don't promote Trusted Launch for now

CHANGELOG.md

@@ -45,6 +45,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 <!-- For now removed features. -->
 - `access-manager` was removed from code base. K8s native way to SSH into nodes documented.
 - `SSHUsers` has been removed from the user configuration following the removal of `access-manager`.
+- Azure Trusted Launch support. May come back in the future.
 
 ### Fixed
 

docs/docs/getting-started/first-steps.md

@@ -226,11 +226,13 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step
     </tabItem>
     </tabs>
 
+<!--
     :::info
 
     In case you don't have access to CVMs on Azure, you may use less secure  [trusted launch VMs](../workflows/trusted-launch.md) instead. For this, set **confidentialVM** to `false` in the configuration file.
 
     :::
+-->
 
 3. Create the cluster with one control-plane node and two worker nodes. `constellation create` uses options set in `constellation-conf.yaml`.
 

docs/sidebars.js

@@ -158,11 +158,11 @@ const sidebars = {
           label: 'Use persistent storage',
           id: 'workflows/storage',
         },
-        {
+        // {
-          type: 'doc',
+        //   type: 'doc',
-          label: 'Use Azure trusted launch VMs',
+        //   label: 'Use Azure trusted launch VMs',
-          id: 'workflows/trusted-launch',
+        //   id: 'workflows/trusted-launch',
-        },
+        // },
         {
           type: 'doc',
           label: 'Consume SBOMs',

internal/config/config.go

@@ -155,7 +155,7 @@ type AzureConfig struct {
 	//   Deploy Azure Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage
 	DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"`
 	// description: |
-	//   Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview
+	//   Use Confidential VMs. Always needs to be true.
 	ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"`
 	// description: |
 	//   Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob.

internal/config/config_doc.go

@@ -231,8 +231,8 @@ func init() {
 	AzureConfigDoc.Fields[10].Name = "confidentialVM"
 	AzureConfigDoc.Fields[10].Type = "bool"
 	AzureConfigDoc.Fields[10].Note = ""
-	AzureConfigDoc.Fields[10].Description = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
+	AzureConfigDoc.Fields[10].Description = "Use Confidential VMs. Always needs to be true."
-	AzureConfigDoc.Fields[10].Comments[encoder.LineComment] = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
+	AzureConfigDoc.Fields[10].Comments[encoder.LineComment] = "Use Confidential VMs. Always needs to be true."
 	AzureConfigDoc.Fields[11].Name = "secureBoot"
 	AzureConfigDoc.Fields[11].Type = "bool"
 	AzureConfigDoc.Fields[11].Note = ""