Organize documentation and finalize repo hygiene

.gitignore

@@ -56,5 +56,12 @@ nohup*.out
 *.xxd.xxd.xxd
 
 # Generated documentation files
-copilot-instructions.md
+copilot-instructions.md
 WARP.md
+
+# Container/Podman runtime artifacts
+db.sql
+storage.lock
+userns.lock
+.bish.sqlite
+.bish-index

CODE_OF_CONDUCT.md

@@ -0,0 +1,10 @@
+# Code of Conduct
+
+We are committed to a respectful, inclusive, and harassment-free community. Always:
+* Be respectful and professional in all interactions.
+* Assume positive intent and provide constructive feedback.
+* Avoid personal attacks, harassment, or discriminatory language.
+
+## Reporting
+
+If you observe unacceptable behavior, report it privately via the GitHub Security Advisory flow or the contact options in SECURITY.md. Reports are reviewed promptly and confidentially.

README.md

@@ -18,7 +18,7 @@ This comprehensive guide walks you through **stopping bootkits completely** in t
 
 **Also available:**
 - 📚 **[Getting Started Guide](GETTING_STARTED.md)** - Quick introduction for new users
-- 🎯 **[SecureBoot Quick Reference](SECUREBOOT_QUICKSTART.md)** - One-page command reference
+- 🎯 **[SecureBoot Quick Reference](docs/SECUREBOOT_QUICKSTART.md)** - One-page command reference
 
 ## 🎯 Quick Start: Three Ways to Begin
 

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please do **not** open public issues for security vulnerabilities. Instead, use one of the following private channels:
+- Open a private report via GitHub Security Advisories (Security → Report a vulnerability).
+- If that is not possible, reach out to the maintainers via a private channel noted in the repository profile.
+
+Provide as much detail as possible (affected version/commit, steps to reproduce, expected vs. actual behavior, and any logs or traces).
+
+## Supported Versions
+
+PhoenixBoot is under active development; security fixes land on the `main` branch and the most recent tagged releases. Please keep your deployment up to date with the latest release or main branch to receive fixes.

docs/MIGRATION_GUIDE.md

@@ -153,7 +153,7 @@ out/esp/esp.img          # Old ESP image location
 ```
 out/esp/secureboot-bootable.img    # New default name
 FIRST_BOOT_INSTRUCTIONS.txt        # Instructions (new)
-SECUREBOOT_QUICKSTART.md           # Quick reference (new)
+docs/SECUREBOOT_QUICKSTART.md           # Quick reference (new)
 ```
 
 ## What to Keep
@@ -258,7 +258,7 @@ ln -s secureboot-bootable.img out/esp/esp.img
 
 ### New Docs (Read These)
 
-1. **Quick Start:** `SECUREBOOT_QUICKSTART.md`
+1. **Quick Start:** `docs/SECUREBOOT_QUICKSTART.md`
 2. **Full Guide:** `docs/SECUREBOOT_BOOTABLE_MEDIA.md`
 3. **Comparison:** `docs/BEFORE_AND_AFTER.md`
 4. **Testing:** `docs/TESTING_GUIDE.md`
@@ -291,7 +291,7 @@ ln -s secureboot-bootable.img out/esp/esp.img
 If you have issues migrating:
 
 1. **Read the docs:**
-   - `SECUREBOOT_QUICKSTART.md` for quick reference
+   - `docs/SECUREBOOT_QUICKSTART.md` for quick reference
    - `docs/SECUREBOOT_BOOTABLE_MEDIA.md` for details
 
 2. **Check examples:**

docs/QUICKSTART.md

@@ -14,7 +14,7 @@ This document provides quick access to the most common PhoenixBoot operations.
 sudo dd if=out/esp/secureboot-bootable.img of=/dev/sdX bs=4M status=progress
 ```
 
-See [SECUREBOOT_QUICKSTART.md](SECUREBOOT_QUICKSTART.md) for more details.
+See [SECUREBOOT_QUICKSTART.md](./SECUREBOOT_QUICKSTART.md) for more details.
 
 ## Task Runner (Recommended)
 

docs/SECURE_ENV_COMMAND.md

@@ -393,7 +393,7 @@ sudo bash scripts/secure-env-check.sh
 ## See Also
 
 - [PhoenixBoot README](../README.md)
-- [Secure Boot Setup Guide](../SECUREBOOT_QUICKSTART.md)
+- [Secure Boot Setup Guide](./SECUREBOOT_QUICKSTART.md)
 - [Boot Security Analysis](BOOT_SEQUENCE_AND_ATTACK_SURFACES.md)
 - [Firmware Recovery](FIRMWARE_RECOVERY.md)
 

docs/UNDERSTANDING_BOOT_ARTIFACTS.md

@@ -324,7 +324,7 @@ mokutil --list-enrolled
 1. This document (you're here!)
 2. `keys/README.md` - SecureBoot key details
 3. `out/keys/mok/README.md` - MOK key details
-4. `SECUREBOOT_QUICKSTART.md` - Quick start guide
+4. `docs/SECUREBOOT_QUICKSTART.md` - Quick start guide
 5. `docs/SECURE_BOOT.md` - Deep dive technical docs
 
 ### External Resources:

docs/implementation/DOCUMENTATION_CLEANUP_SUMMARY.md

@@ -97,19 +97,19 @@ Clean up PhoenixBoot documentation to focus on essential files (README.md, QUICK
 
 #### Final Structure (Clean and Focused)
 ```
-Root Documentation (Essential - 9 files):
+Root Documentation (Essential - 8 files):
 ├── README.md (main documentation - comprehensive overview)
 ├── GETTING_STARTED.md (beginner-friendly guide)
 ├── QUICKSTART.md (quick reference)
 ├── ARCHITECTURE.md (system design) ⭐ NEW
 ├── FEATURES.md (feature status) ⭐ NEW
-├── SECUREBOOT_QUICKSTART.md (specific feature quickstart)
 ├── TESTING_SUMMARY.md (test status)
 ├── SECURITY_REVIEW_2025-12-07.md (latest security audit)
 └── LICENSE.md (required)
 
 Detailed Documentation:
 └── docs/ (30+ technical documents organized by topic)
+    ├── SECUREBOOT_QUICKSTART.md (specific feature quickstart)
     ├── Container architecture docs
     ├── Core technical docs
     ├── UUEFI docs

docs/reviews/CICD_REVIEW_ROLLUP.md

@@ -96,7 +96,7 @@ PhoenixBoot/
 
 **Documentation:**
 - `SECURE_BOOT_IMPLEMENTATION_SUMMARY.md` - Complete implementation guide
-- `SECUREBOOT_QUICKSTART.md` - User quick reference
+- [docs/SECUREBOOT_QUICKSTART.md](../SECUREBOOT_QUICKSTART.md) - User quick reference
 - `docs/SECUREBOOT_BOOTABLE_MEDIA.md` - Bootable media guide
 
 ### Security Summary
@@ -201,7 +201,7 @@ Essential Documentation (Root):
 ├── ARCHITECTURE.md                   # System design ⭐ NEW
 ├── FEATURES.md                       # Feature tracking ⭐ NEW
 ├── BOOTKIT_DEFENSE_WORKFLOW.md       # User workflow ⭐ NEW
-├── SECUREBOOT_QUICKSTART.md          # SecureBoot reference
+├── docs/SECUREBOOT_QUICKSTART.md     # SecureBoot reference
 ├── LICENSE.md                        # Apache 2.0 license
 └── TESTING_SUMMARY.md                # Test status
 

keys/README.md

@@ -105,7 +105,7 @@ ISO_PATH=/path/to/your.iso ./pf.py secureboot-create
 
 - **UEFI Specification**: https://uefi.org/specifications
 - **SecureBoot Explained**: See `docs/SECURE_BOOT.md` in this repository
-- **Bootable Media Guide**: See `SECUREBOOT_QUICKSTART.md` in this repository
+- **Bootable Media Guide**: See `docs/SECUREBOOT_QUICKSTART.md` in this repository
 
 ## ❓ Troubleshooting
 

scripts/esp-packaging/esp-package.sh

@@ -269,7 +269,7 @@ echo "   • If you signed it yourself: You need to enroll your db key first"
 echo ""
 echo "🔗 More info:"
 echo "   • Keys explained: keys/README.md"
-echo "   • SecureBoot setup: SECUREBOOT_QUICKSTART.md"
+echo "   • SecureBoot setup: docs/SECUREBOOT_QUICKSTART.md"
 echo "   • Full docs: docs/SECURE_BOOT.md"
 echo ""
 

scripts/mok-management/README.md

@@ -318,7 +318,7 @@ MOK_CERT="/path/to/out/keys/mok/PGMOK.crt"
 
 ## 🔗 Related Documentation
 
-- [SecureBoot Quick Reference](../../SECUREBOOT_QUICKSTART.md)
+- [SecureBoot Quick Reference](../../docs/SECUREBOOT_QUICKSTART.md)
 - [Bootkit Defense Workflow](../../BOOTKIT_DEFENSE_WORKFLOW.md)
 - [Sign Kernel Modules Script](../../sign-kernel-modules.sh)
 - [Core Tasks](../../core.pf) - See MOK-related tasks

scripts/secure-boot/README.md

@@ -245,7 +245,7 @@ All these scripts can be run via `pf.py` tasks:
 
 ## 🔗 Related Documentation
 
-- [SecureBoot Quick Reference](../../SECUREBOOT_QUICKSTART.md)
+- [SecureBoot Quick Reference](../../docs/SECUREBOOT_QUICKSTART.md)
 - [Bootkit Defense Workflow](../../BOOTKIT_DEFENSE_WORKFLOW.md)
 - [MOK Management](../mok-management/README.md)
 - [QEMU Scripts](../qemu/README.md)