`asciidoctor` is not included in a freshly installed Ubuntu Server 22.04 LTS.
The doc enters wrong folder when configure `attestation-agent`
Signed-off-by: tangbao <i@tbis.me>
This adds some cleanup for the existing documentation, adds some
language specifiers for code blocks, as well as some fixes for minor
spelling issues.
Signed-off-by: Larry Dewey <larry.dewey@amd.com>
Simplify quickstart guide to cover installation,
basic usage, encryption/signing, attestation.
Focus on the generic KBS.
Everything else is moved to other files. Pointers
to the relevant files are included where needed.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
The shim now supports a nmber of annotations for SEV(-ES),
meaning that we no longer need to modify the config file
to set things like the guest policy or kbs uri. Update
the quickstart guide to spread the news.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
The offline_fs_kbc file needs to be updated to use a kbs-uri compatible name
for the key, and the container image has been regenerated to reference the
decryption key via kbs uri in it's annotation.
The image has two tags: encrypted and decrypted.
Fixes: #6604
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Fixed: #96
The current quick start is relatively lengthy,
this commit make the technology stacks for special HW separate markdown pages:
- Use simple-kbs to encrypt container image and deploy it on SEV: `guides/sev-guide.md`
- Use Verdictd to encrypt container image and deploy it on TDX: `guides/eaa-verdictd-guide.md`
Signed-off-by: Jiale Zhang <zhangjiale@linux.alibaba.com>
The patch includes number of fixes for the architecture doc.
Fixes the logical flow between the attestation agent and relying party
for all the diagrams.
Fixes the architecture diagram for process-based TEEs and replaces
references to inclavare with enclave-cc.
Added the architecture diagram for peer-pods approach.
Finally updated the markdown to use relative paths for the images to make
it easier for viewing during reviews and editors.
Signed-off-by: Pradipta Banerjee <pradipta.banerjee@gmail.com>
It seems that we have to have a table with some basic information
otherwise GitHub won't be able to display the template information to
the users.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's have a release check list template that we can use to track the
release steps needed for each new release.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's add a small piece of documentation about what the users should do
in case they want to try enclave-cc with a different KBC.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
While preparing the `v0.3.0` release, we've noticed that using a VM with
2 vCPUs would lead to:
```
Name: cc-operator-controller-manager-79797456f6-spmss
Namespace: confidential-containers-system
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 4m12s default-scheduler 0/1 nodes are available: 1 Insufficient cpu. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming pod.
```
And this is *NOT* something introduced between `v0.2.0` and `v0.3.0`, as
it also happen with the previous release.
For now, let's update the documentation accordingly and revisit this
after the release in case we need to really rely on deploying in nodes
with 2 vCPUs.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
