fixing more acrolinx

Gitprakhar13 · Gitprakhar13 · commit 4c08ef507332 · 2022-10-31T08:17:41.000-07:00
diff --git a/articles/attestation/azure-TPM-VBS-attestation-usage.md b/articles/attestation/azure-TPM-VBS-attestation-usage.md
@@ -12,7 +12,7 @@ ms.custom: tpm attestation
 
 # Using TPM/VBS attestation 
 
-Attestation can be integrated into various applications and services, catering to different use cases. Azure Attestation service, which acts the remote attestation service can be used for desired purposes by updating the attestation policy. The policy engine works as processor, which takes the incoming payload as evidence and performs the validations as authored in the policy. This architecture simplifies the workflow and enables the service owner to purpose build solutions for the varied platforms and use cases.The workflow remains the same as described in [Azure attestation workflow](workflow.md).The attestation policy needs to be crafted as per the validations required.
+Attestation can be integrated into various applications and services, catering to different use cases. Azure Attestation service, which acts the remote attestation service can be used for desired purposes by updating the attestation policy. The policy engine works as processor, which takes the incoming payload as evidence and performs the validations as authored in the policy. This architecture simplifies the workflow and enables the service owner to purpose build solutions for the varied platforms and use cases.The workflow remains the same as described in [Azure attestation workflow](workflow.md). The attestation policy needs to be crafted as per the validations required.
 
 Attesting a platform has its own challenges with its varied components of boot and setup, one needs to rely on a hardware root-of-trust anchor which can be used to verify the first steps of the boot and extend that trust upwards into every layer on your system. A hardware TPM provides such an anchor for a remote attestation solution. Azure Attestation provides a highly scalable measured boot and runtime integrity measurement attestation solution with a revocation framework to give you full control over platform attestation.
 
@@ -65,7 +65,7 @@ Using the [Client](https://github.com/microsoft/Attestation-Client-Samples) to t
 
 Here's a sample of the contents of the attestation report.
 git mv OLD-FILENAME NEW-FILENAME
-:::image type="content" source="./media/sample-decoded-token.jpg" alt-text="Sample decoded token for tpm attestation" lightbox="./media/sample-decoded-token.jpg":::
+:::image type="content" source="./media/sample-decoded-token.jpg" alt-text="Sample decoded token for tpm attestation." lightbox="./media/sample-decoded-token.jpg":::
 
 Using the Open ID [metadata endpoint](/rest/api/attestation/metadata-configuration/get?tabs=HTTP) contains properties, which describe the attestation service.The signing keys describe the keys, which will be used to sign tokens generated by the attestation service. All tokens emitted by the attestation service will be signed by one of the certificates listed in the attestation signing keys.
 
diff --git a/articles/attestation/tpm-attestation-concepts.md b/articles/attestation/tpm-attestation-concepts.md
@@ -109,7 +109,7 @@ c:[type=="boolProperties", issuer=="AttestationPolicy"] => issue(type="Malicious
 
 ## Extending the protection from malicious boot attacks via Integrity Measurement Architecture(IMA) on Linux
 
-Linux systems follow a similar boot process to Windows, and with TPM attestation the protection profile can be extended to beyond boot into the kernel as well using Integrity Measurement Architecture(IMA). IMA subsystem was designed to detect if files have been accidentally or maliciously altered, both remotely and locally, it maintains a runtime measurement list and, if anchored in a hardware Trusted Platform Module(TPM), an aggregate integrity value over this list provides the benefit of resiliency from software attacks. Recent enhancements in the IMA subsystem also allows for non file based attributes to be measured and attested remotely. Azure attestation supports non file based measurements to be attested remotely to provide a holistic view of system integrity.
+Linux systems follow a similar boot process to Windows, and with TPM attestation the protection profile can be extended to beyond boot into the kernel as well using Integrity Measurement Architecture(IMA). IMA subsystem was designed to detect if files have been accidentally or maliciously altered, both remotely and locally, it maintains a runtime measurement list and, if anchored in a hardware Trusted Platform Module(TPM), an aggregate integrity value over this list provides the benefit of resiliency from software attacks. Recent enhancements in the IMA subsystem also allow for non file based attributes to be measured and attested remotely. Azure attestation supports non file based measurements to be attested remotely to provide a holistic view of system integrity.
 
 Enabling IMA with the following ima-policy will enable measurement of non file attributes while still enabling local file integrity attestation.
 
@@ -192,7 +192,7 @@ The two most important ones are:
 
 * Microsoft Platform Crypto Provider: Hardware based which stores keys on a TPM (trusted platform module) and supports CNG as well 
 
-Whenever a Storage provider is used, it’s usually to create a pub/priv key pair that are chained to a root of trust. At creation more properties can also be used to enable certain aspects of the key storage, exportability, etc. Key attestation in this context, is the technical ability to prove to a replying party that a private key was generated inside, and is managed inside, and in a not exportable form. Such attestation clubbed with other information can help protect from credential theft and replay type of attack. 
+Whenever a Storage provider is used, it’s usually to create a pub/priv key pair that is chained to a root of trust. At creation more properties can also be used to enable certain aspects of the key storage, exportability, etc. Key attestation in this context, is the technical ability to prove to a replying party that a private key was generated inside, and is managed inside, and in a not exportable form. Such attestation clubbed with other information can help protect from credential theft and replay type of attack. 
 
 TPMs also provide the capability ability to attest that keys are resident in a TPM, enabling higher security assurance, backed up by non-exportability, anti-hammering, and isolation of keys. A common use case is for applications that issue digital signature certificate for subscriber keys, verifying that the subscribers private signature key is generated and managed in an approved TPM.
 One can easily attest to the fact the keys are resident in a valid TPM with appropriate Nonexportability flags using a policy as below.
diff --git a/articles/attestation/tpm-attestation-sample-policies.md b/articles/attestation/tpm-attestation-sample-policies.md
@@ -79,7 +79,7 @@ c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="elamDriverL
 };
 
 ```
-### Attestation policy to authorize only those TPMs that match known PCR hashs.
+### Attestation policy to authorize only those TPMs that match known PCR hashes.
 
 ```
 version=1.2;
