Moving the contents of the SNP documentation to the CoCo website and removing the SEV documentation to be deprecated soon. Pointing to the website in quickstart guide and coco-dev guide.
Signed-off-by: Arvind Kumar <arvinkum@amd.com>
Updating the SEV and SNP guides to include instructions on launching CoCo with SEV and SNP memory encryption.
Signed-off-by: Arvind Kumar <arvinkum@amd.com>
Reorganizing the quickstart guide and adding a new guide page for CoCo-dev instructions for testing CoCo without the use of memory encryption or attestation.
Signed-off-by: Arvind Kumar <arvinkum@amd.com>
This commit migrates the documentation for IBM Secure Execution
from the operator to the confidential-containers repo.
It will be referred by the QuickStart.
Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
The non-tee guide predates the sample attester, which
allows us to use the attestation flow without hardware
support.
Before that we had a workaround in the operator
that would provision a guest image with certain
keys already baked into that.
This is known as the ssh-demo in the operator,
but it shoudn't be confused with the ssh-demo
that we have in this repo, which is just a container
that ships with an ssh daemon inside of it.
The ssh-demo in this repo doesn't necessarily require
attestation and is unrelated.
We are removing the ssh-demo operator CRD so the nontee
guide should go as well.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
Fixes: https://github.com/confidential-containers/enclave-cc/issues/181
- Add the content of deploy KBS cluster and create encrypted image in enclave-cc.md
- Delete verdictd in enclave-cc.md and add cc-kbc and sample-kbc content, and give examples of usage
- Modify the creation of enclave-cc custom resource in quickstart.md
Signed-off-by: Huiting Hou <huiting.hou@linux.alibaba.com>
Updated the SEV guide with information about the default values of the
SEV policy for SEV and SEV-ES as well as the features enabled/disabled.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
`asciidoctor` is not included in a freshly installed Ubuntu Server 22.04 LTS.
The doc enters wrong folder when configure `attestation-agent`
Signed-off-by: tangbao <i@tbis.me>
This adds some cleanup for the existing documentation, adds some
language specifiers for code blocks, as well as some fixes for minor
spelling issues.
Signed-off-by: Larry Dewey <larry.dewey@amd.com>
Simplify quickstart guide to cover installation,
basic usage, encryption/signing, attestation.
Focus on the generic KBS.
Everything else is moved to other files. Pointers
to the relevant files are included where needed.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
The shim now supports a nmber of annotations for SEV(-ES),
meaning that we no longer need to modify the config file
to set things like the guest policy or kbs uri. Update
the quickstart guide to spread the news.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
Fixed: #96
The current quick start is relatively lengthy,
this commit make the technology stacks for special HW separate markdown pages:
- Use simple-kbs to encrypt container image and deploy it on SEV: `guides/sev-guide.md`
- Use Verdictd to encrypt container image and deploy it on TDX: `guides/eaa-verdictd-guide.md`
Signed-off-by: Jiale Zhang <zhangjiale@linux.alibaba.com>
