
|
||||
0050->>0060: Loading initrd.img
|
||||
0060->>0070: Transfer Controle to Kernel Entry Point
|
||||
0060->>0070: Transfer Control to Kernel Entry Point
|
||||
0070->>0080: Decompress Kernel
|
||||
0080->>0090: /init Phase
|
||||
0090->>0100: Starting CISS.hardened dropbear
|
||||
@@ -93,18 +92,21 @@ end
|
||||
0124->>LUKS: Unlocking [Argon2id PBKDF → XTS + HMAC-SHA512]
|
||||
LUKS->>ROOT: Assemble RootFS OverlayFS
|
||||
ROOT->>0126: Executing 0026-ciss: Hardening early sysctls
|
||||
|
||||
0126->>0130: Executing 0030-ciss: Verify ISO edge (gpgv, FPR pin)
|
||||
alt 0130 SUCCESSFUL
|
||||
0130->>0060: Verified authenticity and integrity of ISO edge
|
||||
else 0130 FAIL
|
||||
0130-x 0060: CISS boot process stopped
|
||||
end
|
||||
|
||||
0130->>0142: Executing 0042-ciss: RootFS attestation, dmsetup health checking
|
||||
alt 0142 SUCCESSFUL
|
||||
0142->>0060: Verified confidentiality, authenticity and integrity of opened LUKS2 RootFS
|
||||
else 0142 FAIL
|
||||
0142-x 0060: CISS boot process stopped
|
||||
end
|
||||
|
||||
0142->>9000: Switching root
|
||||
9000->>9010: Starting /sbin/init -> systemd
|
||||
9010->>9020: Starting Target Units
|
||||
|
||||
Reference in New Issue
Block a user