docs/runtime: Update attestation documentation #6426
Description
Update out-dated runtime host protocol documentation, with a focus on attestation.
Finally, given that Remote Attestation is completely Intel specific it would be nice to expand on:
- Why we still only support Intel:
- Rn this is intentional as it gives by far the most security guarantees (be concrete what others lack).
- Overview of the architectural enclaves (AE) and explain why such architecture is needed.
- This is critical for understanding attestation flow, attestation values and policy parameters.
- Should be a separate chapter, e.g. recommended reading prior to reading RHP attestation chapter.
- Link specific architectural enclaves (e.g. QE, PCE) from 2. to RHP attestation steps.
Motivation:
Continuous TEE attestation together with on-chain policy and verification are of one the main value propositions of our protocol. Hence, we should take special effort at documenting them.
This enables:
- Articles/guides to directly reference deep technical documentation (e.g. Merge @ptrus explanation of TEE verification to docs docs#1524).
- Eases protocol audit for (technical) external partners / users that want to start building (and trust) Oasis.
- Set-up-tee or troubleshooting sections to directly link to the problematic concepts so that operator/auditor can understand what and why.
- On-boarding, reference speakers can use etc.
Plan of attack / ETA
I am hoping to start working on this in Q1/2 after merging some attestation related PRs which should give me a solid understanding of the concepts above.
Prior to that, PRs, ideas how to organize things and what to focus on are welcome!
Also happy to make sub-issues. E.g. Outdated RHP attestation specific stuff could be updated relatively fast.