reachableceo
efb6988719
Host FDE is no longer required — only guest (ISO) FDE matters per owner direction. The build host's security posture is the owner's responsibility. The Docker container already isolates the build process. Changes: - run.sh: Removed check_host_fde() function and its call in iso build path - run.sh: Fixed SB key chmod in inline SECUREBOOT_HOOK (C-04 complete) - run.sh: Fixed cache manifest format — no longer capped at 20 files (H-09) - docs/PRD.md: Removed FR-011 Host FDE, renumbered FR-011 = Secure Boot/UKI - docs/COMPLIANCE.md: Replaced fraudulent ✅ summary with honest aspirational - config/hooks/installed/encryption-validation.sh: lsblk discovery (H-06) - src/security-hardening.sh: Synced WiFi blacklist with live hook (M-12) - tests/: Updated 3 test files for guest encryption instead of host FDE - AGENTS.md, README.md, audit docs: Removed host FDE references - STATUS.md: Updated for current state - JOURNAL.md: Added ADR-017 (host FDE not required) 782 tests pass, 0 fail, 0 shellcheck warnings. Reference: DeepReport-2026-05-08.md C-02, C-04, H-06, H-09, M-12 💘 Generated with Crush Assisted-by: GLM-5.1 via Crush <crush@charm.land>
8.7 KiB
8.7 KiB