Refining

madeline-underwood · madeline-underwood · commit 19868c3f2139 · 2025-09-08T21:35:22.000Z
diff --git a/content/learning-paths/servers-and-cloud-computing/cca-trustee/cca-trustee.md b/content/learning-paths/servers-and-cloud-computing/cca-trustee/cca-trustee.md
@@ -25,7 +25,7 @@ processing, is a common practice in confidential computing.
 This Learning Path is similar to
 [Run an end-to-end Attestation Flow with Arm CCA](/learning-paths/servers-and-cloud-computing/cca-essentials/).
 
-The main difference is that, instead of the KBS from the [Veraison](https://github.com/veraison) project, you will use components implemented in the [Confidential Containers (CoCo)](https://github.com/confidential-containers) to support the [IETF RATS model](https://datatracker.ietf.org/doc/rfc9334/) (Remote ATtestation procedureS). These components include the Attestation Service (AS), Key Broker Service (KBS), Reference Value Provider Service (RVPS), Attestation Agent (AA), and Confidential Data Hub (CDH).
+The main difference is that, instead of the KBS from the [Veraison](https://github.com/veraison) project, you will use components implemented in the [Confidential Containers (CoCo) Project](https://github.com/confidential-containers) to support the [IETF RATS model](https://datatracker.ietf.org/doc/rfc9334/) (Remote ATtestation procedureS). These components include the Attestation Service (AS), Key Broker Service (KBS), Reference Value Provider Service (RVPS), Attestation Agent (AA), and Confidential Data Hub (CDH).
 The AS, KBS, and RVPS components are part of the [Trustee project](https://github.com/confidential-containers/trustee),
 whereas the AA and CDH are part of the [Guest Components](https://github.com/confidential-containers/guest-components) project in CoCo.
 
@@ -84,11 +84,10 @@ RVPS verifies, stores, and provides reference values. It receives inputs from th
 
 Guest components run inside the realm (TEE). In RATS terms, these components act as the **Attester**.
 
-For simplicity instead of Attestation Agent (AA) and Confidential Data Hub (CDH)
-you will use [KBS Client Tool](https://github.com/confidential-containers/trustee/tree/main/tools/kbs-client).
+For simplicity, instead of Attestation Agent (AA) and Confidential Data Hub (CDH), you will use the [KBS Client Tool](https://github.com/confidential-containers/trustee/tree/main/tools/kbs-client).
 
 This is a simple client for the KBS that facilitates basic attestation flows.
-You will run this tool inside of a realm to make requests for an attestation result token (EAR) and a secret.
+You will run this tool in a realm to make requests for an attestation result token (EAR) and a secret.
 
 The client tool can also be used to provision the KBS/AS with resources and policies.
 
diff --git a/content/learning-paths/servers-and-cloud-computing/cca-trustee/flow.md b/content/learning-paths/servers-and-cloud-computing/cca-trustee/flow.md
@@ -7,10 +7,10 @@ weight: 3 # 1 is first, 2 is second, etc.
 # Do not modify these elements
 layout: "learningpathall"
 ---
+## Overview
+In this section you’ll run the **Trustee services** (AS, KBS, RVPS), launch a **CCA realm** on **Arm FVP**, generate attestation evidence, and request a secret. You’ll intentionally fail the first request to see how **attestation policy** gates secret release, then **endorse the realm initial measurement (RIM)**, re-attest, and successfully retrieve the secret.
 
-## Run Trustee services
-
-### Prerequisites
+## Install dependencies
 
 Install Docker. On Ubuntu 24.04 LTS, set up Docker’s APT repository:
 
@@ -75,7 +75,7 @@ docker compose up -d
  ✔ Container cca-trustee-kbs-client-1  Started
 ```
 
-While running the demo you can also check logs of the Trustee services in this termimal:
+While running the demo you can also check logs of the Trustee services in this terminal:
 ``` bash
 docker compose logs <service>
 ```
@@ -147,6 +147,7 @@ Run the attestation command and save the EAT Attestation Result (EAR) message in
 ```
 
 Request the demo secret with that EAR:
+
 ```bash./kbs-client --url http://kbs:8080 get-resource \
   --tee-key-file realm.key --attestation-token ear.jwt \
   --path "cca-trustee/demo-message/message.txt"
@@ -276,7 +277,7 @@ Verify that the new EAR now contains `affirming` status:
             "ear.status": "affirming",
 ```
 
-and `affirming` result for the `Executables` trustworthness vector:
+and `affirming` result for the `Executables` trustworthiness vector:
 ```bash { output_lines = "2-11" }
 ./arc verify ear.jwt |grep -A10 "trustworthiness vectors"
 [trustworthiness vectors]
