From 1a75380388c407e1ab2e54f0fd7bfa404ebeee97 Mon Sep 17 00:00:00 2001
From: Moritz Eckert <m1gh7ym0@gmail.com>
Date: Fri, 8 Mar 2024 18:43:48 +0100
Subject: [PATCH] docs: update stackit clouds and attestation

---
 docs/docs/architecture/attestation.md                      | 7 +++++--
 docs/docs/overview/clouds.md                               | 2 +-
 docs/styles/config/vocabularies/edgeless/accept.txt        | 1 +
 .../version-2.16/architecture/attestation.md               | 7 +++++--
 docs/versioned_docs/version-2.16/overview/clouds.md        | 2 +-
 5 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/docs/docs/architecture/attestation.md b/docs/docs/architecture/attestation.md
index d849229d8..d7e857ab5 100644
--- a/docs/docs/architecture/attestation.md
+++ b/docs/docs/architecture/attestation.md
@@ -251,13 +251,15 @@ You may customize certain parameters for verification of the attestation stateme
 </tabItem>
 <tabItem value="gcp" label="GCP">
 
+On GCP, AMD SEV-ES is used to provide runtime encryption to the VMs.
+The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements).
 There is no additional configuration available for GCP.
 
 </tabItem>
 <tabItem value="aws" label="AWS">
 
 On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs.
-An SEV-SNP attestation report is used to establish trust in the VM and it's vTPM.
+An SEV-SNP attestation report is used to establish trust in the VM.
 You may customize certain parameters for verification of the attestation statement using the Constellation config file.
 
 * TCB versions
@@ -279,7 +281,8 @@ You may customize certain parameters for verification of the attestation stateme
 <tabItem value="stackit" label="STACKIT">
 
 On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs.
-A TPM attestation report is used to establish trust in the VM.
+The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements).
+There is no additional configuration available for STACKIT.
 
 </tabItem>
 </tabs>
diff --git a/docs/docs/overview/clouds.md b/docs/docs/overview/clouds.md
index b65f8d471..b2de81e4b 100644
--- a/docs/docs/overview/clouds.md
+++ b/docs/docs/overview/clouds.md
@@ -55,7 +55,7 @@ Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and ca
 
 ## STACKIT
 
-STACKIT supports AMD SEV-ES.
+[STACKIT Compute Engine](https://www.stackit.de/en/product/stackit-compute-engine/) supports AMD SEV-ES. A vTPM is used for measured boot, which is a vTPM managed by STACKIT's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB.
 
 ## OpenStack
 
diff --git a/docs/styles/config/vocabularies/edgeless/accept.txt b/docs/styles/config/vocabularies/edgeless/accept.txt
index 6220f0553..26fa0d0c9 100644
--- a/docs/styles/config/vocabularies/edgeless/accept.txt
+++ b/docs/styles/config/vocabularies/edgeless/accept.txt
@@ -63,6 +63,7 @@ rollout
 SBOM
 sigstore
 SSD
+STACKIT
 superset
 Syft
 systemd
diff --git a/docs/versioned_docs/version-2.16/architecture/attestation.md b/docs/versioned_docs/version-2.16/architecture/attestation.md
index d849229d8..d7e857ab5 100644
--- a/docs/versioned_docs/version-2.16/architecture/attestation.md
+++ b/docs/versioned_docs/version-2.16/architecture/attestation.md
@@ -251,13 +251,15 @@ You may customize certain parameters for verification of the attestation stateme
 </tabItem>
 <tabItem value="gcp" label="GCP">
 
+On GCP, AMD SEV-ES is used to provide runtime encryption to the VMs.
+The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements).
 There is no additional configuration available for GCP.
 
 </tabItem>
 <tabItem value="aws" label="AWS">
 
 On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs.
-An SEV-SNP attestation report is used to establish trust in the VM and it's vTPM.
+An SEV-SNP attestation report is used to establish trust in the VM.
 You may customize certain parameters for verification of the attestation statement using the Constellation config file.
 
 * TCB versions
@@ -279,7 +281,8 @@ You may customize certain parameters for verification of the attestation stateme
 <tabItem value="stackit" label="STACKIT">
 
 On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs.
-A TPM attestation report is used to establish trust in the VM.
+The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements).
+There is no additional configuration available for STACKIT.
 
 </tabItem>
 </tabs>
diff --git a/docs/versioned_docs/version-2.16/overview/clouds.md b/docs/versioned_docs/version-2.16/overview/clouds.md
index b65f8d471..b2de81e4b 100644
--- a/docs/versioned_docs/version-2.16/overview/clouds.md
+++ b/docs/versioned_docs/version-2.16/overview/clouds.md
@@ -55,7 +55,7 @@ Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and ca
 
 ## STACKIT
 
-STACKIT supports AMD SEV-ES.
+[STACKIT Compute Engine](https://www.stackit.de/en/product/stackit-compute-engine/) supports AMD SEV-ES. A vTPM is used for measured boot, which is a vTPM managed by STACKIT's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB.
 
 ## OpenStack