From 4902b8ab09d7cb30b74f28fee08a5a1d0eb88546 Mon Sep 17 00:00:00 2001
From: peg <ameba23@systemli.org>
Date: Tue, 19 May 2026 09:46:49 +0200
Subject: [PATCH] Add readme for PCCS crate

---
 crates/pccs/README.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 crates/pccs/README.md

diff --git a/crates/pccs/README.md b/crates/pccs/README.md
new file mode 100644
index 0000000..e1a3cfd
--- /dev/null
+++ b/crates/pccs/README.md
@@ -0,0 +1,28 @@
+# pccs
+
+An internal Provisioning Certificate Caching Service implementation for DCAP
+collateral fetching and caching.
+
+This crate is used by attestation verification code that needs Intel TDX/SGX
+collateral such as TCB info, QE identity, and certificate revocation lists.
+
+It can:
+
+- Fetch collateral from Intel PCS or a configured PCCS endpoint
+- Cache collateral in-process
+- Pre-warm the cache at startup
+- Refresh cached collateral in the background before expiry
+
+This is an alternative to Intel's reference PCCS server implementation which
+can be embedded in Rust services that verify quotes.
+
+For Intel's terminology and architecture, see the Intel documentation for the
+[Provisioning Certificate Caching Service (PCCS)](https://cc-enabling.trustedservices.intel.com/intel-sgx-tdx-pccs/01/introduction/).
+
+## Runtime Requirements
+
+This crate expects to be used from within a Tokio runtime.
+
+The above applies even when calling synchronous-looking APIs such as
+`get_collateral_sync()` because cache miss repair, proactive refresh, and
+startup pre-warm are all driven by Tokio background tasks.