fixup! Updating the documentation so it is consistent with my changes…

… and the updates from the team.

Changes corresponding to comments from Dmitrii.

Signed-off-by: Benny Fuhry <benny.fuhry@intel.com>

Documentation/cloud-deployment.rst

@@ -42,7 +42,9 @@ Prepare a signing key
 
 Only prepare a signing key if you haven't already done so.::
 
-The following command generates an |~| RSA 3072 key suitable for signing SGX enclaves and stores it in :file:`{HOME}/.config/gramine/enclave-key.pem`. Protect this key and do not disclose it to anyone:: 
+The following command generates an |~| RSA 3072 key suitable for signing SGX
+enclaves and stores it in :file:`{HOME}/.config/gramine/enclave-key.pem`.
+Protect this key and do not disclose it to anyone::
 
    gramine-sgx-gen-private-key
 
@@ -66,4 +68,4 @@ Run the HelloWorld example with SGX::
 
    cd gramine/CI-Examples/helloworld
    make SGX=1
-   gramine-sgx helloworld
+   gramine-sgx helloworld

Documentation/conf.py

@@ -50,7 +50,6 @@
     'sphinx.ext.napoleon',
     'sphinx.ext.todo',
     'sphinx_rtd_theme',
-    'sphinx.ext.autosectionlabel',
 ]
 
 # Add any paths that contain templates here, relative to this directory.

Documentation/curated-installation.rst

@@ -3,12 +3,18 @@
 Ready-made confidential protected images
 ========================================
 
-Confidential Compute images with Gramine are ready-made solutions for popular open-source projects such as PyTorch and Redis. Customize your environment through Interactive scripts. The result is a curated, confidentially protected Gramine image that includes your specific machine-learning application, common dependencies, and a manifest file that specifies security policies to enforce for your workload.
+Confidential Compute images with Gramine are ready-made solutions for popular
+open-source projects such as PyTorch and Redis. Customize your environment
+through Interactive scripts. The result is a curated, confidentially protected
+Gramine image that includes your specific machine-learning application, common
+dependencies, and a manifest file that specifies security policies to enforce
+for your workload.
 
 .. note::
-    These confidential compute images only run on machines that support Intel SGX.
+    These confidential compute images only run on machines that support Intel
+    SGX.
 
 Current list of solutions and installation instructions:
 
 - `Redis <https://github.com/gramineproject/contrib/tree/master/Curated-Apps/workloads/redis>`_
-- `PyTorch <https://github.com/gramineproject/contrib/tree/master/Curated-Apps/workloads/pytorch>`_
+- `PyTorch <https://github.com/gramineproject/contrib/tree/master/Curated-Apps/workloads/pytorch>`_

Documentation/custom-installation.rst

@@ -3,15 +3,21 @@
 Install Gramine on your system
 ==============================
 
-Install Gramine and all components on your system. Select this option if you have an existing application and you want to take advantage of SGX without making modifications. This option requires you to create your own manifest.
+Install Gramine and all components on your system. Select this option if you
+have an existing application and you want to take advantage of SGX without
+making modifications. This option requires you to create your own manifest.
 
-**Select** :doc:`quickstart` instructions to quickly install and run Gramine. For full build instructions, see :doc:`devel/building`.
+**Select** :doc:`quickstart` instructions to quickly install and run Gramine.
+For full build instructions, see :doc:`devel/building`.
 
 
 Gramine Docker image
 --------------------
 
-If you opt to build Gramine, you can install Gramine from a Docker container that you build which includes an OS packaged with Gramine binaries. The container includes everything that's included in the installation. This option requires you to create your own manifest.
+If you opt to build Gramine, you can install Gramine from a Docker container
+that you build which includes an OS packaged with Gramine binaries. The
+container includes everything that's included in the installation. This option
+requires you to create your own manifest.
 
