[Doc] Updates suggest by Dmitrii.

Documentation/Installation-index.rst

@@ -4,5 +4,3 @@ Gramine Deployment Options
 ==========================
 
 Choose one of the deployment options based on your business need or preference.
-
-

Documentation/_static/css/gramine.css

@@ -6,11 +6,3 @@
     width: auto;
     overflow-y: auto;
   }
-
-  h1 
-  h1.{
-    color: black;
-    text-align: left;
-    font-size:large;
-  }
-

Documentation/attestation.rst

@@ -482,7 +482,6 @@ The secret may be retrieved by the application in two ways:
    ``mbedtls_base64_decode()``) instead of non-crypto-secure functions (e.g.,
    self-written decoding logic or a standard library function).
 
-
 ``secret_prov_verify_epid.so``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

Documentation/cloud-deployment.rst

@@ -40,7 +40,9 @@ On Ubuntu 20.04 LTS and 18.04 LTS::
 Prepare a signing key
 ^^^^^^^^^^^^^^^^^^^^^
 
-Only if you haven't already::
+Only prepare a signing key if you haven't already done so.::
+
+The following command generates an |~| RSA 3072 key suitable for signing SGX enclaves and stores it in :file:`{HOME}/.config/gramine/enclave-key.pem`. Protect this key and do not disclose it to anyone:: 
 
    gramine-sgx-gen-private-key
 
@@ -64,6 +66,4 @@ Run the HelloWorld example with SGX::
 
    cd gramine/CI-Examples/helloworld
    make SGX=1
-   gramine-sgx helloworld
-
-   
+   gramine-sgx helloworld

Documentation/concepts-index.rst

@@ -4,4 +4,5 @@ Concepts
 .. toctree::
    :maxdepth: 1
 
-   sgx-intro
+   sgx-intro
+

Documentation/contributor-index.rst

@@ -3,15 +3,15 @@
 Contribution Guidelines
 =======================
 
-These articles contain helpful material for users who want to contribute to Gramine development. 
+These articles contain helpful material for users who want to contribute to Gramine development.
 
 :doc:`devel/contributing` - Learn about how to report bugs, security vulnerabilities and perform pull requests. This section contains information for working with the Gramine project.
 
-:doc:`devel/onboarding` - This page describes the knowledge needed to efficiently contribute high-quality PRs to the Gramine project. This page also describes typical flows that Gramine developers should follow to make the process of PR review consistent for everyone involved. 
+:doc:`devel/onboarding` - This page describes the knowledge needed to efficiently contribute high-quality PRs to the Gramine project. This page also describes typical flows that Gramine developers should follow to make the process of PR review consistent for everyone involved.
 
-:doc:`devel/DCO/index` - Affirm that the source code you will submit was originated by you and/or that you have permission to submit it to the Gramine project. 
+:doc:`devel/DCO/index` - Affirm that the source code you will submit was originated by you and/or that you have permission to submit it to the Gramine project.
 
-:doc:`devel/setup` - Learn the Emacs and Vim configurations used for Gramine. 
+:doc:`devel/setup` - Learn the Emacs and Vim configurations used for Gramine.
 
 :doc:`devel/howto-doc` - This section describes how the Gramine documentation is constructed and provides directions on how to contribute to it.
 

Documentation/curated-installation.rst

@@ -1,7 +1,7 @@
 .. _curated_index
 
 Ready-made confidential protected images
-======================================
+========================================
 
 Confidential Compute images with Gramine are ready-made solutions for popular open-source projects such as PyTorch and Redis. Customize your environment through Interactive scripts. The result is a curated, confidentially protected Gramine image that includes your specific machine-learning application, common dependencies, and a manifest file that specifies security policies to enforce for your workload.
 

Documentation/custom-installation.rst

@@ -1,20 +1,20 @@
 .. _custom_installation
 
 Install Gramine on your server
-=====================================
+==============================
 
-Install Gramine and all components on your server. Select this option if you have an existing application and you want to take advantage of SGX without making modifications. This option requires you to create your own manifest. 
+Install Gramine and all components on your system. Select this option if you have an existing application and you want to take advantage of SGX without making modifications. This option requires you to create your own manifest. 
 
 **Select** :doc:`quickstart` instructions to quickly install and run Gramine. For full build instructions, see :doc:`devel/building`.
 
 
 Gramine Docker image
---------------------------------------
+--------------------
 
 If you opt to build Gramine, you can install Gramine from a Docker container that you build which includes an OS packaged with Gramine binaries. The container includes everything that's included in the installation. This option requires you to create your own manifest.
 
 Cloud cloud-deployment
-------------------------
+----------------------
 
 **Select** :doc:`docker-image-installation`
 

Documentation/devel/building.rst

@@ -1,5 +1,5 @@
 Build and install Gramine from source
-====================
+=====================================
 
 .. highlight:: sh
 
@@ -273,13 +273,17 @@ Additional build options
 Prepare a signing key
 ---------------------
 
-Only for SGX enclave development, and if you haven't already, run the following
-command::
+These instructions are only required for systems using Intel® SGX that have not already created a signing key.
 
-   gramine-sgx-gen-private-key
+   - If your system is not using Intel® SGX, skip this step.
+
+   - If your system is using Intel® SGX and you already created a signing key, skip this step. 
+
+   - If your system is using Intel® SGX and have not created a signing key, follow the instructions below. 
 
-This command generates an |~| RSA 3072 key suitable for signing SGX enclaves and
-stores it in :file:`{HOME}/.config/gramine/enclave-key.pem`. Protect this key and do not disclose it to anyone.
+The following command generates an |~| RSA 3072 key suitable for signing SGX enclaves and stores it in :file:`{HOME}/.config/gramine/enclave-key.pem`. Protect this key and do not disclose it to anyone:: 
+
+   gramine-sgx-gen-private-key
 
 After signing the application's manifest, users may ship the application and
 Gramine binaries, along with an SGX-specific manifest (``.manifest.sgx``

Documentation/developer-index.rst

@@ -8,7 +8,7 @@ Helpful material for users who develop Gramine or who are installing Gramine the
 .. toctree::  
    :maxdepth: 1
 
+   python/api
    devel/debugging
    devel/new-syscall
    pal/host-abi
-   python/api

Documentation/docker-image-installation.rst

@@ -1,9 +1,6 @@
 Gramine docker image
 ====================
 
-The Gramine team publishes a base Gramine Docker image at DockerHub:
-https://hub.docker.com/r/gramineproject/gramine.
-
 This Gramine image is a minimal distribution of Gramine: it contains only
 Gramine binaries and tools, as well as the pre-requisite packages to run
 applications under Gramine. The only currently available Gramine image is based
@@ -15,14 +12,22 @@ quickly test Gramine with your applications and workloads. This image can also
 be used as a base for your workflows to produce production-ready Docker images
 for your SGX applications.
 
+The Gramine team publishes a base Gramine Docker image at: `DockerHub <https://hub.docker.com/r/gramineproject/gramine>`_.
+
 To run the Gramine image via Docker, the recommended command is::
 
-    docker run --device /dev/sgx_enclave -it gramineproject/gramine
+``docker run --device /dev/sgx_enclave -it gramineproject/gramine``
 
 If you want to run :program:`gramine-direct` in addition to
 command:`gramine-sgx`, then you should run Docker with our custom seccomp
-profile using ``--security-opt seccomp=<profile_file>``. You can download the
-profile file from
+profile using:
+
+ ``--security-opt seccomp=<profile_file>`` 
+
+You can download the profile file from:
+
 https://github.com/gramineproject/gramine/blob/master/scripts/docker_seccomp.json.
-Alternatively you can disable seccomp completely (``--security-opt
-seccomp=unconfined``).
+
+Alternatively you can disable seccomp completely 
+
+``--security-optseccomp=unconfined``

Documentation/environment-setup.rst

@@ -1,7 +1,8 @@
 .. _environment_setup
 
 Set up the Gramine environment
--------------------------------
+------------------------------
+
 Gramine without SGX has no special requirements.
 
 Gramine with SGX support requires several features from your system:
@@ -15,19 +16,17 @@ Gramine with SGX support requires several features from your system:
 If your system doesn’t meet these requirements, please refer to more detailed descriptions in :doc:`devel/building`.
 
 Check for SGX compatibility
-==============================
+===========================
 
 We supply a tool, `is-sgx-available <https://deb-intel.github.io/GramineTest/manpages/is-sgx-available.html>`_ that checks the environment for SGX compatibility. Use this tool to check your hardware and system. It’s installed together with the respective gramine package you previously installed.
 
-
 Prepare a signing key  
-==========================
+=====================
 
 Only for SGX, and if you haven’t already, enter the following:
 
 .. parsed-literal::
 
 gramine-sgx-gen-private-key
 
-
-This command generates an RSA 3072 key suitable for signing SGX enclaves and stores it in HOME/.config/gramine/enclave-key.pem. Protect this key and do not disclose it to anyone.
+This command generates an RSA 3072 key suitable for signing SGX enclaves and stores it in :file: `{HOME}/.config/gramine/enclave-key.pem`. Protect this key and do not disclose it to anyone.

Documentation/gramine-users.rst

@@ -5,32 +5,31 @@ We are excited to share that several companies are experimenting with Gramine fo
 
 - `Eder Labs <https://www.eder.io>`__ started its journey with the belief that businesses worldwide should easily be able to adopt ML/AI, without the concerns around compromising sensitive enterprise or consumer data. Towards this future, Eder Labs has begun facilitating exploratory data science between data users and data providers, for structured text data, and will be using the Gramine LibOS to facilitate training and deployment of models in a secure and federated manner, as the data science journey matures for these businesses. The Gramine ecosystem is laying the path to a more secure future, for all kinds of ML/AI applications, and Eder Labs is a firm supporter and beneficiary of this future-defining paradigm.
 
-- `enclaive.io <https://enclaive.io>`__ uses among other technologies Gramine to
-  generically enclavize applications. Enclaive builds and deploys confidential
-  containers for the zero-trust Web. Use cases are in the area of GDPR-compliant
-  Web analytics and AI. Specifically, Gramine Shielded Containers (GSC) ease the
-  design of confidential containers.
+- `enclaive.io <https://enclaive.io>`__ uses among other technologies Gramine to generically enclavize applications. Enclaive builds and deploys confidential 
+containers for the zero-trust Web. Use cases are in the area of GDPR-compliant 
+Web analytics and AI. Specifically, Gramine Shielded Containers (GSC) ease the 
+design of confidential containers.
 
-- `JD Cloud <https://www.jdcloud.com/>`__ is experimenting with Gramine for
-  several solutions.
+- `JD Cloud <https://www.jdcloud.com/>`__ is experimenting with Gramine for 
+several solutions.
 
-  - `Super Protocol <https://www.superprotocol.com/>`__ combines the benefits of
-  both Trusted Execution Environment (TEE) technology and blockchain to offer a
-  universal, decentralized, confidential cloud computing platform. It enables
-  easy deployment of a wide range of workloads - a rich ecosystem of
-  interoperable solutions and services, including databases, web services,
-  confidential data sources, and much more. Super Protocol takes advantage of
-  the open-source Gramine library OS, which works in conjunction with Intel SGX
-  to provide additional security benefits in Linux environments.
+- `Super Protocol <https://www.superprotocol.com/>`__ combines the benefits of 
+both Trusted Execution Environment (TEE) technology and blockchain to offer a 
+universal, decentralized, confidential cloud computing platform. It enables 
+easy deployment of a wide range of workloads - a rich ecosystem of 
+interoperable solutions and services, including databases, web services, 
+confidential data sources, and much more. Super Protocol takes advantage of 
+the open-source Gramine library OS, which works in conjunction with Intel SGX 
+to provide additional security benefits in Linux environments.
 
-- `Tencent Cloud <https://intl.cloud.tencent.com/>`__ relies on Gramine to
-  implement several SGX-based solutions by running unmodified Linux
-  applications. One example is the recent launch of the Tencent Cloud
-  Shuliantong product, announced at the Tencent Digital Ecosystem Summit.
+- `Tencent Cloud <https://intl.cloud.tencent.com/>`__ relies on Gramine to 
+implement several SGX-based solutions by running unmodified Linux 
+applications. One example is the recent launch of the Tencent Cloud 
+Shuliantong product, announced at the Tencent Digital Ecosystem Summit.
 
-- The national digital health agency `gematik <https://www.gematik.de/>`__ is
-  responsible for the *ePrescription* project in Germany. `IBM
-  <https://www.ibm.com/>`__ uses Gramine to implement the "VAU"-concept on SGX
-  to ensure a maximum of privacy and request-context isolation. The VAU-concept
-  is used for confidential computing in different implementations as well, such
-  as the electronic health record.
+- The national digital health agency `gematik <https://www.gematik.de/>`__ is 
+responsible for the *ePrescription* project in Germany. `IBM 
+<https://www.ibm.com/>`__ uses Gramine to implement the "VAU"-concept on SGX 
+to ensure a maximum of privacy and request-context isolation. The VAU-concept 
+is used for confidential computing in different implementations as well, such 
+as the electronic health record.

Documentation/manpages/gramine-sgx-get-token.rst

@@ -23,7 +23,6 @@ fetched automatically if needed during the first enclave start.
 On upstream/DCAP driver this command does nothing and is deprecated. In
 the future, it will be removed altogether.
 
