From 48c123023d1698ba21f4dce41af95db0c27e3000 Mon Sep 17 00:00:00 2001 From: Tom Dohrmann Date: Mon, 7 Oct 2024 11:54:51 +0200 Subject: [PATCH] docs: add notes about missing TCB values --- docs/docs/deployment.md | 10 ++++++++++ docs/docs/examples/emojivoto.md | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/docs/docs/deployment.md b/docs/docs/deployment.md index 39e985c659..f6b7da0a47 100644 --- a/docs/docs/deployment.md +++ b/docs/docs/deployment.md @@ -211,11 +211,21 @@ contrast generate --reference-values aks-clh-snp resources/ ```sh contrast generate --reference-values k3s-qemu-snp resources/ ``` +:::note[Missing TCB values] +On bare metal SEV-SNP, `contrast generate` is unable to fill in the `MinimumTCB` values as they can vary between platforms. +They will have to be filled in manually. +If you don't know the correct values use `{"BootloaderVersion":255,"TEEVersion":255,"SNPVersion":255,"MicrocodeVersion":255}` and observe the real values in the error messages in the following steps. This should only be done in a secure environment. Note that the values will differ between CPU models. +::: ```sh contrast generate --reference-values k3s-qemu-tdx resources/ ``` +:::note[Missing TCB values] +On bare metal TDX, `contrast generate` is unable to fill in the `MinimumTeeTcbSvn` and `MrSeam` TCB values as they can vary between platforms. +They will have to be filled in manually. +If you don't know the correct values use `ffffffffffffffffffffffffffffffff` and `000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000` respectively and observe the real values in the error messages in the following steps. This should only be done in a secure environment. +::: diff --git a/docs/docs/examples/emojivoto.md b/docs/docs/examples/emojivoto.md index 6e3bb41d53..6ad06943b2 100644 --- a/docs/docs/examples/emojivoto.md +++ b/docs/docs/examples/emojivoto.md @@ -101,11 +101,21 @@ contrast generate --reference-values aks-clh-snp deployment/ ```sh contrast generate --reference-values k3s-qemu-snp deployment/ ``` +:::note[Missing TCB values] +On bare metal SEV-SNP, `contrast generate` is unable to fill in the `MinimumTCB` values as they can vary between platforms. +They will have to be filled in manually. +If you don't know the correct values use `{"BootloaderVersion":255,"TEEVersion":255,"SNPVersion":255,"MicrocodeVersion":255}` and observe the real values in the error messages in the following steps. This should only be done in a secure environment. Note that the values will differ between CPU models. +::: ```sh contrast generate --reference-values k3s-qemu-tdx deployment/ ``` +:::note[Missing TCB values] +On bare metal TDX, `contrast generate` is unable to fill in the `MinimumTeeTcbSvn` and `MrSeam` TCB values as they can vary between platforms. +They will have to be filled in manually. +If you don't know the correct values use `ffffffffffffffffffffffffffffffff` and `000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000` respectively and observe the real values in the error messages in the following steps. This should only be done in a secure environment. +:::