Docs: proofread Hardenining, update RN ghaf-23.09

Signed-off-by: Jenni Nikolaenko <[email protected]>
tiiuae · Dec 20, 2023 · bf51bf9 · bf51bf9
1 parent c441fa3
commit bf51bf9
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 22 deletions.
diff --git a/docs/src/architecture/hardening.md b/docs/src/architecture/hardening.md
@@ -5,21 +5,23 @@
 
 # Hardening
 
-This section describes how securing Ghaf by reducing its' attack surface, in short - hardening, is done.
+This section describes how securing Ghaf by reducing its attack surface—hardening—is done.
+
 
 ## Kernel
 
-Ghaf has two types of kernels - host and guest kernels. Hardening of these kernels varies in terms of hardware support and functionality required by the guest kernel in question. Within this context, kernel always refers to Linux operating system kernel.
+Ghaf has two types of kernels: host and guest. Hardening of these kernels varies in terms of hardware support and functionality required by the guest kernel in question. Within this context, the kernel always refers to the Linux operating system kernel.
+
+
+### Kernel Hardening Process
 
-### Process of Kernel Hardening
+NixOS provides several mechanisms to customize the kernel. The main methods are:
 
-NixOS provides several mechanisms to customize kernel. The main methods are:
+* [Declaring kernel command line parameters](https://nixos.wiki/wiki/Linux_kernel#Custom_kernel_commandline): [usage in Ghaf](https://github.com/search?q=repo%3Atiiuae%2Fghaf%20kernelparams&type=code).
+* [Declaring kernel custom configuration](https://nixos.org/manual/nixos/stable/#sec-linux-config-customizing): [usage in Ghaf](https://github.com/tiiuae/ghaf/blob/main/modules/host/kernel.nix).
+
+    Example of entering the kernel development shell to customize the `.config` and build it:
 
-* [declaring kernel command line parameters](https://nixos.wiki/wiki/Linux_kernel#Custom_kernel_commandline)
-  * [Usage in Ghaf](https://github.com/search?q=repo%3Atiiuae%2Fghaf%20kernelparams&type=code)
-* [declaring kernel custom configuration](https://nixos.org/manual/nixos/stable/#sec-linux-config-customizing)
-  * [Usage in Ghaf](https://github.com/tiiuae/ghaf/blob/main/modules/host/kernel.nix)
-  * Example of entering the kernel development shell to customize the `.config` and build it:
   ```
   ~/ghaf $ nix develop .#devShells.x86_64-linux.kernel-x86
   ...
@@ -30,11 +32,15 @@ NixOS provides several mechanisms to customize kernel. The main methods are:
   ...
   Kernel: arch/x86/boot/bzImage
   ```
-* Boot the built kernel with QEMU
+
+* Booting the built kernel with QEMU:
+
   ```
   [ghaf-kernel-devshell:~/ghaf/linux-6.6.2]$ qemu-system-x86_64 -kernel arch/x86/boot/bzImage
   ```
-* [validating with kernel hardening checker](https://github.com/a13xp0p0v/kernel-hardening-checker)
+
+* [Validating with kernel hardening checker](https://github.com/a13xp0p0v/kernel-hardening-checker):
+
   ```
   [ghaf-kernel-devshell:~/ghaf/linux-6.6.2]$ kernel-hardening-checker -c ../modules/host/ghaf_host_hardened_baseline
   [+] Kconfig file to check: ../modules/host/ghaf_host_hardened_baseline
@@ -45,13 +51,14 @@ NixOS provides several mechanisms to customize kernel. The main methods are:
   [+] Config check is finished: 'OK' - 103 / 'FAIL' - 84
   ```
 