 Cloud cloud-deployment
 ----------------------
@@ -27,4 +33,4 @@ Refer to the following as you configure and develop Gramine.
 - :doc:`configuration-index`
 - :doc:`developer-index`
 - :doc:`tutorials-index`
-- :doc:`concepts-index`
+- :doc:`concepts-index`

Documentation/devel/building.rst

@@ -17,13 +17,16 @@ performance reasons. Both patched glibc and patched musl are built by default.
 Gramine currently only works on the x86_64 architecture. Gramine is currently
 tested on Ubuntu 18.04/20.04, along with Linux kernel version 5.x. We recommend
 building and installing Gramine on Ubuntu with Linux kernel version 5.11 or
-higher. If you find problems with Gramine on other Linux distributions, 
+higher. If you find problems with Gramine on other Linux distributions,
 contact us with a |~| detailed `bug report
 <https://github.com/gramineproject/gramine/issues/new>`__.
 
 **Install from a Docker container**
 
-If you opt to build Gramine, you can install Gramine from a Docker container you build that includes an OS packaged with Gramine binaries. The container includes everything that's included in the custom installation. You must create your own manifest. Go to :doc:`docker-image-installation`.
+If you opt to build Gramine, you can install Gramine from a Docker container
+you build that includes an OS packaged with Gramine binaries.
+The container includes everything that's included in the custom installation.
+You must create your own manifest. Go to :doc:`docker-image-installation`.
 
 Install dependencies
 --------------------
@@ -269,20 +272,23 @@ Additional build options
   take a long time: unfortunately, the only supported way of building
   ``libgomp`` is as part of a complete GCC build.
 
-.. _FSGSBASE:
-
 Prepare a signing key
 ---------------------
 
-These instructions are only required for systems using Intel® SGX that have not already created a signing key.
+These instructions are only required for systems using Intel® SGX that have not
+already created a signing key.
 
    - If your system is not using Intel® SGX, skip this step.
 
-   - If your system is using Intel® SGX and you already created a signing key, skip this step. 
+   - If your system is using Intel® SGX and you already created a signing key,
+     skip this step.
 
-   - If your system is using Intel® SGX and have not created a signing key, follow the instructions below. 
+   - If your system is using Intel® SGX and have not created a signing key,
+     follow the instructions below.
 
-The following command generates an |~| RSA 3072 key suitable for signing SGX enclaves and stores it in :file:`{HOME}/.config/gramine/enclave-key.pem`. Protect this key and do not disclose it to anyone:: 
+The following command generates an |~| RSA 3072 key suitable for signing SGX
+enclaves and stores it in :file:`{HOME}/.config/gramine/enclave-key.pem`.
+Protect this key and do not disclose it to anyone::
 
    gramine-sgx-gen-private-key
 
@@ -420,8 +426,7 @@ instructions ensure that the resulting kernel has FSGSBASE support.
 
 After the patched Linux kernel is installed, you may proceed with installations
 of other SGX software infrastructure: the Intel SGX Linux driver, the Intel SGX
-SDK/PSW, and Gramine itself.  
-
+SDK/PSW, and Gramine itself.
 
 2. Install the Intel SGX driver
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -446,4 +451,4 @@ Note that this is an inadvisable configuration for production systems.
 Alternatively, if your CPU supports :term:`FLC`, you can choose to install the
 DCAP version of the Intel SGX driver from:
 
-- https://github.com/intel/SGXDataCenterAttestationPrimitives
+- https://github.com/intel/SGXDataCenterAttestationPrimitives

Documentation/environment-setup.rst

@@ -13,14 +13,18 @@ Gramine with SGX support requires several features from your system:
 
 - Intel SGX SDK/PSW and (optionally) Intel DCAP must be installed.
 
-If your system doesn’t meet these requirements, please refer to more detailed descriptions in :doc:`devel/building`.
+If your system doesn’t meet these requirements, please refer to more detailed
+descriptions in :doc:`devel/building`.
 
 Check for SGX compatibility
 ===========================
 
-We supply a tool, `is-sgx-available <https://deb-intel.github.io/GramineTest/manpages/is-sgx-available.html>`_ that checks the environment for SGX compatibility. Use this tool to check your hardware and system. It’s installed together with the respective gramine package you previously installed.
+We supply a tool, `is-sgx-available <https://deb-intel.github.io/GramineTest/manpages/is-sgx-available.html>`_
+that checks the environment for SGX compatibility. Use this tool to check your
+hardware and system. It’s installed together with the respective gramine package
+ you previously installed.
 
-Prepare a signing key  
+Prepare a signing key
 =====================
 
 Only for SGX, and if you haven’t already, enter the following:
@@ -29,4 +33,6 @@ Only for SGX, and if you haven’t already, enter the following:
 
 gramine-sgx-gen-private-key
 
-This command generates an RSA 3072 key suitable for signing SGX enclaves and stores it in :file: `{HOME}/.config/gramine/enclave-key.pem`. Protect this key and do not disclose it to anyone.
+This command generates an RSA 3072 key suitable for signing SGX enclaves and
+stores it in :file: `{HOME}/.config/gramine/enclave-key.pem`.
+Protect this key and do not disclose it to anyone.

Documentation/gramine-users.rst

@@ -1,35 +1,51 @@
 Users of Gramine
 ================
 
-We are excited to share that several companies are experimenting with Gramine for their confidential computing solutions. Please reach out to us at maintainers@gramineproject.io if you are using Gramine and would like to be highlighted on our page. We are looking forward to collaborating with you and continue to enhance Gramine to meet the needs of your confidential computing use cases. We will be updating this list regularly (the list is sorted alphabetically).
+We are excited to share that several companies are experimenting with Gramine
+for their confidential computing solutions. Please reach out to us at
+maintainers@gramineproject.io if you are using Gramine and would like to be
+highlighted on our page. We are looking forward to collaborating with you and
+continue to enhance Gramine to meet the needs of your confidential computing use
+cases. We will be updating this list regularly (the list is sorted
+alphabetically).
 
-- `Eder Labs <https://www.eder.io>`__ started its journey with the belief that businesses worldwide should easily be able to adopt ML/AI, without the concerns around compromising sensitive enterprise or consumer data. Towards this future, Eder Labs has begun facilitating exploratory data science between data users and data providers, for structured text data, and will be using the Gramine LibOS to facilitate training and deployment of models in a secure and federated manner, as the data science journey matures for these businesses. The Gramine ecosystem is laying the path to a more secure future, for all kinds of ML/AI applications, and Eder Labs is a firm supporter and beneficiary of this future-defining paradigm.
+- `Eder Labs <https://www.eder.io>`__ started its journey with the belief that
+  businesses worldwide should easily be able to adopt ML/AI, without the
+  concerns around compromising sensitive enterprise or consumer data. Towards
+  this future, Eder Labs has begun facilitating exploratory data science between
+  data users and data providers, for structured text data, and will be using the
+  Gramine LibOS to facilitate training and deployment of models in a secure and
+  federated manner, as the data science journey matures for these businesses.
+  The Gramine ecosystem is laying the path to a more secure future, for all
+  kinds of ML/AI applications, and Eder Labs is a firm supporter and beneficiary
+  of this future-defining paradigm.
 
-- `enclaive.io <https://enclaive.io>`__ uses among other technologies Gramine to generically enclavize applications. Enclaive builds and deploys confidential 
-containers for the zero-trust Web. Use cases are in the area of GDPR-compliant 
-Web analytics and AI. Specifically, Gramine Shielded Containers (GSC) ease the 
-design of confidential containers.
+- `enclaive.io <https://enclaive.io>`__ uses among other technologies Gramine to
+  generically enclavize applications. Enclaive builds and deploys confidential
+  containers for the zero-trust Web. Use cases are in the area of GDPR-compliant
+  Web analytics and AI. Specifically, Gramine Shielded Containers (GSC) ease the
+  design of confidential containers.
 
-- `JD Cloud <https://www.jdcloud.com/>`__ is experimenting with Gramine for 
-several solutions.
+- `JD Cloud <https://www.jdcloud.com/>`__ is experimenting with Gramine for
+  several solutions.
 
