docs: document STACKIT CC features

docs/docs/architecture/attestation.md

@@ -275,6 +275,12 @@ You may customize certain parameters for verification of the attestation stateme
   This is the intermediate certificate for verifying the SEV-SNP report's signature.
   If it's not specified, the CLI fetches it from the AMD key distribution server.
 
+</tabItem>
+<tabItem value="stackit" label="STACKIT">
+
+On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs.
+A TPM attestation report is used to establish trust in the VM.
+
 </tabItem>
 </tabs>
 

docs/docs/overview/clouds.md

@@ -14,13 +14,13 @@ For Constellation, the ideal environment provides the following:
 
 The following table summarizes the state of features for different infrastructures as of June 2023.
 
-| **Feature**                       | **Azure** | **GCP** | **AWS** | **OpenStack (Yoga)** |
+| **Feature**                       | **Azure** | **GCP** | **AWS** |  **STACKIT** | **OpenStack (Yoga)** |
-|-----------------------------------|-----------|---------|---------|----------------------|
+|-----------------------------------|-----------|---------|---------|--------------|----------------------|
-| **1. Custom images**              | Yes       | Yes     | Yes     | Yes                  |
+| **1. Custom images**              | Yes       | Yes     | Yes     | Yes          | Yes                  |
-| **2. SEV-SNP or TDX**             | Yes       | Yes     | Yes     | Depends on kernel/HV |
+| **2. SEV-SNP or TDX**             | Yes       | Yes     | Yes     | No           | Depends on kernel/HV |
-| **3. Raw guest attestation**      | Yes       | Yes     | Yes     | Depends on kernel/HV |
+| **3. Raw guest attestation**      | Yes       | Yes     | Yes     | No           | Depends on kernel/HV |
-| **4. Reviewable firmware**        | No        | No      | Yes     | Depends on kernel/HV |
+| **4. Reviewable firmware**        | No        | No      | Yes     | No           | Depends on kernel/HV |
-| **5. Confidential measured boot** | Yes       | No      | No      | Depends on kernel/HV |
+| **5. Confidential measured boot** | Yes       | No      | No      | No           | Depends on kernel/HV |
 
 ## Microsoft Azure
 
@@ -53,6 +53,10 @@ However, regarding (5), attestation is partially based on the [NitroTPM](https:/
 Hence, the hypervisor is currently part of Constellation's TCB.
 Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built.
 
+## STACKIT
+
+STACKIT supports AMD SEV-ES.
+
 ## OpenStack
 
 OpenStack is an open-source cloud and infrastructure management software. It's used by many smaller CSPs and datacenters. In the latest *Yoga* version, OpenStack has basic support for CVMs. However, much depends on the employed kernel and hypervisor. Features (2)--(4) are likely to be a *Yes* with Linux kernel version 6.2. Thus, going forward, OpenStack on corresponding AMD or Intel hardware will be a viable underpinning for Constellation.

docs/versioned_docs/version-2.16/architecture/attestation.md

@@ -275,6 +275,12 @@ You may customize certain parameters for verification of the attestation stateme
   This is the intermediate certificate for verifying the SEV-SNP report's signature.
   If it's not specified, the CLI fetches it from the AMD key distribution server.
 
+</tabItem>
+<tabItem value="stackit" label="STACKIT">
+
+On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs.
+A TPM attestation report is used to establish trust in the VM.
+
 </tabItem>
 </tabs>
 

docs/versioned_docs/version-2.16/overview/clouds.md

@@ -14,13 +14,13 @@ For Constellation, the ideal environment provides the following:
 
 The following table summarizes the state of features for different infrastructures as of June 2023.
 
-| **Feature**                       | **Azure** | **GCP** | **AWS** | **OpenStack (Yoga)** |
+| **Feature**                       | **Azure** | **GCP** | **AWS** |  **STACKIT** | **OpenStack (Yoga)** |
-|-----------------------------------|-----------|---------|---------|----------------------|
+|-----------------------------------|-----------|---------|---------|--------------|----------------------|
-| **1. Custom images**              | Yes       | Yes     | Yes     | Yes                  |
+| **1. Custom images**              | Yes       | Yes     | Yes     | Yes          | Yes                  |
-| **2. SEV-SNP or TDX**             | Yes       | Yes     | Yes     | Depends on kernel/HV |
+| **2. SEV-SNP or TDX**             | Yes       | Yes     | Yes     | No           | Depends on kernel/HV |
-| **3. Raw guest attestation**      | Yes       | Yes     | Yes     | Depends on kernel/HV |
+| **3. Raw guest attestation**      | Yes       | Yes     | Yes     | No           | Depends on kernel/HV |
-| **4. Reviewable firmware**        | No        | No      | Yes     | Depends on kernel/HV |
+| **4. Reviewable firmware**        | No        | No      | Yes     | No           | Depends on kernel/HV |
-| **5. Confidential measured boot** | Yes       | No      | No      | Depends on kernel/HV |
+| **5. Confidential measured boot** | Yes       | No      | No      | No           | Depends on kernel/HV |
 
 ## Microsoft Azure
 
@@ -53,6 +53,10 @@ However, regarding (5), attestation is partially based on the [NitroTPM](https:/
 Hence, the hypervisor is currently part of Constellation's TCB.
 Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built.
 
+## STACKIT
+
+STACKIT supports AMD SEV-ES.
+
 ## OpenStack
 
 OpenStack is an open-source cloud and infrastructure management software. It's used by many smaller CSPs and datacenters. In the latest *Yoga* version, OpenStack has basic support for CVMs. However, much depends on the employed kernel and hypervisor. Features (2)--(4) are likely to be a *Yes* with Linux kernel version 6.2. Thus, going forward, OpenStack on corresponding AMD or Intel hardware will be a viable underpinning for Constellation.