Latticra

Home / Boot preview boundary

Fixture-Only Boot Evidence Lane

Boot Preview Boundary

Latticra has a SeaBIOS and GRUB compatibility boundary plus no-effect boot-preview fixtures. It does not have a bootable image, QEMU run, GRUB installation, disk image, firmware mutation, or production operating-system claim.

Boot Rule

Compatible by absence, not by boot execution.

The current Panel installer is compatible with SeaBIOS and GRUB hosts only in the narrow sense that it stays out of the boot path. Boot-preview records define the evidence shape future work must satisfy before any bootable claim can change.

01

Installer boundary

User-local Panel installs avoid firmware, partitions, boot sectors, EFI variables, GRUB config, kernels, and initramfs files.

02

Fixture manifest

The boot-preview manifest records required future fields while preserving bootable_os_ready=false.

03

Preflight report

Preflight validates the fixture and reports local tool visibility without running QEMU or invoking GRUB.

04

Evidence templates

Capture and boot-artifact templates name future evidence fields without creating images or writing boot files.

05

Promotion gates

Boot status cannot promote until QEMU, serial-log, artifact, checksum, and recovery evidence exist.

Current Snapshot

The boot-preview lane is still blocked fixture evidence.

These fields summarize the safe public posture across the compatibility and boot-preview records.

compatibility_contract 1
installer_boot_safe by absence
manifest_validated 1
qemu_execution 0
boot_artifact_manifest 0
serial_boot_log 0
bootable_os_ready 0
production_os_claim 0

Future Profiles

Every future boot profile needs separate evidence.

The preview lane names targets only so future evidence cannot collapse SeaBIOS, GRUB BIOS, and GRUB UEFI into one vague claim.

x86_64

SeaBIOS + GRUB preview

Requires QEMU i440fx SeaBIOS evidence, artifact metadata, serial log, and recovery path.

x86_64

GRUB 2 BIOS preview

Requires a separate BIOS bootloader profile with no host bootloader mutation.

x86_64

GRUB 2 UEFI preview

Requires OVMF/UEFI evidence, EFI system partition metadata, and no firmware writes.

operator

QEMU console preview

Requires a reviewed operator-console path before any VM execution evidence can promote.

Authority Boundary

Templates are not boot artifacts.

The current lane is useful because it names what future evidence must record while refusing to blur the line between a fixture and an executed boot.

Allowed now

Compatibility contract, fixture manifest validation, no-effect preflight, evidence capture template, QEMU argv template, boot artifact manifest template, and blocked manifest validation.

Future evidence

Boot artifact manifest, artifact checksum, profile-specific QEMU run records, serial console boot logs, operator console path, read-only VM evidence, and recovery runbook.

Denied now

QEMU execution, GRUB invocation, disk image creation, ISO creation, firmware mutation, bootloader writes, partition mutation, EFI variable writes, kernel install, initramfs writes, root escalation, network use, host boot changes, and production OS readiness.

Local Commands

Run boot-preview checks without booting anything.

These guards inspect contracts, fixture posture, templates, and blocked validation. They do not run QEMU or touch host boot state.

Compatibility and preflight

sh scripts/test-seabios-grub-compatibility-contract.sh
sh scripts/test-seabios-grub-boot-preview-preflight.sh

Evidence templates

sh scripts/test-seabios-grub-boot-preview-evidence-contract.sh
sh scripts/test-seabios-grub-boot-preview-evidence-template.sh
sh scripts/test-seabios-grub-boot-preview-qemu-argv-template.sh

Artifact manifest gates

sh scripts/test-seabios-grub-boot-preview-boot-artifact-manifest-template.sh
sh scripts/test-seabios-grub-boot-preview-boot-artifact-manifest-validate.sh

Source Records

Read the boot record before repeating a boot claim.

SeaBIOS/GRUB compatibilityInstaller-safe compatibility boundary, future targets, promotion gates, and non-claims. Boot-preview evidenceManifest fixture, preview profiles, preflight, evidence templates, QEMU argv template, and blocked claims. Boot preflightNo-effect local readiness report and tool visibility without QEMU or GRUB execution. Evidence capture templateFuture evidence-bundle fields before any boot-preview claim can promote. QEMU argv templateFuture profile-specific argv record shape while qemu_run_performed remains zero. Boot artifact templateFuture artifact metadata without disk images, kernels, initramfs, or GRUB config. Panel overviewHow the user-local installer stays out of the host boot path. Kernel overviewKernel lifecycle evidence and why it is not a bootable OS claim.