Skip to content

docs: update reference value docs and bump sandboxed-policies to 0.2.*#95

Merged
butler54 merged 2 commits into
validatedpatterns:mainfrom
butler54:docs/update-reference-value-docs
Jun 2, 2026
Merged

docs: update reference value docs and bump sandboxed-policies to 0.2.*#95
butler54 merged 2 commits into
validatedpatterns:mainfrom
butler54:docs/update-reference-value-docs

Conversation

@butler54
Copy link
Copy Markdown
Collaborator

@butler54 butler54 commented Jun 2, 2026

Summary

  • Rewrite firmware reference values doc for container-based veritas approach (both Azure and bare metal)
  • Fix stale references across README.md and AGENTS.md
  • Bump sandboxed-policies chartVersion to 0.2.* (v0.2.0 released with Azure-conditional peer-pods)

Changes

Documentation

  • docs/firmware-reference-values.md: Complete rewrite — replaces old in-cluster kata pod approach with container-based veritas. Now covers both Azure (PCR values from dm-verity image) and bare metal (firmware measurements from OCP release artifacts). Includes attestation policy coverage table, multi-version support, and known limitations.
  • README.md: Replace get-pcr.sh reference with unified collect-firmware-refvals.sh commands for both Azure (make collect-azure-refvals) and bare metal (make collect-firmware-refvals). Remove stale pcr-reference-values-bare-metal.md reference.
  • AGENTS.md: Fix values-untrusted-spoke.yamlvalues-spoke.yaml. Add baremetal-gpu cluster group. Update companion chart table from stale local paths to registry-based consumption.

Chart version bump

  • Bump sandboxed-policies from 0.1.* to 0.2.* in all four profiles (baremetal, baremetal-gpu, simple, trusted-hub). v0.2.0 was released with Azure-conditional peer-pods policy.

Testing

  • Verify make collect-firmware-refvals and make collect-azure-refvals commands match the documented workflow
  • Verify all chartVersion references are consistent

Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com

@butler54 @claude
docs: update documentation and bump sandboxed-policies to 0.2.*
aafe426 
Documentation updates:
- Rewrite docs/firmware-reference-values.md for container-based veritas
  approach covering both Azure and bare metal platforms
- Update README.md secrets section: replace get-pcr.sh reference with
  unified collect-firmware-refvals.sh, add Azure and bare metal commands
- Fix AGENTS.md: correct values-spoke.yaml filename, add baremetal-gpu
  cluster group, update companion chart table to reflect registry-based
  consumption instead of stale local paths

Chart version bump:
- Bump sandboxed-policies chartVersion from 0.1.* to 0.2.* in all four
  profiles (v0.2.0 adds Azure-conditional peer-pods policy)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@butler54 butler54 requested a review from a team June 2, 2026 05:21
@butler54 @claude
fix: address linter error and update README
2401cec 
- Fix AGENTS.md: capitalize "Git" (textlint terminology rule)
- Fix README.md: correct topology count (four, not three)
- Fix README.md: update RHDP description to say "reference value collection"
- Add version history for v5.3 through v5.6 releases

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@butler54 butler54 merged commit 599ad50 into validatedpatterns:main Jun 2, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@butler54