From a46618844f411739a1bda908267dab5ebb685bda Mon Sep 17 00:00:00 2001
From: Qiyuan Gong <qiyuan.gong@intel.com>
Date: Wed, 9 Nov 2022 08:57:17 +0800
Subject: [PATCH] [PPML] Add mermaid to deployment and installation doc (#6497)

* Fix deployment doc mermaid.
* Add PCCS network to installation doc.
---
 .../source/doc/PPML/Overview/install.md       | 20 +++++++++++--
 .../QuickStart/deploy_ppml_in_production.md   | 28 ++++++++++---------
 2 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/docs/readthedocs/source/doc/PPML/Overview/install.md b/docs/readthedocs/source/doc/PPML/Overview/install.md
index 59949cfd..726253e9 100644
--- a/docs/readthedocs/source/doc/PPML/Overview/install.md
+++ b/docs/readthedocs/source/doc/PPML/Overview/install.md
@@ -45,15 +45,31 @@ sudo apt update
 sudo apt-get install libsgx-urts libsgx-dcap-ql libsgx-dcap-default-qpl
 ```
 
-##### Install PCCS (for attestation)
+##### Install PCCS (Provisioning Certificate Caching Service) (for attestation)
 
 Please refer to [Intel® Software Guard Extensions Data Center Attestation Primitives (Intel® SGX DCAP): A Quick Install Guide](https://www.intel.com/content/www/us/en/developer/articles/guide/intel-software-guard-extensions-data-center-attestation-primitives-quick-install-guide.html)
 
+Note that PCCS requires Internet connection for downloading certificates from Intel PCS. PCCS is fully [open sourced on Github](https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs), you can build your own PCCS based on these codes.
+
+```eval_rst
+.. mermaid::
+   
+   graph BT
+      pcs(Intel PCS) --> PCCS
+      PCCS --> pcs
+      subgraph Internet
+         pcs
+      end
+      subgraph Data Center
+         PCCS --> sgx(SGX Server)
+         sgx --> PCCS
+      end
+```
+
 ##### Install Kubernetes SGX Plugin (K8S only)
 
 Please refer to [Deploy the Intel SGX Device Plugin for Kubernetes](https://bigdl.readthedocs.io/en/latest/doc/PPML/QuickStart/deploy_intel_sgx_device_plugin_for_kubernetes.html).
 
-
 ### FAQs
 
 1. Is SGX supported on CentOS 6/7?
diff --git a/docs/readthedocs/source/doc/PPML/QuickStart/deploy_ppml_in_production.md b/docs/readthedocs/source/doc/PPML/QuickStart/deploy_ppml_in_production.md
index 2c53f41f..6ab05ab9 100644
--- a/docs/readthedocs/source/doc/PPML/QuickStart/deploy_ppml_in_production.md
+++ b/docs/readthedocs/source/doc/PPML/QuickStart/deploy_ppml_in_production.md
@@ -20,19 +20,21 @@ Due to security and privacy considerations (e.g., `enclave-key` security), only
 
 You can find more details in [Intel SGX Developer Guide](https://download.01.org/intel-sgx/linux-1.5/docs/Intel_SGX_Developer_Guide.pdf).
 
-```mermaid
-graph LR
-	subgraph SGX enclave
-	MRENCLAVE(fa:fa-file-signature MRENCLAVE)
-	MRSIGNER(fa:fa-file-signature MRSIGNER)
-  end
-	subgraph enclave-key
-	private_key(fa:fa-key private key)
-	public_key(fa:fa-key public key)
-	end
-	private_key --> MRENCLAVE
-	ppml_application(PPML Applicaiton) --> MRENCLAVE
-	public_key --> MRSIGNER
+
+```eval_rst
+.. mermaid::
+   graph LR
+      subgraph SGX enclave
+      MRENCLAVE(fa:fa-file-signature MRENCLAVE)
+      MRSIGNER(fa:fa-file-signature MRSIGNER)
+      end
+      subgraph enclave-key
+      private_key(fa:fa-key private key)
+      public_key(fa:fa-key public key)
+      end
+      private_key --> MRENCLAVE
+      ppml_application(PPML Applicaiton) --> MRENCLAVE
+      public_key --> MRSIGNER
 ```
 
 In this guide, we will demonstrate how to go through these 2 stages step by step.