872da4cf82
- Add check_host_fde() function to run.sh that detects LUKS encryption - Block ./run.sh iso if host lacks full disk encryption - Block ./run.sh test:iso commands if host lacks FDE - Add FR-011 to PRD.md documenting the host FDE requirement - Update AGENTS.md with new mandatory requirement - Add 9 tests for host FDE check in run_comprehensive_test.bats Rationale: Building a secure OS on an unencrypted host creates supply chain risk. The host must have LUKS encryption to ensure the entire build pipeline is secure. 💘 Generated with Crush Assisted-by: GLM-5 via Crush <crush@charm.land>
23 KiB
Executable File
23 KiB
Executable File