-- `Super Protocol <https://www.superprotocol.com/>`__ combines the benefits of 
-both Trusted Execution Environment (TEE) technology and blockchain to offer a 
-universal, decentralized, confidential cloud computing platform. It enables 
-easy deployment of a wide range of workloads - a rich ecosystem of 
-interoperable solutions and services, including databases, web services, 
-confidential data sources, and much more. Super Protocol takes advantage of 
-the open-source Gramine library OS, which works in conjunction with Intel SGX 
-to provide additional security benefits in Linux environments.
+- `Super Protocol <https://www.superprotocol.com/>`__ combines the benefits of
+  both Trusted Execution Environment (TEE) technology and blockchain to offer a
+  universal, decentralized, confidential cloud computing platform. It enables
+  easy deployment of a wide range of workloads - a rich ecosystem of
+  interoperable solutions and services, including databases, web services,
+  confidential data sources, and much more. Super Protocol takes advantage of
+  the open-source Gramine library OS, which works in conjunction with Intel SGX
+  to provide additional security benefits in Linux environments.
 
-- `Tencent Cloud <https://intl.cloud.tencent.com/>`__ relies on Gramine to 
-implement several SGX-based solutions by running unmodified Linux 
-applications. One example is the recent launch of the Tencent Cloud 
-Shuliantong product, announced at the Tencent Digital Ecosystem Summit.
+- `Tencent Cloud <https://intl.cloud.tencent.com/>`__ relies on Gramine to
+  implement several SGX-based solutions by running unmodified Linux
+  applications. One example is the recent launch of the Tencent Cloud
+  Shuliantong product, announced at the Tencent Digital Ecosystem Summit.
 
-- The national digital health agency `gematik <https://www.gematik.de/>`__ is 
-responsible for the *ePrescription* project in Germany. `IBM 
-<https://www.ibm.com/>`__ uses Gramine to implement the "VAU"-concept on SGX 
-to ensure a maximum of privacy and request-context isolation. The VAU-concept 
-is used for confidential computing in different implementations as well, such 
-as the electronic health record.
+- The national digital health agency `gematik <https://www.gematik.de/>`__ is
+  responsible for the *ePrescription* project in Germany. `IBM
+  <https://www.ibm.com/>`__ uses Gramine to implement the "VAU"-concept on SGX
+  to ensure a maximum of privacy and request-context isolation. The VAU-concept
+  is used for confidential computing in different implementations as well, such
+  as the electronic health record.

Documentation/gsc-installation.rst

@@ -1,14 +1,20 @@
 Gramine Shielded Containers
 ===========================
 
-The Gramine Shielded Container (GSC) tool transforms an original Docker image into a new, "graminized" image
-which includes the Gramine Library OS, manifest files, and Intel SGX related information. It uses Gramine to execute the application inside an Intel SGX enclave. It follows the common Docker approach to first build an image and subsequently run this image inside a container. 
+The Gramine Shielded Container (GSC) tool transforms an original Docker image
+into a new, "graminized" image which includes the Gramine Library OS, manifest
+files, and Intel SGX related information.
+It uses Gramine to execute the application inside an Intel SGX enclave.
+It follows the common Docker approach to first build an image and subsequently
+run this image inside a container.
 
-At first a Docker image has to be graminized via the ``gsc build`` command. When the graminized image is
-run within an Intel SGX enclave, the image must be signed via a ``gsc sign-image`` command.  Subsequently, the image can be run using ``docker run``.
+At first a Docker image has to be graminized via the ``gsc build`` command.
+When the graminized image is run within an Intel SGX enclave, the image must be
+signed via a ``gsc sign-image`` command.
+Subsequently, the image can be run using ``docker run``.
 
 Note the GSC documentation is split from the core Gramine documentation
 and is hosted here: https://gramine.readthedocs.io/projects/gsc.
 
 Similarly, the GSC tool is split from the core Gramine repository and can be
-found here: https://github.com/gramineproject/gsc.
+found here: https://github.com/gramineproject/gsc.