docs(rhcos): strengthen evidence framing + sanitized JSON summary

README.md

@@ -114,15 +114,17 @@ different bootstrap. bpfcompat implements it (Ignition config over QEMU
     -matrix matrices/rhcos.yaml -runner vm -out report.json
   ```
 
-  Recorded evidence matrix: **3 OpenShift releases (4.14 / 4.16 / 4.18) × 6
-  artifacts on x86_64, plus a real aarch64 boot** —
-  [docs/evidence-rhcos.md](docs/evidence-rhcos.md). Highlights: ring-buffer and
-  perf-buffer load+attach pass everywhere; a **BPF-LSM** program is rejected on
-  4.14 (RHEL 9.2) but loads+attaches all hooks on 4.16/4.18 (RHEL 9.4) — a real
-  backport boundary; and a CO-RE failure is correctly rejected on every release.
-  Without an image, the **RHEL / AlmaLinux 9 (5.14)** profiles are the interim
-  kernel approximation. Full guide:
-  [docs/rhcos-openshift.md](docs/rhcos-openshift.md).
+  Recorded evidence — real boots, not claims, and not just 4.16: **OpenShift
+  4.14, 4.16, and 4.18 on x86_64 (6 artifacts each), plus OpenShift 4.16 on
+  aarch64** — [docs/evidence-rhcos.md](docs/evidence-rhcos.md), with a
+  machine-readable [docs/report-rhcos-summary.json](docs/report-rhcos-summary.json).
+  Highlights: ring-buffer and perf-buffer load+attach pass on every release; a
+  **BPF-LSM** program is rejected on 4.14 (RHEL 9.2) but loads+attaches all hooks
+  on 4.16/4.18 (RHEL 9.4) — a real backport boundary; a CO-RE failure is
+  correctly rejected everywhere; and the aarch64 boot
+  (`5.14.0-427.50.1.el9_4.aarch64`) load+attaches under emulation. Without an
+  image, the **RHEL / AlmaLinux 9 (5.14)** profiles are the interim kernel
+  approximation. Full guide: [docs/rhcos-openshift.md](docs/rhcos-openshift.md).
 
 ## Try it in CI without your own KVM box
 

docs/evidence-rhcos.md

@@ -7,7 +7,9 @@ Reproduce with the steps at the bottom.
 
 > Raw run artifacts (full `report.json`, `validator-result.json`, serial logs)
 > are written under `evidence/rhcos/` locally; that path is git-ignored as
-> high-churn output, so the decisive fields are inlined here.
+> high-churn output, so the decisive fields are inlined here and in a
+> machine-readable [`report-rhcos-summary.json`](report-rhcos-summary.json)
+> (sanitized: no host paths, keys, or raw logs).
 
 ## Releases under test
 

docs/report-rhcos-summary.json

@@ -0,0 +1,218 @@
+{
+  "schema": "bpfcompat.rhcos-evidence-summary.v1",
+  "generated_for": "bpfcompat v0.2.0",
+  "note": "Sanitized summary of real bpfcompat runs inside booted RHEL CoreOS guests. Host paths, per-run SSH keys, and raw logs are intentionally excluded; see docs/evidence-rhcos.md for the narrative and provenance.",
+  "image_source": "https://mirror.openshift.com/pub/openshift-v4/<arch>/dependencies/rhcos/<ver>/latest/ (public boot images; pull secret not required)",
+  "releases": [
+    {
+      "openshift": "4.14",
+      "arch": "x86_64",
+      "rhcos": "414.92.202407091253",
+      "kernel": "5.14.0-284.73.1.el9_2.x86_64"
+    },
+    {
+      "openshift": "4.16",
+      "arch": "x86_64",
+      "rhcos": "416.94.202510081640",
+      "kernel": "5.14.0-427.93.1.el9_4.x86_64"
+    },
+    {
+      "openshift": "4.18",
+      "arch": "x86_64",
+      "rhcos": "418.94.202510081222",
+      "kernel": "5.14.0-427.93.1.el9_4.x86_64"
+    },
+    {
+      "openshift": "4.16",
+      "arch": "aarch64",
+      "rhcos": "416.94.202501270445",
+      "kernel": "5.14.0-427.50.1.el9_4.aarch64"
+    }
+  ],
+  "x86_64_matrix": [
+    {
+      "artifact": "simple-pass",
+      "description": "baseline program load",
+      "artifact_sha256": "416a492899e8713c8a84678940a11bb01b34dd6b8e758a885efa590cc8565967",
+      "by_release": {
+        "openshift-4.14-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        },
+        "openshift-4.16-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        },
+        "openshift-4.18-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        }
+      }
+    },
+    {
+      "artifact": "ringbuf-modern",
+      "description": "tracepoint + ring buffer (upstream >=5.8)",
+      "artifact_sha256": "569df5541ad1246f17fb288c41cf3435e240da3b1ce254a348e4e0ffec021728",
+      "by_release": {
+        "openshift-4.14-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        },
+        "openshift-4.16-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        },
+        "openshift-4.18-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        }
+      }
+    },
+    {
+      "artifact": "perfbuf-fallback",
+      "description": "tracepoint + perf-event buffer",
+      "artifact_sha256": "fdebfa1a8b98cdf9890b4ac21fc40dd5e016e672b875b5e46f356d333f6e6e2f",
+      "by_release": {
+        "openshift-4.14-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        },
+        "openshift-4.16-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        },
+        "openshift-4.18-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        }
+      }
+    },
+    {
+      "artifact": "attach-warn",
+      "description": "kprobe to a missing symbol",
+      "artifact_sha256": "3c2d83d12c2d6357213cbf0a9ebbc1ba4b53d3565e9536cf4190dfe4d2fc1531",
+      "by_release": {
+        "openshift-4.14-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "warn",
+          "attach_passed": null,
+          "attach_attempted": 1
+        },
+        "openshift-4.16-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "warn",
+          "attach_passed": null,
+          "attach_attempted": 1
+        },
+        "openshift-4.18-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "warn",
+          "attach_passed": null,
+          "attach_attempted": 1
+        }
+      }
+    },
+    {
+      "artifact": "aegis",
+      "description": "BPF-LSM (4 hooks) + tracepoint",
+      "artifact_sha256": "83aa9d2620e6459a960768045af60a5d35936b7b2be4da25f689a44abff42819",
+      "by_release": {
+        "openshift-4.14-x86_64": {
+          "target_status": "fail",
+          "load": "fail",
+          "attach": "skipped",
+          "load_errno": -13,
+          "classification": "CAPABILITY_FAILURE"
+        },
+        "openshift-4.16-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 4,
+          "attach_attempted": 4
+        },
+        "openshift-4.18-x86_64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 4,
+          "attach_attempted": 4
+        }
+      }
+    },
+    {
+      "artifact": "core-relocation-fail",
+      "description": "CO-RE relocation to a non-existent type (negative control)",
+      "artifact_sha256": "b9b4f3942a64fe9a8f789a574cb1958b445a18af37881c9ecce05791865dd8f5",
+      "by_release": {
+        "openshift-4.14-x86_64": {
+          "target_status": "fail",
+          "load": "fail",
+          "attach": "skipped",
+          "load_errno": -22,
+          "classification": "CORE_RELOCATION_FAILURE"
+        },
+        "openshift-4.16-x86_64": {
+          "target_status": "fail",
+          "load": "fail",
+          "attach": "skipped",
+          "load_errno": -22,
+          "classification": "CORE_RELOCATION_FAILURE"
+        },
+        "openshift-4.18-x86_64": {
+          "target_status": "fail",
+          "load": "fail",
+          "attach": "skipped",
+          "load_errno": -22,
+          "classification": "CORE_RELOCATION_FAILURE"
+        }
+      }
+    }
+  ],
+  "aarch64_matrix": [
+    {
+      "artifact": "ringbuf-modern",
+      "description": "tracepoint + ring buffer (upstream >=5.8)",
+      "artifact_sha256": "569df5541ad1246f17fb288c41cf3435e240da3b1ce254a348e4e0ffec021728",
+      "by_release": {
+        "openshift-4.16-aarch64": {
+          "target_status": "pass",
+          "load": "pass",
+          "attach": "pass",
+          "attach_passed": 1,
+          "attach_attempted": 1
+        }
+      }
+    }
+  ]
+}

vm/profiles/rhcos-4.16-5.14.yaml

@@ -1,18 +1,24 @@
-# RHEL CoreOS (OpenShift 4.16) — runnable with an operator-supplied image.
+# RHEL CoreOS (OpenShift 4.16) — runnable, opt-in (operator-supplied image).
+#
+# One row of the proven RHCOS evidence matrix: OpenShift 4.14 / 4.16 / 4.18 on
+# x86_64 (6 artifacts each) plus 4.16 on aarch64 — all real boots. See
+# docs/evidence-rhcos.md and docs/report-rhcos-summary.json.
 #
 # RHCOS is the immutable node OS for OpenShift. Its kernel is the RHEL 9.4
 # kernel (5.14, heavily backported), so for pure BPF-load questions a RHEL-9 /
 # AlmaLinux-9 profile already approximates it closely. RHCOS is the requested
 # "tricky target" because of how it boots and ships, not because of the kernel.
 #
-# Boot: solved. RHCOS boots via Ignition, exactly like Fedora CoreOS, which is
-# implemented and proven (see internal/vm/ignition.go). The only remaining gap
-# is the image:
-#   - RHCOS qcow2 ships with an OpenShift release, not a public cloud-image URL.
-#     Obtain it for the 4.16 release (e.g. `openshift-install coreos
-#     print-stream-json`) and stage it with `make rhcos-image`, then opt in with
-#     BPFCOMPAT_ENABLE_RHCOS=1. Until then ExecutionTransport() keeps rhcos
-#     unsupported so it is never claimed runnable without a real image.
+# Boot: solved and proven. RHCOS boots via Ignition, exactly like Fedora CoreOS
+# (see internal/vm/ignition.go); a real boot of this profile load+attaches an
+# artifact inside the guest (kernel 5.14.0-427.93.1.el9_4, evidence above).
+#
+# Image: RHCOS qcow2 ships with an OpenShift release, not a public cloud-image
+# URL. Obtain it for the 4.16 release (e.g. `openshift-install coreos
+# print-stream-json`, or the public mirror) and stage it with
+# `make rhcos-image RHCOS_VERSION=4.16 RHCOS_IMAGE_URL=...`, then opt in with
+# BPFCOMPAT_ENABLE_RHCOS=1. Off by default, ExecutionTransport() keeps rhcos
+# unsupported so it is never claimed runnable without a real image present.
 #
 # Pragmatic interim (no image): validate against the matching RHEL/AlmaLinux 9
 # (5.14) profile, which shares the kernel + backports.