msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.440.2025.11.19
All checks were successful
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Successful in 1m18s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m34s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-19 05:46:31 +00:00
parent 3260f2f2f9
commit d380e11c57
41 changed files with 60 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/MAN_CISS_ISO_BOOT_CHAIN.md
View File

@@ -8,7 +8,7 @@ include_toc: true
**Centurion Intelligence Consulting Agency Information Security Standard**<br>
*Debian Live Build Generator for hardened live environment and CISS Debian Installer*<br>
**Master Version**: 8.13<br>
**Build**: V8.13.432.2025.11.18<br>
**Build**: V8.13.440.2025.11.19<br>
# 2. CISS.debian.live.builder Boot & Trust Chain (Technical Documentation)
@@ -65,7 +65,6 @@ flowchart TD
0070 e07@--> 0080["Decompress Kernel"];
0080 e08@--> 0090["/init Phase"];
0090 e09@--> 0100["Starting CISS.hardened dropbear"];
0100 -.-> 9000["Living CISS.hardened dropbear"];
0100 e10@--> 0110["Executing live-boot, mounting ISO FS"];
0110 e11@--> 0122["Executing 0022-ciss: Hardening tmpfs for OverlayFS upper/work"];
0122 e12@--> 0124["Executing 0024-ciss: LUKS open (dm-crypt & integrity)"];
@@ -74,12 +73,11 @@ flowchart TD
ROOT e15@--> 0126["Executing 0026-ciss: Hardening early sysctls"];
0126 e16@--> 0130["Executing 0030-ciss: Verification of authenticity and integrity via embedded and pinned GPG of ISO edge"];
0130 e17@--> |SUCCESSFUL| 0142["Executing 0042-ciss: Attestation of RootFS"];
0142 e18@--> |SUCCESSFUL| 9050["Switching root (run-init / pivot_root)"];
0142 e19@--> |SUCCESSFUL| 0145["init-bottom: stop CISS.hardened dropbear, tear down initramfs net"];
0145 e20@--> 9050;
9050 e21@--> 9010["Starting /sbin/init -> systemd"];
9000 e22@--> 9010["Starting /sbin/init -> systemd"];
9010 e23@--> 9020["Starting Target Units"];
0142 e18@--> 0145["init-bottom: stop CISS.hardened dropbear, tear down initramfs net"];
0145 e19@--> 9050["Switching root (run-init / pivot_root)"];
9050 e20@--> 9010["Starting /sbin/init -> systemd"];
9010 e21@--> 9020["Starting Target Units"];
0100 -.-> 0145;
e06@{ animation: fast }
e07@{ animation: fast }
e08@{ animation: fast }
@@ -96,8 +94,6 @@ flowchart TD
e19@{ animation: fast }
e20@{ animation: fast }
e21@{ animation: fast }
e22@{ animation: fast }
e23@{ animation: fast }
end
subgraph Finale State