diff --git a/.gitignore b/.gitignore index e78176d..3cb7083 100644 --- a/.gitignore +++ b/.gitignore @@ -56,5 +56,12 @@ nohup*.out *.xxd.xxd.xxd # Generated documentation files -copilot-instructions.md +copilot-instructions.md WARP.md + +# Container/Podman runtime artifacts +db.sql +storage.lock +userns.lock +.bish.sqlite +.bish-index diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index e69de29..14094d2 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,10 @@ +# Code of Conduct + +We are committed to a respectful, inclusive, and harassment-free community. Always: +* Be respectful and professional in all interactions. +* Assume positive intent and provide constructive feedback. +* Avoid personal attacks, harassment, or discriminatory language. + +## Reporting + +If you observe unacceptable behavior, report it privately via the GitHub Security Advisory flow or the contact options in SECURITY.md. Reports are reviewed promptly and confidentially. diff --git a/README.md b/README.md index cf9f38c..398443e 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ This comprehensive guide walks you through **stopping bootkits completely** in t **Also available:** - 📚 **[Getting Started Guide](GETTING_STARTED.md)** - Quick introduction for new users -- 🎯 **[SecureBoot Quick Reference](SECUREBOOT_QUICKSTART.md)** - One-page command reference +- 🎯 **[SecureBoot Quick Reference](docs/SECUREBOOT_QUICKSTART.md)** - One-page command reference ## 🎯 Quick Start: Three Ways to Begin diff --git a/SECURITY.md b/SECURITY.md index e69de29..d8bb5fb 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +## Reporting a Vulnerability + +Please do **not** open public issues for security vulnerabilities. Instead, use one of the following private channels: +- Open a private report via GitHub Security Advisories (Security → Report a vulnerability). +- If that is not possible, reach out to the maintainers via a private channel noted in the repository profile. + +Provide as much detail as possible (affected version/commit, steps to reproduce, expected vs. actual behavior, and any logs or traces). + +## Supported Versions + +PhoenixBoot is under active development; security fixes land on the `main` branch and the most recent tagged releases. Please keep your deployment up to date with the latest release or main branch to receive fixes. diff --git a/docs/MIGRATION_GUIDE.md b/docs/MIGRATION_GUIDE.md index ea4ab16..6b37544 100644 --- a/docs/MIGRATION_GUIDE.md +++ b/docs/MIGRATION_GUIDE.md @@ -153,7 +153,7 @@ out/esp/esp.img # Old ESP image location ``` out/esp/secureboot-bootable.img # New default name FIRST_BOOT_INSTRUCTIONS.txt # Instructions (new) -SECUREBOOT_QUICKSTART.md # Quick reference (new) +docs/SECUREBOOT_QUICKSTART.md # Quick reference (new) ``` ## What to Keep @@ -258,7 +258,7 @@ ln -s secureboot-bootable.img out/esp/esp.img ### New Docs (Read These) -1. **Quick Start:** `SECUREBOOT_QUICKSTART.md` +1. **Quick Start:** `docs/SECUREBOOT_QUICKSTART.md` 2. **Full Guide:** `docs/SECUREBOOT_BOOTABLE_MEDIA.md` 3. **Comparison:** `docs/BEFORE_AND_AFTER.md` 4. **Testing:** `docs/TESTING_GUIDE.md` @@ -291,7 +291,7 @@ ln -s secureboot-bootable.img out/esp/esp.img If you have issues migrating: 1. **Read the docs:** - - `SECUREBOOT_QUICKSTART.md` for quick reference + - `docs/SECUREBOOT_QUICKSTART.md` for quick reference - `docs/SECUREBOOT_BOOTABLE_MEDIA.md` for details 2. **Check examples:** diff --git a/docs/QUICKSTART.md b/docs/QUICKSTART.md index 4ad6a77..cbce312 100644 --- a/docs/QUICKSTART.md +++ b/docs/QUICKSTART.md @@ -14,7 +14,7 @@ This document provides quick access to the most common PhoenixBoot operations. sudo dd if=out/esp/secureboot-bootable.img of=/dev/sdX bs=4M status=progress ``` -See [SECUREBOOT_QUICKSTART.md](SECUREBOOT_QUICKSTART.md) for more details. +See [SECUREBOOT_QUICKSTART.md](./SECUREBOOT_QUICKSTART.md) for more details. ## Task Runner (Recommended) diff --git a/SECUREBOOT_QUICKSTART.md b/docs/SECUREBOOT_QUICKSTART.md similarity index 100% rename from SECUREBOOT_QUICKSTART.md rename to docs/SECUREBOOT_QUICKSTART.md diff --git a/docs/SECURE_ENV_COMMAND.md b/docs/SECURE_ENV_COMMAND.md index 39ba91a..fc5308e 100644 --- a/docs/SECURE_ENV_COMMAND.md +++ b/docs/SECURE_ENV_COMMAND.md @@ -393,7 +393,7 @@ sudo bash scripts/secure-env-check.sh ## See Also - [PhoenixBoot README](../README.md) -- [Secure Boot Setup Guide](../SECUREBOOT_QUICKSTART.md) +- [Secure Boot Setup Guide](./SECUREBOOT_QUICKSTART.md) - [Boot Security Analysis](BOOT_SEQUENCE_AND_ATTACK_SURFACES.md) - [Firmware Recovery](FIRMWARE_RECOVERY.md) diff --git a/docs/UNDERSTANDING_BOOT_ARTIFACTS.md b/docs/UNDERSTANDING_BOOT_ARTIFACTS.md index 5230b24..71eaa67 100644 --- a/docs/UNDERSTANDING_BOOT_ARTIFACTS.md +++ b/docs/UNDERSTANDING_BOOT_ARTIFACTS.md @@ -324,7 +324,7 @@ mokutil --list-enrolled 1. This document (you're here!) 2. `keys/README.md` - SecureBoot key details 3. `out/keys/mok/README.md` - MOK key details -4. `SECUREBOOT_QUICKSTART.md` - Quick start guide +4. `docs/SECUREBOOT_QUICKSTART.md` - Quick start guide 5. `docs/SECURE_BOOT.md` - Deep dive technical docs ### External Resources: diff --git a/docs/implementation/DOCUMENTATION_CLEANUP_SUMMARY.md b/docs/implementation/DOCUMENTATION_CLEANUP_SUMMARY.md index 821bd34..ffe1938 100644 --- a/docs/implementation/DOCUMENTATION_CLEANUP_SUMMARY.md +++ b/docs/implementation/DOCUMENTATION_CLEANUP_SUMMARY.md @@ -97,19 +97,19 @@ Clean up PhoenixBoot documentation to focus on essential files (README.md, QUICK #### Final Structure (Clean and Focused) ``` -Root Documentation (Essential - 9 files): +Root Documentation (Essential - 8 files): ├── README.md (main documentation - comprehensive overview) ├── GETTING_STARTED.md (beginner-friendly guide) ├── QUICKSTART.md (quick reference) ├── ARCHITECTURE.md (system design) ⭐ NEW ├── FEATURES.md (feature status) ⭐ NEW -├── SECUREBOOT_QUICKSTART.md (specific feature quickstart) ├── TESTING_SUMMARY.md (test status) ├── SECURITY_REVIEW_2025-12-07.md (latest security audit) └── LICENSE.md (required) Detailed Documentation: └── docs/ (30+ technical documents organized by topic) + ├── SECUREBOOT_QUICKSTART.md (specific feature quickstart) ├── Container architecture docs ├── Core technical