Merge pull request #235319 from pkhandavilli/patch-1

Court72 · web-flow · commit 462dd37cac6e · 2023-04-24T15:14:36.000-06:00
Fixing broken link
diff --git a/articles/container-instances/TOC.yml b/articles/container-instances/TOC.yml
@@ -77,7 +77,7 @@
     href: container-instances-virtual-network-concepts.md
   - name: Confidential container groups
     href: container-instances-confidential-overview.md
-  - name: Attestation in Confidential container 
+  - name: Attestation in Confidential containers
     href: confidential-containers-attestation-concepts.md 
 - name: How-to guides
   items:
diff --git a/articles/container-instances/confidential-containers-attestation-concepts.md b/articles/container-instances/confidential-containers-attestation-concepts.md
@@ -9,7 +9,7 @@ services: container-instances
 ms.date: 04/20/2023
 ---
 
-# What is attestation?
+# Attestation in Confidential containers on Azure Container Instances 
 
 Attestation is an essential part of confidential computing and appears in the definition by the Confidential Computing Consortium “Confidential Computing is the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment."
 
@@ -21,20 +21,20 @@ In Confidential Containers on ACI you can use an attestation token to verify tha
 - Is running on an Azure compliant utility VM.
 - Is enforcing the expected confidential computing enforcement policy (cce) that was generated using [tooling](https://github.com/Azure/azure-cli-extensions/blob/main/src/confcom/azext_confcom/README.md).
 
-## Full attestation in confidential containers on Azure Container Instances 
+## Full attestation 
 
-Expanding upon this concept of attestation. Full attestation captures all the components that are part of the Trusted Execution Environment that is remotely verifiable. To achieve full attestation, in Confidential Containers, we have introduced the notion of a cce policy, which defines a set of rules, which is enforced in the utility VM. The security policy is encoded in the attestation report as an SHA-256 digest stored in the HostData attribute, as provided to the PSP by the host operating system during the VM boot-up. This means that the security policy enforced by the utility VM is immutable throughout the lifetime of the utility VM.
+Expanding upon this concept of attestation. Full attestation captures all the components that are part of the Trusted Execution Environment that is remotely verifiable. To achieve full attestation, in Confidential Containers, we have introduced the notion of a cce policy, which defines a set of rules, which is enforced in the utility VM. The security policy is encoded in the attestation report as an SHA-256 digest stored in the HostData attribute, as provided to the AMD SEV-SNP hardware by the host operating system during the VM boot-up. This means that the security policy enforced by the utility VM is immutable throughout the lifetime of the utility VM.
 
-The exhaustive list of attributes that are part of the SEV-SNP attestation can be found [here](https://www.amd.com/system/files/TechDocs/SEV-SNP%20PSP%20API%20Specification.pdf).
+The exhaustive list of attributes that are part of the SEV-SNP attestation can be found [here](https://www.amd.com/system/files/TechDocs/56860.pdf).
 
 Some important fields to consider in an attestation token returned by [Microsoft Azure Attestation ( MAA )](../attestation/overview.md) 
 
-| Claim                     | Sample value                                                | Description |
-|---------------------------|-------------------------------------------------------------|-------------|
-| x-ms-attestation-type     | sevsnpvm                                                    | String value that describes the attestation type. For example, in this scenario sevsnp hardware |
-| x-ms-compliance-status    | azure-compliant-uvm                                         | Compliance status of the utility VM that runs the container group. |
-| x-ms-sevsnpvm-hostdata    | 670fff86714a650a49b58fadc1e90fedae0eb32dd51e34931c1e7a1839c08f6f | Hash of the cce policy that was generated during deployment. |
-| x-ms-sevsnpvm-is-debuggable | false                                                     | Flag to indicate whether the underlying hardware is running in debug mode |
+|            Claim            |                           Sample value                           |                                           Description                                           |
+|:---------------------------:|:----------------------------------------------------------------:|:-----------------------------------------------------------------------------------------------:|
+| x-ms-attestation-type       | sevsnpvm                                                         | String value that describes the attestation type. For example, in this scenario sevsnp hardware |
+| x-ms-compliance-status      | azure-compliant-uvm                                              | Compliance status of the utility VM that runs the container group.                              |
+| x-ms-sevsnpvm-hostdata      | 670fff86714a650a49b58fadc1e90fedae0eb32dd51e34931c1e7a1839c08f6f | Hash of the cce policy that was generated using tooling during deployment.                      |
+| x-ms-sevsnpvm-is-debuggable | false                                                            | Flag to indicate whether the underlying hardware is running in debug mode                       |
 
 ## Sample attestation token generated by MAA
 
