CC + 1st build-iapp review by aimen (#41)

Co-authored-by: Le-Caignec <[email protected]>

Author: aimen-djari

.vitepress/sidebar.ts

@@ -132,12 +132,24 @@ export function getSidebar() {
             ],
           },
           {
-            text: 'TEE Technology',
+            text: '🔒 TEE Technology',
             collapsed: true,
             items: [
               {
-                text: 'Intel SGX Technology Overview',
-                link: '/get-started/protocol/tee/intel-sgx-technology',
+                text: 'Introduction to TEE Technologies',
+                link: '/get-started/protocol/tee/introduction',
+              },
+              {
+                text: 'Intel SGX Technology',
+                link: '/get-started/protocol/tee/intel-sgx',
+              },
+              {
+                text: 'Intel TDX Technology',
+                link: '/get-started/protocol/tee/intel-tdx',
+              },
+              {
+                text: 'SGX vs TDX Comparison',
+                link: '/get-started/protocol/tee/sgx-vs-tdx',
               },
             ],
           },
@@ -181,10 +193,7 @@ export function getSidebar() {
             text: 'Inputs and Outputs',
             link: '/guides/build-iapp/inputs-and-outputs',
           },
-          {
-            text: 'Using TDX',
-            link: '/guides/build-iapp/using-tdx',
-          },
+
           {
             text: 'Debugging',
             link: '/guides/build-iapp/debugging',

README.md

@@ -230,7 +230,8 @@ for input parameters:
 - Add link to the new explorer feature Asset_Types in the guide =>
   `handle-schemas-dataset-types`
 - Add link to remix for deploying whitelist
-- SGX vs TDX need review
+- complete `use-iapp` section
+- Maybe split input and output in two diff sub section in build your iapp guide
 - Explorer l'intégration de codeSpace
 - Add a Development workflow section (1 - ProtectData, 2- ...)
 - Update context7 when doc will be deployed (Martin)
@@ -246,10 +247,15 @@ for input parameters:
 - migrate pay-per-task page into a guide
 - check pages (introduction & getting-started) for use-iapp guide
 - Schema what is iexec to do and implement
-- explain TDX vs SGX
 - Give recap of Workerpool address fo chains
 - Talk about ENS on Bellecour(it's not supported on arbitrum)
-- Rework Advanced iApp building guides. (from "old" protocol doc)
+- Rework Advanced iApp building guides. (from "old" protocol doc) <<<<<<< HEAD
+- Talk about encrypting results in use-iapp
+- Refactor "advanced" section in build-iapp
+- Rework src\get-started\protocol\iexec-doracle.md (transfer to guide or
+  rewrite)
+- Talk about encrypting results in use-iapp
+- Refactor "advanced" section in build-iapp
 - Rework src\get-started\protocol\oracle.md (transfer to guide or rewrite)
 - Talk about iApp secret
 - Improve Guide in build-iapp section - be more clear for builder ( how to

