mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
Update docs (#2982)
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
This commit is contained in:
parent
85b44f7f57
commit
1334b84c2e
@ -33,7 +33,7 @@ Encrypting your K8s is good for:
|
||||
|
||||
### 🔒 Everything always encrypted
|
||||
|
||||
* Runtime encryption: All nodes run inside AMD SEV-based Confidential VMs (CVMs). Support for Intel TDX will be added in the future.
|
||||
* Runtime encryption: All nodes run inside Confidential VMs (CVMs) based on AMD SEV or Intel TDX.
|
||||
* Transparent encryption of network: All [pod-to-pod traffic is automatically encrypted][network-encryption]
|
||||
* Transparent encryption of storage: All writes to persistent storage are automatically encrypted.
|
||||
This includes [nodes' state disks][storage-encryption], [persistent volumes via CSI][csi], and [S3 object storage][s3proxy].
|
||||
|
@ -346,7 +346,7 @@ A user can [verify](../workflows/verify-cluster.md) this statement and compare t
|
||||
So far, this page described how an entire Constellation cluster can be verified using hardware attestation capabilities and runtime measurements.
|
||||
The last missing link is how the ground truth in the form of runtime measurements can be securely distributed to the verifying party.
|
||||
|
||||
The build process of Constellation images also creates the ground truth runtime measurements. <!-- soon: The builds of Constellation images are reproducible and the measurements of an image can be recalculated and verified by everyone. -->
|
||||
The build process of Constellation images also creates the ground truth runtime measurements. The builds of Constellation images are reproducible and the measurements of an image can be recalculated and verified by everyone.
|
||||
With every release, Edgeless Systems publishes signed runtime measurements.
|
||||
|
||||
The CLI executable is also signed by Edgeless Systems.
|
||||
|
@ -346,7 +346,7 @@ A user can [verify](../workflows/verify-cluster.md) this statement and compare t
|
||||
So far, this page described how an entire Constellation cluster can be verified using hardware attestation capabilities and runtime measurements.
|
||||
The last missing link is how the ground truth in the form of runtime measurements can be securely distributed to the verifying party.
|
||||
|
||||
The build process of Constellation images also creates the ground truth runtime measurements. <!-- soon: The builds of Constellation images are reproducible and the measurements of an image can be recalculated and verified by everyone. -->
|
||||
The build process of Constellation images also creates the ground truth runtime measurements. The builds of Constellation images are reproducible and the measurements of an image can be recalculated and verified by everyone.
|
||||
With every release, Edgeless Systems publishes signed runtime measurements.
|
||||
|
||||
The CLI executable is also signed by Edgeless Systems.
|
||||
|
Loading…
Reference in New Issue
Block a user