From 88f0719208ea90e3a03162dd8b1d55cc585e9f48 Mon Sep 17 00:00:00 2001 From: Maddy Underwood Date: Mon, 23 Dec 2024 10:23:18 +0000 Subject: [PATCH] Post-production clean-up. --- .../cca-veraison/_index.md | 6 +++--- .../cca-veraison/attestation-token.md | 12 +++++++----- .../cca-veraison/attestation-verification.md | 4 ++-- .../cca-veraison/cca-attestation.md | 2 +- .../cca-veraison/evaluate-result.md | 4 ++-- .../cca-veraison/how-to-use.md | 8 ++++---- .../cca-veraison/veraison.md | 4 +++- 7 files changed, 22 insertions(+), 18 deletions(-) diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/_index.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/_index.md index 5f7f30a4b..01d6058a3 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/_index.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/_index.md @@ -7,15 +7,15 @@ minutes_to_complete: 30 who_is_this_for: This Learning Path is for developers who would like to learn about attestation in confidential computing, using Arm’s Confidential Computing Architecture (CCA). learning_objectives: - - Describe the importance of attestation for confidential computing. + - Describe the importance of attestation in confidential computing. - Understand what a CCA attestation token is, and describe its format. - Inspect the contents of a CCA attestation token using command-line tools. - Use an attestation verification service to evaluate a CCA attestation token. - - Understand the purpose of the Open source Veraison project. + - Understand the purpose of the Open-Source Veraison project. prerequisites: - - An Arm-based or x86 computer running Ubuntu. You can use a server instance from the cloud service provider of your choice. + - An Arm-based or x86 computer running Ubuntu. You can use a server instance from a cloud service provider of your choice. author_primary: Paul Howard diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-token.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-token.md index 08e625f92..911f3b4c4 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-token.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-token.md @@ -19,7 +19,7 @@ wget https://go.dev/dl/go1.23.3.linux-$(dpkg --print-architecture).tar.gz tar -C /usr/local -xzf go1.23.3.linux-$(dpkg --print-architecture).tar.gz ``` -Export the installation path and add it to your `$PATH environment` variable. +Export the installation path and add it to your `$PATH environment` variable: ```bash export PATH=$PATH:/usr/local/go/bin @@ -56,17 +56,19 @@ Use GitHub’s download button, located on the right of the upper toolbar, to do ![download_raw.png](./download_raw.png) -Place this file in the `$HOME` folder, while retaining the file name. The rest of this Learning Path uses the notation `$HOME/cca_example_token.cbor` as the file path. +Place this file in the `$HOME` folder, while retaining the file name. + +The rest of this Learning Path uses the notation `$HOME/cca_example_token.cbor` as the file path. {{% notice Note %}} You will notice that the filename extension on the example token is `.cbor`, which also denotes the format of the data. CBOR is an acronym for Concise Binary Object Representation. You might already be familiar with JSON (the JavaScript Object Notation). JSON provides a standard way of conveying the nested structures of key-value pairs. CBOR is conceptually the same as JSON. The difference is that CBOR is a binary format, rather than a text-based format like JSON. CBOR is designed for compactness and machine-readability, but at the expense of human-readability. You can learn more about CBOR [here](https://cbor.io/). {{% /notice %}} -## Build the EVCLI Tool +## Build the evcli tool -Now that you have downloaded the example CCA attestation token, the next step is to look inside the token and learn about the data that it contains. As the token is a binary file, you will need to use a tool to parse the file and display its contents. The tool that you will use is a command-line tool called `evcli`. Evcli is an acronym for EVidence Command Line Interface, linking with the idea that attestation tokens are used to convey evidence about realms and the platforms on which they are hosted. +Now that you have downloaded the example CCA attestation token, the next step is to look inside the token and learn about the data that it contains. As the token is a binary file, you will need to use a tool to parse the file and display its contents. The tool that you will use is a command-line tool called `evcli`. -The `evcli` tool is part of the Veraison Open-Source project, which was covered in the previous section. +`evcli` is an acronym for EVidence Command Line Interface, which goes back to the idea that attestation tokens are used to convey evidence about realms and the platforms on which they are hosted. The `evcli` tool is part of the Veraison Open-Source project, which was covered in the previous section. Clone the source code using git as follows: diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-verification.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-verification.md index 3b33f116b..6630f24d7 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-verification.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-verification.md @@ -11,7 +11,7 @@ layout: learningpathall Linaro’s verification service is implemented using components from the open source [Veraison](https://github.com/veraison) project. -The URL for reaching this experimental verifier service is http://veraison.test.linaro.org:8080 +The URL for reaching this experimental verifier service is http://veraison.test.linaro.org:8080. To check that you can reach the Linaro attestation verifier service, run the following command: @@ -89,4 +89,4 @@ The `| tr -d \"` is used to remove the double quotes in capturing the output fro {{% /notice %}} The verification service has now evaluated the token and returned a result, which you have saved. -The last two steps in this learning path will be about understanding the result data that came back from the verification service. +The last two steps in this Learning Path are about understanding the resultant data that came back from the verification service. diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/cca-attestation.