docs: Add developer-friendly guide to Realm Instances #340
Conversation
Sukuna0007Abhi
force-pushed
the
docs/realm-instance-clarification
branch
2 times, most recently
from
424bbd6 to
2325653
Compare
A comprehensive, practical guide that explains Realm Instances in Arm CCA using real-world analogies and examples. This guide helps developers understand: - What Realm Instances are and why they matter - When to use RIM-only vs RIM+RPV approaches - How to manage Realm Instances in production - Best practices from real-world experience Fixes veraison#237 Signed-off-by: Sukuna0007Abhi <[email protected]>
Sukuna0007Abhi
force-pushed
the
docs/realm-instance-clarification
branch
from
2325653 to
e361ebf
Compare
docs/realm-instance.md
Outdated
| ### The Birth Certificate: Realm Initial Measurements (RIM) | ||
|
|
||
| Think of RIM as your Realm's birth certificate - it's the first and most fundamental piece of identity: | ||
| - It's basically a snapshot of your code when it first starts up |
There was a problem hiding this comment.
It's a hash/digest rather than snapshot.
docs/realm-instance.md
Outdated
| - Keep track of which instance is which (maintain an RPV registry) | ||
|
|
||
| ### Watching Your REMs | ||
| This is like having a security camera system: |
There was a problem hiding this comment.
There more like tripwire alarms than cameras -- they can tell you when something went wrong, but not what (you need event logs for that).
There was a problem hiding this comment.
Ok understood
- Change RIM description from 'snapshot' to 'hash/digest' - Update REM analogy from 'security camera system' to 'tripwire alarms' - Clarify that REMs tell you when something went wrong, not what went wrong Signed-off-by: Sukuna0007Abhi <[email protected]>
|
Hi sir @setrofim I fixed it as you also approved I am ready for merge also pls review sir @yogeshbdeshpande @thomas-fossati |
docs/realm-instance.md
Outdated
| ### The Birth Certificate: Realm Initial Measurements (RIM) | ||
|
|
||
| Think of RIM as your Realm's birth certificate - it's the first and most fundamental piece of identity: | ||
| - It's basically a hash (digest) of your code when it first starts up |
There was a problem hiding this comment.
| - It's basically a hash (digest) of your code when it first starts up | |
| - It's basically a hash (digest) of the code and optionally configuration of the Realm instance when it first starts up |
docs/realm-instance.md
Outdated
| ### The Name Tag: Realm Personalization Value (RPV) | ||
|
|
||
| Think of RPV like a name tag for your Realm - it's optional, but super useful when you need it: | ||
| - It's like giving unique names to twins - same base code, different identities |
There was a problem hiding this comment.
| - It's like giving unique names to twins - same base code, different identities | |
| - It's like giving unique names to twins - same base code and configuration, however different identities |
docs/realm-instance.md
Outdated
| Think of RPV like a name tag for your Realm - it's optional, but super useful when you need it: | ||
| - It's like giving unique names to twins - same base code, different identities | ||
| - Without it? Your Realm is one-of-a-kind (like a custom-built tool) | ||
| - With it? You can run multiple copies of the same code (like spinning up multiple web servers) |
There was a problem hiding this comment.
| - With it? You can run multiple copies of the same code (like spinning up multiple web servers) | |
| - With it? You can run multiple copies of the same code and configuration (like spinning up multiple web servers) |
docs/realm-instance.md
Outdated
| - With it? You can run multiple copies of the same code (like spinning up multiple web servers) | ||
| - Perfect for when you need to scale up identical services but keep them separate | ||
|
|
||
| ### The Health Monitor: Realm Extensible Measurements (REM) |
There was a problem hiding this comment.
I think, this section needs better exemplification of the real world usage of REM. I will stash another version for this section
|
Sure sir @yogeshbdeshpande will update it |
docs/realm-instance.md
Outdated
| - All workers use the same type of tool (same RIM) | ||
| - Each worker's tool has a unique number (RPV) | ||
| - They can all work at the same time without confusion | ||
| - Real example: A web application scaled across multiple servers, all running identical code but handling different users |
There was a problem hiding this comment.
Line 48: Real example needs improvement, as well with an example:
A Workload needs to do identical job in a batch [parallel processing], so on a Server, Identical N Workloads are instantiated with the same RIM
There was a problem hiding this comment.
Ok sir got it
|
Sure sir thanks for the review 🙏 |
Sukuna0007Abhi
force-pushed
the
docs/realm-instance-clarification
branch
from
f79aa4a to
7d0bbc5
Compare
Signed-off-by: Sukuna0007Abhi <[email protected]> Co-authored-by: Yogesh Deshpande <[email protected]>
Sukuna0007Abhi
force-pushed
the
docs/realm-instance-clarification
branch
from
7d0bbc5 to
b27b30b
Compare
- Update RIM description to clarify hash/digest of code and configuration - Improve RPV explanations with better terminology - Add comprehensive real-world examples for REM usage - Enhance assembly line example with parallel processing scenario Signed-off-by: Sukuna0007Abhi <[email protected]>
|
Hi sir @yogeshbdeshpande I updated the part you suggested, pls review on your free time sir @yogeshbdeshpande @thomas-fossati |
|
Pls review sir @SimonFrost-Arm |
There was a problem hiding this comment.