docs ├── UUEFI docs diff --git a/docs/reviews/CICD_REVIEW_ROLLUP.md b/docs/reviews/CICD_REVIEW_ROLLUP.md index 330f5c1..e6d3df6 100644 --- a/docs/reviews/CICD_REVIEW_ROLLUP.md +++ b/docs/reviews/CICD_REVIEW_ROLLUP.md @@ -96,7 +96,7 @@ PhoenixBoot/ **Documentation:** - `SECURE_BOOT_IMPLEMENTATION_SUMMARY.md` - Complete implementation guide -- `SECUREBOOT_QUICKSTART.md` - User quick reference +- [docs/SECUREBOOT_QUICKSTART.md](../SECUREBOOT_QUICKSTART.md) - User quick reference - `docs/SECUREBOOT_BOOTABLE_MEDIA.md` - Bootable media guide ### Security Summary @@ -201,7 +201,7 @@ Essential Documentation (Root): ├── ARCHITECTURE.md # System design ⭐ NEW ├── FEATURES.md # Feature tracking ⭐ NEW ├── BOOTKIT_DEFENSE_WORKFLOW.md # User workflow ⭐ NEW -├── SECUREBOOT_QUICKSTART.md # SecureBoot reference +├── docs/SECUREBOOT_QUICKSTART.md # SecureBoot reference ├── LICENSE.md # Apache 2.0 license └── TESTING_SUMMARY.md # Test status diff --git a/keys/README.md b/keys/README.md index 38311f2..e4c4659 100644 --- a/keys/README.md +++ b/keys/README.md @@ -105,7 +105,7 @@ ISO_PATH=/path/to/your.iso ./pf.py secureboot-create - **UEFI Specification**: https://uefi.org/specifications - **SecureBoot Explained**: See `docs/SECURE_BOOT.md` in this repository -- **Bootable Media Guide**: See `SECUREBOOT_QUICKSTART.md` in this repository +- **Bootable Media Guide**: See `docs/SECUREBOOT_QUICKSTART.md` in this repository ## ❓ Troubleshooting diff --git a/scripts/esp-packaging/esp-package.sh b/scripts/esp-packaging/esp-package.sh index 7894120..f87df5b 100755 --- a/scripts/esp-packaging/esp-package.sh +++ b/scripts/esp-packaging/esp-package.sh @@ -269,7 +269,7 @@ echo " • If you signed it yourself: You need to enroll your db key first" echo "" echo "🔗 More info:" echo " • Keys explained: keys/README.md" -echo " • SecureBoot setup: SECUREBOOT_QUICKSTART.md" +echo " • SecureBoot setup: docs/SECUREBOOT_QUICKSTART.md" echo " • Full docs: docs/SECURE_BOOT.md" echo "" diff --git a/scripts/mok-management/README.md b/scripts/mok-management/README.md index 2f06442..32e43bb 100644 --- a/scripts/mok-management/README.md +++ b/scripts/mok-management/README.md @@ -318,7 +318,7 @@ MOK_CERT="/path/to/out/keys/mok/PGMOK.crt" ## 🔗 Related Documentation -- [SecureBoot Quick Reference](../../SECUREBOOT_QUICKSTART.md) +- [SecureBoot Quick Reference](../../docs/SECUREBOOT_QUICKSTART.md) - [Bootkit Defense Workflow](../../BOOTKIT_DEFENSE_WORKFLOW.md) - [Sign Kernel Modules Script](../../sign-kernel-modules.sh) - [Core Tasks](../../core.pf) - See MOK-related tasks diff --git a/scripts/secure-boot/README.md b/scripts/secure-boot/README.md index a199648..0de29c2 100644 --- a/scripts/secure-boot/README.md +++ b/scripts/secure-boot/README.md @@ -245,7 +245,7 @@ All these scripts can be run via `pf.py` tasks: ## 🔗 Related Documentation -- [SecureBoot Quick Reference](../../SECUREBOOT_QUICKSTART.md) +- [SecureBoot Quick Reference](../../docs/SECUREBOOT_QUICKSTART.md) - [Bootkit Defense Workflow](../../BOOTKIT_DEFENSE_WORKFLOW.md) - [MOK Management](../mok-management/README.md) - [QEMU Scripts](../qemu/README.md)