-
 Command line arguments
 ======================
 

Documentation/pal/host-abi.rst

@@ -114,7 +114,7 @@ memory.
 .. doxygentypedef:: pal_prot_flags_t
    :project: pal
 
- .. doxygenstruct:: pal_initial_mem_range
+.. doxygenstruct:: pal_initial_mem_range
    :project: pal
    :members:
 

Documentation/prepare-a-signing-key.rst

@@ -16,12 +16,3 @@ and stores it in :file:`{HOME}/.config/gramine/enclave-key.pem`. Protect
 this key and do not disclose it to anyone:: 
 
    gramine-sgx-gen-private-key
-
-
-glibc vs musl
--------------
-
-Most of the examples we provide use GNU C Library (glibc). If your application
-is built against musl libc, you can pass ``'musl'`` to
-:py:func:`gramine.runtimedir()` when generating the manifest from a template;
-this will mount musl libc (instead of the default glibc).

Documentation/prerequisites.rst

@@ -3,17 +3,16 @@
 Prerequisites
 -------------
 
-Gramine without SGX support has no special requirements.
+Gramine without Intel® SGX support has no special requirements.
 
-Gramine with SGX support has the following requirements:
+Gramine with Intel® SGX support has the following requirements:
 
-- Linux kernel version at least 5.11 (with SGX driver enabled);
-- Intel SGX PSW and (optionally) Intel DCAP must be installed and configured.
+- Linux kernel version at least 5.11 (with Intel® SGX driver enabled);
+- Intel SGX PSW and (optionally) Intel® DCAP must be installed and configured.
 
 If your system doesn't meet these requirements, please refer to the :doc:`devel/building` section for instructions on how to install these requirements.
 
-Check for SGX compatibility
+Check for Intel® SGX compatibility
 ---------------
 
-To check your hardware and system for SGX compatibility, use the supplied tool, :doc:`manpages/is-sgx-available`. It's installed together with the respective gramine
-package you install from the options below.
+To check your hardware and system for Intel® SGX compatibility, use the supplied tool, :doc:`manpages/is-sgx-available`. It's installed together with the respective Gramine package you install from the options below.

Documentation/quickstart.rst

@@ -7,7 +7,7 @@ There are three options to choose from when using Gramine to protect your applic
 
 :ref:`Install Gramine` - This option provides instructions for installing Gramine on various versions of Ubuntu or Red Hat Enterprise Linux 8. 
 
-:ref:`Gramine Docker Image` - This option provides instructions for installing a prepared Docker image with Gramine and running the container. This option enables you to protect an application running in the cloud. 
+:doc:`docker-image-installation` - This option provides instructions for installing a prepared Docker image with Gramine and running the container. This option enables you to protect an application running in the cloud. 
 
 :doc:`devel/building` - This option is mainly used for assisting in helping the development of Gramine. This option is much more involved. The instructions for this option are listed on another page.
 
@@ -61,28 +61,3 @@ RHEL-like distributions version 8 (and experimentally also version 9)
 
       sudo curl -fsSLo /etc/yum.repos.d/gramine.repo https://packages.gramineproject.io/rpm/gramine.repo
       sudo dnf install gramine
-
-Gramine Docker image
-========================
-
-This Gramine image is a minimal distribution of Gramine. It contains only Gramine binaries and tools, as well as the pre-requisite packages to run applications under Gramine. The only currently available Gramine image is based on Ubuntu 20.04. The only requirement on the host system is a Linux kernel with in-kernel SGX driver (available from version 5.11 onward). This Gramine image can be used as a disposable playground environment, to quickly test Gramine with your applications and workloads. This image can also be used as a base for your workflows to produce production-ready Docker images for your SGX applications. 
-
-The Gramine team publishes a base Gramine Docker image at: `DockerHub <https://hub.docker.com/r/gramineproject/gramine>`_.
-
-The recommended command to run the Gramine image via Docker is::
-
-``docker run --device /dev/sgx_enclave -it gramineproject/gramine``
-
-If you want to run :program:`gramine-direct` in addition to
-command:`gramine-sgx`, then you should run Docker with our custom seccomp
-profile using:
-
- ``--security-opt seccomp=<profile_file>``  
-
-You can download the profile file from:
-
-https://github.com/gramineproject/gramine/blob/master/scripts/docker_seccomp.json.
-
-Alternatively you can disable seccomp completely using this command:
-
-``--security-optseccomp=unconfined``

Documentation/sgx-intro.rst

@@ -360,7 +360,7 @@ SGX terminology
 
          :term:`DCAP`
 
-Key Separation and Sharing
+   Key Separation and Sharing
    KSS
       A feature that lets developer define additional enclave identity
       attributes and configuration identifier. Extended enclave identity
@@ -391,7 +391,6 @@ Key Separation and Sharing
       This feature was not part of original SGX and therefore not supported by
       all SGX-enabled hardware.
 
-
    Launch Enclave
    LE