I like the use of analogies here, it's a helpful way to introduce devs to the concepts.
I've left a few comments and I think the REM section needs a bit of a rethink.
It could be useful to have some observations on the verification side of the story - where the source of truth for the reference values come from, while staying in the analogies. For example noting that the birth certificate is trusted because it comes from a govt dept, the RIM reference needs to come from where the Realm initial code had a registration event, such as a software release event.
This doc might be better placed in the docs repo than in services.
Note that this document migh
docs/realm-instance.md
Outdated
|
|
||
| ## The Basics | ||
|
|
||
| Let's break down what a Realm Instance really is in everyday terms. Think of a Realm Instance like a secure container for your application - it's a special, isolated space where your code runs safely in a virtualized environment backed by security guarantees provided by Arm's Confidential Computing Architecture (CCA). |
There was a problem hiding this comment.
Suggest use a different word than 'container' as that has a specific meaning for how an application gets packaged.
Perhaps 'secured VM' might be a good substitution?
| - It's like giving unique names to twins - same base code and configuration, however different identities | ||
| - Without it? Your Realm is one-of-a-kind (like a custom-built tool) | ||
| - With it? You can run multiple copies of the same code and configuration (like spinning up multiple web servers) | ||
| - Perfect for when you need to scale up identical services but keep them separate |
There was a problem hiding this comment.
maybe worth mentioning that it's often a footprint of instance specific data supplied to the realm
There was a problem hiding this comment.
Sure sir @SimonFrost-Arm updated it
There was a problem hiding this comment.
Sorry if I wasn't clear - my comment applied to the RPV and not the RIM. Please move (new) line 15 down into the RPV section.
There was a problem hiding this comment.
Ok sir @SimonFrost-Arm I updated it, pls review again. In your free time
docs/realm-instance.md
Outdated
|
|
||
| REMs are like ongoing health checks for your Realm: | ||
| - Works like a fitness tracker with 4 different sensors (rem0 through rem3) | ||
| - These are more like tripwire alarms than cameras - they can tell you when something went wrong, but not what (you need event logs for that) |
There was a problem hiding this comment.
Not sure this analogy works as the REMs are just passive measurements rather than having any active policy.
Perhaps contrast to the measurments made by a car as it progresses on a journey or perhaps path turn choices made when following a map?
Per the real-world comment below, one example is to record execution differences that a workload may have made in response to configuration that it has received (these can affect the workload identity).
Another example might be to identify some state received from the user.
Then Sir @SimonFrost-Arm should I close the PR here, then I have to copy the whole content, do the changes and raise a new PR on docs repo.. Or, adding on both services and docs Or, leave it for now here, //services What your thoughts about it? Pls reply |
Probably leave it here for the moment. |
Ok sir @SimonFrost-Arm then I am doing changes as you said and commiting them & going for review and merge from here, thanks.... |
- Add CCA-specific intro note at the top - Replace 'container' with 'secured VM' terminology - Add instance-specific data footprint mention in RIM section - Complete REM section overhaul with car journey analogy - Emphasize passive measurements vs active policy enforcement - Add configuration response tracking and user state examples - Add new 'Source of Truth' section with verification context - Use birth certificate/government analogy for trust model All unresolved comments from Simon Frost now addressed. Signed-off-by: Sukuna0007Abhi <[email protected]>
|
Ready for review and merge sir @SimonFrost-Arm sir @yogeshbdeshpande |
| - It's like giving unique names to twins - same base code and configuration, however different identities | ||
| - Without it? Your Realm is one-of-a-kind (like a custom-built tool) | ||
| - With it? You can run multiple copies of the same code and configuration (like spinning up multiple web servers) | ||
| - Perfect for when you need to scale up identical services but keep them separate |
There was a problem hiding this comment.
Sorry if I wasn't clear - my comment applied to the RPV and not the RIM. Please move (new) line 15 down into the RPV section.
|
Yes sir @SimonFrost-Arm I updated it ready for review and merge ... |
|
Why the PR is not showing the commit, pls help |
- Moved line about footprint of instance-specific data from RIM to RPV section - Addresses reviewer feedback from SimonFrost-Arm about data hash placement Signed-off-by: Sukuna0007Abhi <[email protected]>
The instance-specific data footprint line has been moved from RIM to RPV section as requested by SimonFrost-Arm. Signed-off-by: Sukuna0007Abhi <[email protected]>
Sukuna0007Abhi
force-pushed
the
docs/realm-instance-clarification
branch
3 times, most recently
from
c2666fe to
68e7c94
Compare
|
Now ready for review and merge sir @SimonFrost-Arm sir @yogeshbdeshpande |
There was a problem hiding this comment.
Thank you @Sukuna0007Abhi for putting efforts into creating this Pull Request.
4 participants
Description:
This PR adds a comprehensive, practical guide that explains Realm Instances in Arm CCA using real-world analogies and examples. The guide helps developers understand:
Key improvements:
This documentation addresses the confusion around Realm Instances raised in issue #237, particularly clarifying:
Fixes #237
Ready for Review sir @thomas-fossati @setrofim @yogeshbdeshpande