Document Trust Chain boot verification evidence

Author: mdheller

README.md

@@ -29,13 +29,48 @@ It does **not** own the whole OS image, package/runtime distribution, or platfor
 - `SocioProphet/agentplane` — governed execution and replay.
 - `SociOS-Linux/nlboot` — original bootstrap primitive and design input.
 
+## Prophet Trust Chain boot verification evidence
+
+SourceOS Boot owns the boot/device verification slice of Prophet Trust Chain. The platform standard and admission contract live in `SocioProphet/prophet-platform`:
+
+- `docs/standards/PROPHET_TRUST_CHAIN_V0.md`
+- `docs/TRUST_CHAIN_ADMISSION_CONTRACT.md`
+- `docs/standards/PROPHET_TRUST_CHAIN_IMPLEMENTATION_MAP.md`
+
+This repo now carries `TrustChainBootVerificationEvidence`, which binds a `BootReleaseSet` to device claim, manifest hash, selected release set, boot mode, verification result, rollback/recovery posture, Trust Chain admission refs, and boot/install/rollback effects.
+
+Relevant files:
+
+- `schemas/trust-chain-boot-verification-evidence.v0.1.schema.json`
+- `examples/trust-chain-boot-verification.valid.json`
+- `examples/trust-chain-boot-verification.blocked.json`
+- `src/sourceos_boot/validate_trust_chain_boot_verification.py`
+- `tests/test_trust_chain_boot_verification.py`
+
+Validation:
+
+```bash
+make validate-trust-chain-boot-verification
+python -m pytest tests/test_trust_chain_boot_verification.py
+```
+
+The valid fixture requires verified device claim, manifest hash, selected release set, boot mode, passing verification result, attestation ref, rollback/recovery posture, policy profile, admission decision, and runtime receipt before boot/install admission is allowed.
+
+The blocked fixture proves fail-closed behavior when device claim and manifest verification evidence are missing. Boot/install are denied, rollback remains allowed, and remediation authority is preserved.
+
+Boundary: SourceOS Boot records boot/device verification evidence. It does not certify production hardware by itself, mutate live boot entries in this tranche, own package/runtime distribution, replace Lattice Forge runtime evidence, replace Policy Fabric policy profiles, replace AgentPlane execution evidence, or replace Prophet Platform admission composition.
+
 ## Initial implementation
 
 This repo currently provides:
 
 - `schemas/boot-release-set.schema.json` — BootReleaseSet v0 contract.
 - `examples/boot-release-set.example.json` — minimal valid example.
 - `src/sourceos_boot/validate_boot_release_set.py` — zero-dependency validator for examples and CI.
+- `schemas/trust-chain-boot-verification-evidence.v0.1.schema.json` — Trust Chain boot/device verification evidence contract.
+- `examples/trust-chain-boot-verification.valid.json` — valid boot/device verification evidence example.
+- `examples/trust-chain-boot-verification.blocked.json` — fail-closed boot/device verification evidence example.
+- `src/sourceos_boot/validate_trust_chain_boot_verification.py` — Trust Chain boot verification validator.
 - `.github/workflows/ci.yml` — validation workflow.
 
 ## Near-term roadmap
@@ -45,3 +80,4 @@ This repo currently provides:
 3. Add Apple Silicon PAL notes and implementation stubs for SourceOS Recovery Environment.
 4. Add UEFI/iPXE bootstrap profile for PC/Purism class hardware.
 5. Emit evidence records: device claim, manifest hash, boot mode, selected ReleaseSet, verification result.
+6. Bind boot/device verification evidence into Prophet Platform admission responses and AgentPlane runtime receipts.