-### Host kernel
 
-The host kernel runs on bare metal. The kernel is provided either via Linux upstream (`x86_64`) or via vendor board support package (BSP). The default Ghaf host kernel on `x86_64` is maintained by Ghaf upstream package sources - `nixpkgs` or nix-packaged hardware-specific BSP (e.g. NVIDIA Jetson-family of devices).
+### Host Kernel
+
+The host kernel runs on bare metal. The kernel is provided either with Linux upstream (`x86_64`) or with vendor BSP. The default Ghaf host kernel on `x86_64` is maintained by Ghaf upstream package sources `nixpkgs` or Nix-packaged hardware-specific BSP (for example, NVIDIA Jetson-family of devices).
+
 
 #### `x86-64-linux`
 
-The host kernel hardening is based on Linux `make tinyconfig`. The default `tinyconfig` fails to assertions on NixOS without
-modifications. Assertions are fixed in `ghaf_host_hardened_baseline` linux config under Ghaf `modules/host/`.
-In addition, NixOS (Ghaf baseline dependency) requires several kernel modules that are added to the config or ignored with `allowMissing = true`;
-As of now, the kernel builds and early boots on Lenovo X1.
+The host kernel hardening is based on Linux `make tinyconfig`. The default `tinyconfig` fails to assertions on NixOS without modifications. Assertions are fixed in `ghaf_host_hardened_baseline` Linux configuration under Ghaf `modules/host/`.
+
+In addition, NixOS (Ghaf baseline dependency) requires several kernel modules that are added to the config or ignored with `allowMissing = true`. As of now, the kernel builds and early boots on Lenovo X1.
diff --git a/docs/src/release_notes/ghaf-23.09.md b/docs/src/release_notes/ghaf-23.09.md
@@ -71,8 +71,13 @@ There are no specific requirements for the environment with this release.
 
 ## Installation Instructions
 
-Released images are available at Jfrog Artifactory. To download the release image:
+Released images are available at [vedenemo.dev/files/releases/ghaf_23.09/](https://vedenemo.dev/files/releases/ghaf_23.09/).
 
-* In the [Jfrog Artifactory](https://artifactory.ssrcdevops.tii.ae/ui/login/) login screen, use the *Sign in with SAML SSO* option and then *Sign in with Github.com account*. Note that domain restrictions are in place.
-* Navigate to the ghaf-23.09 directory: <https://artifactory.ssrcdevops.tii.ae/artifactory/tc/releases/ghaf-23.06/>
-* Download the image from the `../targetHW/image` directory.
+Download the required image and use the following instructions:
+
+| Release Image           | Build and Run      |
+|-------------------------|--------------------|
+| ghaf-23.09_Generic_x86.tar.xz | [Running Ghaf Image for x86 Computer](../ref_impl/build_and_run.md#running-ghaf-image-for-x86-computer) |
+| ghaf-23.09_Lenovo_X1_Gen11.tar.xz  | [Running Ghaf Image for Lenovo X1](../ref_impl/build_and_run.md#running-ghaf-image-for-lenovo-x1) |
+| ghaf-23.09_Nvidia_Orin_AGX.tar.xz, ghaf-23.09_Nvidia_Orin_NX.tar.xz   | [Ghaf Image for NVIDIA Jetson Orin AGX](../ref_impl/build_and_run.md#ghaf-image-for-nvidia-jetson-orin-agx) |
+| ghaf-23.09_PolarFire_RISC-V.tar.xz | [Building Ghaf Image for Microchip Icicle Kit](../ref_impl/build_and_run.md#building-ghaf-image-for-microchip-icicle-kit) |
diff --git a/docs/src/scenarios/run_win_vm.md b/docs/src/scenarios/run_win_vm.md
@@ -48,7 +48,7 @@ On x86_64 device Windows 11 VM can be launched with either an ISO image or QCOW2
    * For an ISO image, the script creates an empty QCOW2 image in the same directory which is used as a system disk in the VM.
    * After installing Windows 11, run the script for the QCOW2 image.
 
-Do the folowing:
+Do the following:
 
 1. In the Weston terminal, go to the directory with the Windows 11 image and run the VM without sudo and as a non-root user using the following Ghaf script: