diff --git a/tools/security-bootstrap-console/security_bootstrap_console.py b/tools/security-bootstrap-console/security_bootstrap_console.py
index 5bde744..d56fac9 100755
--- a/tools/security-bootstrap-console/security_bootstrap_console.py
+++ b/tools/security-bootstrap-console/security_bootstrap_console.py
@@ -1926,6 +1926,11 @@ def runbook_command_payloads(data: dict[str, Any]) -> list[dict[str, str]]:
         "7. Destroy the isolated environment and record only non-secret evidence in this UI.\n"
         "RESTORE_DRILL"
     )
+    validate_restore_evidence_command = (
+        'export OPENBAO_RESTORE_EVIDENCE="${OPENBAO_RESTORE_EVIDENCE:-/tmp/netkingdom-openbao-restore-drill/evidence.json}"\n'
+        'make -C ../railiance-platform openbao-validate-restore-evidence '
+        'OPENBAO_RESTORE_EVIDENCE="$OPENBAO_RESTORE_EVIDENCE"'
+    )
     privacyidea_realm_command = f"bash {shlex.quote(str(PRIVACYIDEA_REALM_REPAIR))}"
 
     return [
@@ -2048,6 +2053,12 @@ def runbook_command_payloads(data: dict[str, Any]) -> list[dict[str, str]]:
             isolated_restore_command,
             downstream_taint,
         ),
+        action(
+            "Validate restore drill evidence",
+            "Validate the non-secret restore-drill evidence JSON. A checkbox alone is not enough for NET-WP-0017-T02; the evidence must include hashes, isolated restore proof, verification flags, and destruction evidence without secret material.",
+            validate_restore_evidence_command,
+            downstream_taint,
+        ),
         action(
             "Run post-restore readiness check",
             "Re-run the Railiance post-unseal checks after restore evidence has been captured.",
diff --git a/workplans/NET-WP-0017-it-security-readiness-for-user-onboarding.md b/workplans/NET-WP-0017-it-security-readiness-for-user-onboarding.md
index f096217..5b8294a 100644
--- a/workplans/NET-WP-0017-it-security-readiness-for-user-onboarding.md
+++ b/workplans/NET-WP-0017-it-security-readiness-for-user-onboarding.md
@@ -210,6 +210,17 @@ Remaining T02 gates are restore-drill evidence, emergency seal/unseal drill
 evidence, the next independent escrow holder, and an explicit risk note if
 ordinary onboarding proceeds before the production Audit Core sink exists.
 
+**2026-06-01:** Tightened the restore-drill evidence gate. The local bootstrap
+metadata currently says `restore_drill_passed: true`, but that checkbox alone
+does not preserve enough non-secret evidence for review. Railiance now has a
+restore evidence JSON template and `make openbao-validate-restore-evidence`
+validator that checks for snapshot hashes, encrypted-snapshot hash/location,
+isolated restore completion, unseal/status/test-secret verification, isolated
+environment destruction, and `no_secret_material_recorded`. The NetKingdom
+control surface now includes a **Validate restore drill evidence** runbook
+card. T02 should not count the restore gate closed until a real non-secret
+evidence file from the prior or repeated drill passes that validator.
+
 ### T03 - Close Trial Taint And Retire Bootstrap Admin Paths
 
 ```task