No _ in id names for whatever reason

schaefi · schaefi · commit 05655ff62005 · 2026-03-02T18:00:04.000+01:00
diff --git a/xml/cha_images.xml b/xml/cha_images.xml
@@ -691,7 +691,7 @@
        system administrators, or system-level software can view or modify
        data in use.
      </para>
-     <sect2 xml:id="_trusted_execution_environment_tee">
+     <sect2 xml:id="trusted-execution-environment-tee">
        <title>Trusted Execution Environment (TEE)</title>
        <para>
          At the heart of confidential computing is the Trusted Execution Environment (TEE).
@@ -728,14 +728,14 @@
          </varlistentry>
        </variablelist>
      </sect2>
-     <sect2 xml:id="_key_concepts_on_aws">
+     <sect2 xml:id="key-concepts-on-aws">
        <title>Key Concepts on AWS</title>
        <para>
          AWS implements the TEE concepts through a combination of Nitro
          Trusted Platform Module (TPM) technology, specialized OS images,
          and Nitro Enclaves.
        </para>
-       <sect3 xml:id="_isolation_on_aws">
+       <sect3 xml:id="isolation-on-aws">
          <title>Isolation on AWS</title>
          <para>
            Isolation is achieved using images that provide an overlay-based read-only system.
@@ -744,7 +744,7 @@
            remotely accessible to minimize the attack surface.
          </para>
        </sect3>
-       <sect3 xml:id="_attestation_on_aws">
+       <sect3 xml:id="attestation-on-aws">
          <title>Attestation on AWS</title>
          <para>
            The image boots via a PCR-measured Unified Kernel Image (UKI) containing the kernel,
@@ -763,7 +763,7 @@
            </listitem>
          </itemizedlist>
        </sect3>
-       <sect3 xml:id="_memory_encryption_and_nitro_enclaves">
+       <sect3 xml:id="memory-encryption-and-nitro-enclaves">
          <title>Memory Encryption and Nitro Enclaves</title>
          <para>
            While the base instance runs in overlayfs mode (writing to memory only),
@@ -777,9 +777,9 @@
          </para>
        </sect3>
      </sect2>
-     <sect2 xml:id="_practical_guide_deploying_attestable_images">
+     <sect2 xml:id="practical-guide-deploying-attestable-images">
        <title>Practical Guide: Deploying Attestable Images</title>
-       <sect3 xml:id="_1_fetch_and_register_the_image">
+       <sect3 xml:id="fetch-and-register-the-image">
          <title>1. Fetch and Register the Image</title>
          <para>
            To start, you need an attestable image. For example, a SUSE Linux
@@ -809,7 +809,7 @@
            </para>
          </important>
        </sect3>
-       <sect3 xml:id="_2_pcr_measurements">
+       <sect3 xml:id="pcr-measurements">
          <title>2. PCR Measurements</title>
          <para>
            Before launching, download the precomputed PCR measurements:
@@ -821,7 +821,7 @@
            instance.
          </para>
        </sect3>
-       <sect3 xml:id="_3_launching_the_instance">
+       <sect3 xml:id="launching-the-instance">
          <title>3. Launching the Instance</title>
          <para>
            Select an instance type that supports Nitro TPM and Enclaves (e.g.,
@@ -830,7 +830,7 @@
            is explicitly enabled.
          </para>
        </sect3>
-       <sect3 xml:id="_4_verifying_the_tee">
+       <sect3 xml:id="verifying-the-tee">
          <title>4. Verifying the TEE</title>
          <para>
            Once logged into the instance, you can generate an attestation
@@ -860,7 +860,7 @@ $ show-nitrotpm-pcrs
          </itemizedlist>
        </sect3>
      </sect2>
-     <sect2 xml:id="_managing_the_enclave_workload">
+     <sect2 xml:id="managing-the-enclave-workload">
        <title>Managing the Enclave Workload</title>
        <para>
          The workload itself is packaged as an AWS Enclave Image (<literal>.eif</literal>)
@@ -875,7 +875,7 @@ $ show-nitrotpm-pcrs
          is not meant to be a real-world application but serves as a demonstration of how
          to build and run an enclave that can attest its integrity.
        </para>
-       <sect3 xml:id="_running_the_enclave">
+       <sect3 xml:id="running-the-enclave">
          <title>Running the Enclave</title>
          <para>
            Use the <literal>nitro-cli</literal> tool to launch your workload:
@@ -888,7 +888,7 @@ $ pushd /data $ nitro-cli run-enclave \
 $ nitro-cli describe-enclaves
          </programlisting>
        </sect3>
-       <sect3 xml:id="_enclave_attestation">
+       <sect3 xml:id="enclave-attestation">
          <title>Enclave Attestation</title>
          <para>
            To verify the enclave's integrity, connect to it via <literal>vsock</literal>:
@@ -911,7 +911,7 @@ $ vsock_client Enclave-CID
          </itemizedlist>
        </sect3>
      </sect2>
-     <sect2 xml:id="_future_directions_for_suse">
+     <sect2 xml:id="future-directions-for-suse">
        <title>Future Directions for SUSE</title>
        <para>
          Efforts are underway to deepen SUSE support for AWS
