Fixes: https://github.com/confidential-containers/enclave-cc/issues/181
- Add the content of deploy KBS cluster and create encrypted image in enclave-cc.md
- Delete verdictd in enclave-cc.md and add cc-kbc and sample-kbc content, and give examples of usage
- Modify the creation of enclave-cc custom resource in quickstart.md
Signed-off-by: Huiting Hou <huiting.hou@linux.alibaba.com>
Inverted the order of the checkboxes and numbers so that Github provides
a tracker of how many steps are done at the top of the issue.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Added information about:
* bumping the guest-components version
* the release workflow that generates the image
* update the lock file
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Moved the step 8 ("Update kbs to use the latest commit ...") below to
step 9 ("Cut a guest-components ...") because the kbs depend on
guest-components, therefore, the later should be tagged *before* the
former.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
With the merge of image-rs, ocicrypt-rs and attestation-agent into a
single guest-components repository, the steps 1,2,3,9,10 and 13 are not
necessary anymore.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
A template to help people request meetings using
the official CoCo Zoom.
Let's try out the fancy new github issue forms.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
Updated the SEV guide with information about the default values of the
SEV policy for SEV and SEV-ES as well as the features enabled/disabled.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
- Merge steps that can be achieved in a common PR
- Add steps to wait for runtime payload builds
- Add peer pods steps
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Updated README to combine README from documentation repo with one from community repo.
And updated CODEOWNERS to confidential-containers-maintainers ahead of renaming the repo.
Signed-off-by: James Magowan <MAGOWAN@uk.ibm.com>
`asciidoctor` is not included in a freshly installed Ubuntu Server 22.04 LTS.
The doc enters wrong folder when configure `attestation-agent`
Signed-off-by: tangbao <i@tbis.me>
This adds some cleanup for the existing documentation, adds some
language specifiers for code blocks, as well as some fixes for minor
spelling issues.
Signed-off-by: Larry Dewey <larry.dewey@amd.com>
Simplify quickstart guide to cover installation,
basic usage, encryption/signing, attestation.
Focus on the generic KBS.
Everything else is moved to other files. Pointers
to the relevant files are included where needed.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
The shim now supports a nmber of annotations for SEV(-ES),
meaning that we no longer need to modify the config file
to set things like the guest policy or kbs uri. Update
the quickstart guide to spread the news.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
The offline_fs_kbc file needs to be updated to use a kbs-uri compatible name
for the key, and the container image has been regenerated to reference the
decryption key via kbs uri in it's annotation.
The image has two tags: encrypted and decrypted.
Fixes: #6604
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Fixed: #96
The current quick start is relatively lengthy,
this commit make the technology stacks for special HW separate markdown pages:
- Use simple-kbs to encrypt container image and deploy it on SEV: `guides/sev-guide.md`
- Use Verdictd to encrypt container image and deploy it on TDX: `guides/eaa-verdictd-guide.md`
Signed-off-by: Jiale Zhang <zhangjiale@linux.alibaba.com>
The patch includes number of fixes for the architecture doc.
Fixes the logical flow between the attestation agent and relying party
for all the diagrams.
Fixes the architecture diagram for process-based TEEs and replaces
references to inclavare with enclave-cc.
Added the architecture diagram for peer-pods approach.
Finally updated the markdown to use relative paths for the images to make
it easier for viewing during reviews and editors.
Signed-off-by: Pradipta Banerjee <pradipta.banerjee@gmail.com>