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/cca-attestation.md index f949a3fd6..0365e3c2f 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/cca-attestation.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/cca-attestation.md @@ -8,7 +8,7 @@ layout: learningpathall ## Overview Confidential computing is about protecting data in use. This protection comes from the creation of a security boundary around the computation being performed. This security boundary creates what is called a Trusted Execution Environment (TEE). The data and code that executes within the TEE is protected from the outside world. Different technologies exist for creating this secure boundary. In the case of Arm CCA, the Realm Management Extension (RME), which is part of the Armv9 Architecture for A-profile CPUs, provides the secure boundary. -A secure boundary is necessary for confidential computing, but it is not sufficient alone. There must also be a way to establish trust with the TEE, the target compute environment, that the boundary is protecting. Trusting the environment implicitly does not meet the strict definition of confidential computing. Instead, trust needs to be built by a process that is both explicit and transparent. This process is known as attestation. The role of attestation is described in the Figure 1. +A secure boundary is necessary for confidential computing, but it is not sufficient alone. There must also be a way to establish trust with the TEE, the target compute environment, that the boundary is protecting. Trusting the environment implicitly does not meet the strict definition of confidential computing. Instead, trust needs to be built by a process that is both explicit and transparent. This process is known as attestation. The role of attestation is described in Figure 1. ![Attestation role alt-text#center](./attestation-role.png "Figure 1: The Role of Attestation") diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/evaluate-result.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/evaluate-result.md index af6ad86da..f86747886 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/evaluate-result.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/evaluate-result.md @@ -6,9 +6,9 @@ weight: 7 layout: learningpathall --- -## Build the ARC Tool +## Build the arc tool -You are already familiar with the evcli tool, which you can use to process attestation tokens. There is a very similar tool called `arc`, which you can use to process attestation results. The arc tool is also part of the Veraison project. +You are already familiar with the evcli tool, which you can use to process attestation tokens. There is a very similar tool called `arc`, which you can use to process attestation results. The `arc` tool is also part of the Veraison project. Clone its repository as follows: diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/how-to-use.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/how-to-use.md index fc76620f4..a88cb4e49 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/how-to-use.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/how-to-use.md @@ -8,10 +8,10 @@ layout: learningpathall ## Highlights -Some highlights of using this Learning Path are the following: +These are some highlights of using this Learning Path: -* Practical, hands-on experience with the data formats and workflows associated with attestation, which in turn will help to provide you with a joined-up understanding of the many separate documents and specifications that exist on this topic. +* Code examples that demonstrate some of the common concepts in attestation. -* An opportunity to learn about the common concepts in attestation, supported by code examples as a demonstration. +* Practical, hands-on experience with the data formats and workflows associated with attestation, which help to provide you with a joined-up understanding of the many separate documents and specifications that exist on this topic. -* In advance of the practical sections, a chance to read theoretical overviews of both CCA Attestation and Veraison to help you grasp the basic concepts before progressing to the practical sections. \ No newline at end of file +* Theoretical overviews of both CCA Attestation and Veraison to help you grasp the basic concepts before progressing to the practical sections. \ No newline at end of file diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/veraison.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/veraison.md index 3490c8c1c..22da58e39 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/veraison.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/veraison.md @@ -8,7 +8,9 @@ layout: learningpathall ## Veraison -The tools and services that you will use in this Learning Path derive from an Open-Source project called [Veraison](https://github.com/veraison). Veraison is a project that was founded within Arm but has since been donated to the [Confidential Computing Consortium](https://confidentialcomputing.io/) as an ongoing community project with a growing number of contributors from other organizations. Veraison addresses the verification aspect of attestation. It provides reusable tools and components that can be deployed in the construction of verification services or libraries. +The tools and services that you will use in this Learning Path derive from an Open-Source project called [Veraison](https://github.com/veraison). + +Veraison is a project that was founded within Arm but has since been donated to the [Confidential Computing Consortium](https://confidentialcomputing.io/) as an ongoing community project with a growing number of contributors from other organizations. Veraison addresses the verification aspect of attestation. It provides reusable tools and components that can be deployed in the construction of verification services or libraries. Confidential computing is a new, and fast-growing industry. There are many stakeholders, including: