feat: update signing key generation and image tagging for TEE application

Author: Le-Caignec

src/guides/build-iapp/advanced/create-your-first-sgx-app.md

@@ -74,6 +74,19 @@ chmod +x sconify.sh
 
 ## Build the TEE docker image
 
+Before wrapping your iExec confidential application with Scone, you need to
+generate a custom signing key. This key is required for the sconification
+process and will be referenced in the Docker command below.
+
+Generate your enclave signing key with:
+
+```bash
+openssl genrsa -3 -out enclave-key.pem 3072
+```
+
+This will create an `enclave-key.pem` file in your current directory. You will
+use this file in the sconify Docker command to sign your TEE image.
+
 We will use the following script to wrap the sconification process, copy the
 `sconify.sh` script in the current directory:
 
@@ -88,10 +101,11 @@ ENTRYPOINT="node /app/app.js"
 # Declare image related variables
 IMG_NAME=tee-scone-hello-world
 IMG_FROM=<docker-hub-user>/hello-world:1.0.0
-IMG_TO=<docker-hub-user>/${IMG_NAME}:1.0.0-debug
+IMG_TO=<docker-hub-user>/${IMG_NAME}:1.0.0
 
 # Run the sconifier to build the TEE image based on the non-TEE image
 docker run -it --rm \
+            -v $PWD/enclave-key.pem:/sig/enclave-key.pem \
             -v /var/run/docker.sock:/var/run/docker.sock \
             registry.scontain.com/scone-production/iexec-sconify-image:5.9.1-v16\
             sconify_iexec \
@@ -122,10 +136,11 @@ ENTRYPOINT="python3 /app/app.py"
 # Declare image related variables
 IMG_NAME=tee-scone-hello-world
 IMG_FROM=<docker-hub-user>/hello-world:1.0.0
-IMG_TO=<docker-hub-user>/${IMG_NAME}:1.0.0-debug
+IMG_TO=<docker-hub-user>/${IMG_NAME}:1.0.0
 
 # Run the sconifier to build the TEE image based on the non-TEE image
 docker run -it \
+            -v $PWD/enclave-key.pem:/sig/enclave-key.pem \
             -v /var/run/docker.sock:/var/run/docker.sock \
             registry.scontain.com/scone-production/iexec-sconify-image:5.9.1-v16\
             sconify_iexec \
@@ -158,21 +173,11 @@ Run the `sconify.sh` script to build the Scone TEE application:
 Push your image on DockerHub:
 
 ```bash
-docker push <docker-hub-user>/tee-scone-hello-world:1.0.0-debug
+docker push <docker-hub-user>/tee-scone-hello-world:1.0.0
 ```
 
 Congratulations, you just built your Scone TEE application.
 
-::: info
-
-You may have noticed the `tee-debug` flag in the image name, the built image is
-actually in TEE debug mode, this allows you to have some debug features while
-developing the app.
-
-Once you are happy with the debug app, contact us to go to production!
-
-:::
-
 ## Test your app on iExec
 
 At this stage, your application is ready to be tested on iExec. The process is
@@ -198,7 +203,7 @@ Edit `iexec.json` and fill in the standard keys and the `mrenclave` object:
     "owner": "<your-wallet-address>", // starts with 0x
     "name": "tee-scone-hello-world", // application name
     "type": "DOCKER",
-    "multiaddr": "docker.io/<docker-hub-user>/tee-scone-hello-world:1.0.0-debug", // app image
+    "multiaddr": "docker.io/<docker-hub-user>/tee-scone-hello-world:1.0.0", // app image
     "checksum": "<checksum>", // starts with 0x, update it with your own image digest
     "mrenclave": {
       "framework": "SCONE", // TEE framework (keep default value)
@@ -225,7 +230,7 @@ Run your TEE image with `SCONE_HASH=1` to get the enclave fingerprint
 (mrenclave):
 
 ```bash
-docker run --rm -e SCONE_HASH=1 <docker-hub-user>/tee-scone-hello-world:1.0.0-debug
+docker run --rm -e SCONE_HASH=1 <docker-hub-user>/tee-scone-hello-world:1.0.0
 ```
 
 :::