src/get-started/protocol/tee/intel-sgx-technology.md

@@ -0,0 +1,148 @@
+---
+title: Intel SGX Technology
+description:
+  Learn about Intel Software Guard Extensions (SGX) - the first-generation TEE
+  technology
+---
+
+# 🛡️ Intel SGX Technology
+
+**Intel® Software Guard Extensions (Intel® SGX)** is the first-generation TEE
+technology that enables **Trusted Computing** and **Confidential Computing**. On
+the iExec platform, SGX is the **production-ready, widely-supported TEE
+technology** that powers secure, privacy-preserving applications in the
+decentralized cloud.
+
+## What is Intel SGX?
+
+[Intel® SGX](https://software.intel.com/en-us/sgx) creates a special secure
+zone in memory called an "enclave" - think of it as a vault that only the CPU
+can access. Neither the operating system nor any other software can see what's
+happening inside this protected area. Your code and data are completely private
+and secure.
+
+## SGX: The "Application-Level" Security
+
+**Intel SGX** is like having a **small, specialized safe** inside your office
+for specific valuable items. It protects individual applications or parts of
+applications.
+
+### Key Characteristics
+
+- **Scope**: Protects specific parts of your application
+- **Memory**: Limited secure memory (like a small safe)
+- **Code Changes**: Requires modifications to your application
+- **Use Case**: Perfect for focused, lightweight applications
+
+**Analogy**: SGX is like installing a small, specialized safe inside your office
+for specific valuable items.
+
+### Visual Representation
+
+```mermaid
+graph TB
+    OS[Operating System<br/>Can see everything]
+    App[Regular Application<br/>Visible & Vulnerable]
+    Enclave[🔒 SGX Enclave<br/>Protected]
+    Data[Sensitive Code & Data<br/>Encrypted]
+    OS --> App
+    App --> Enclave
+    Enclave --> Data
+    style Enclave fill:#ffffff,stroke:#0000ff,stroke-width:2px,color:#000000
+    style Data fill:#ffffff,stroke:#00ff00,stroke-width:2px,color:#000000
+```
+
+## SGX Technology Details
+
+### How SGX Works
+
+1. **Enclave Creation**: SGX creates a secure memory region (enclave) that only
+   the CPU can access
+2. **Code Isolation**: Sensitive code runs inside the enclave, isolated from the
+   rest of the system
+3. **Memory Encryption**: All data in the enclave is automatically encrypted
+4. **Integrity Protection**: The enclave can prove it's running the correct,
+   unmodified code
+
+### SGX Limitations
+
+With native Intel® SGX technology, the OS is not a part of the Trusted
+Computing Base (TCB), hence system calls and kernel services are not available
+from an Intel® SGX enclave. This can be limiting as the application will not be
+able to use File System and sockets directly from the code running inside the
+enclave.
+
+### iExec's SGX Infrastructure
+
+iExec provides a complete SGX ecosystem that includes:
+
+- **🔐 Secret Management Service (SMS)**: Secure storage for encryption keys and
+  secrets
+- **🛡️ SGX Workers**: Computing nodes with SGX hardware support
+- **📋 Task Verification**: Proof of contribution system that verifies SGX
+  execution
+- **🔗 Blockchain Integration**: Decentralized coordination and payment
+- **📦 Scone Framework**: High-level development framework for SGX applications
+
+### Why iExec Uses Scone
+
+To build Confidential Computing (TEE) applications with SGX, iExec uses the
+high-level **Scone framework** instead of requiring developers to manipulate the
+Intel® SGX SDK directly.
+
+#### Scone Framework Benefits
+
+At a high-level, Scone protects the confidentiality and integrity of the data
+and the code without needing to modify or recompile the application. The
+[Scone](https://scontain.com/) framework resolves the limitations of native SGX
+and reduces the burden of porting the application to Intel® SGX.
+
+#### How Scone Works
+
+More precisely, Scone provides a C standard library interface to container
+processes. System calls are executed outside of the enclave, but they are
+shielded by transparently encrypting/decrypting application data. Files stored
+outside of the enclave are therefore encrypted, and network communication is
+protected by Transport Layer Security (TLS).
+
+For a deeper understanding, you can have a look to the official
+[Scone documentation](https://sconedocs.github.io/).
+
+### iExec SGX Workflow
+
+```mermaid
+graph TD
+    Dev[Developer]
+    Build[Build with Scone]
+    Deploy[Deploy to iExec]
+    Worker[SGX Worker Selected]
+    Enclave[SGX Enclave Created]
+    Execute[Secure Execution]
+    Proof[Proof of Contribution]
+    Result[Results]
+    Dev --> Build
+    Build --> Deploy
+    Deploy --> Worker
+    Worker --> Enclave
+    Enclave --> Execute
+    Execute --> Proof
+    Proof --> Result
+    style Enclave fill:#ffffff,stroke:#0000ff,stroke-width:2px,color:#000000
+    style Execute fill:#ffffff,stroke:#0000ff,stroke-width:2px,color:#000000
+```
+
+## What's Next?
+
+**Learn about the next generation**:
+
+- **[Intel TDX Technology](/get-started/protocol/tee/intel-tdx)** -
+  Next-generation VM-level TEE technology
+- **[SGX vs TDX Comparison](/get-started/protocol/tee/sgx-vs-tdx)** - Detailed
+  comparison of both technologies
+
+**Ready to build with SGX?** Check out the practical guides:
+
+- **[Build & Deploy](/guides/build-iapp/build-&-deploy)** - Create your first
+  SGX application
+- **[Advanced SGX Development](/guides/build-iapp/advanced/create-your-first-sgx-app)** -
+  Deep dive into SGX development