Purpose
Implement boot/session evidence continuity for SourceOS Mutation and Evidence Accountability, anchored to SourceOS spec PR #96:
SourceOS-Linux/sourceos-spec#96
Required work
- Emit
BootEvidenceTopologyAttestation at boot.
- Generate stable
boot_id and session_id values.
- Attest evidence/log sinks, enabled sensors, disabled sensors, degraded sensors, privilege state, redaction profiles, and retention policies.
- Record OS deployment identity, kernel build, image digest, symbolication bundle state, measured boot references where available.
Acceptance criteria
- Every receipt can attach to a boot/session context.
- Missing or degraded boot evidence prevents high-confidence security clearance.
- The boot attestation can be consumed by SourceOS Shell and sourceos-devtools validators.
Purpose
Implement boot/session evidence continuity for SourceOS Mutation and Evidence Accountability, anchored to SourceOS spec PR #96:
SourceOS-Linux/sourceos-spec#96
Required work
BootEvidenceTopologyAttestationat boot.boot_idandsession_idvalues.Acceptance criteria