ra-tls: Update README.md to keep consistent with 0.4.0

Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

ra-tls/README.md

-# Configure SGX RA settings
-``` shell
+# Before you start
+- Refer to [this guide](https://github.com/alibaba/inclavare-containers#rune) to build `rune` from scratch.
+- Register a `SPID` and `Subscription Key` of [IAS](https://api.portal.trustedservices.intel.com/EPID-attestation). After the registration, Intel will respond with a SPID which is needed to communicate with IAS.
+
+# Run stub with Docker
+## Configure SGX RA settings
+```shell
 export SPID=<hex string>
 export EPID_SUBSCRIPTION_KEY=<hex string>
 export QUOTE_TYPE=<SGX_LINKABLE_SIGNATURE | SGX_UNLINKABLE_SIGNATURE>
 ```
 
-# Build Stub Enclave
-``` shell
-cd "${path_to_inclavare_containers}/stub-enclave"
-make
-sudo make install
+## Install dependency
+```shell
+yum install -y patch autoconf automake libtool
 ```
 
-# Build Docker images
-## Prepare the materials
-``` shell
-mkdir lib
-cp /usr/lib/x86_64-linux-gnu/libsgx_urts.so lib
-cp /usr/lib/x86_64-linux-gnu/libsgx_uae_service.so lib
-cp /usr/lib/x86_64-linux-gnu/libsgx_enclave_common.so.1 lib
-cp /usr/lib/x86_64-linux-gnu/libprotobuf.so.10 lib
-cp /lib/x86_64-linux-gnu/libseccomp.so.2 lib
+## Build liberpal-stub
+```shell
+cd "${path_to_inclavare_containers}/ra-tls"
+make
+cp pal/liberpal-stub.so /usr/lib
 ```
 
-## Dockerfile
-``` shell
+# Build stub container image
+```shell
+cd "${path_to_inclavare_containers}/ra-tls/stub-enclave"
+cat >Dockerfile <<EOF
 FROM ubuntu:18.04
   
 RUN mkdir -p /run/rune/stub-enclave
 WORKDIR /run/rune
 
-COPY lib                        /lib
-COPY liberpal-stub.so         .
 COPY Wolfssl_Enclave.signed.so  stub-enclave
+EOF
+docker build -t stub-enclave .
+```
+
+# Run stub container image with rune
+## Configure OCI runtime
+Refer to [this guide](https://github.com/alibaba/inclavare-containers/blob/master/rune/libenclave/internal/runtime/pal/skeleton/README.md#configure-oci-runtime) to configure OCI runtime in dockerd config file.
+
+## Run stub container image with rune
+```shell
+docker run -it --rm --runtime=rune -e ENCLAVE_TYPE=intelSgx \
+	-e ENCLAVE_RUNTIME_PATH=/usr/lib/liberpal-stub.so \
+	-e ENCLAVE_RUNTIME_ARGS=stub-enclave stub-enclave
+```
+
+# Run stub OCI bundle
+## Create stub bundle
+In order to use `rune` you must have your container image in the format of an OCI bundle. If you have Docker installed you can use its `export` method to acquire a root filesystem from an existing stub-enclave Docker container image.
 
-RUN ldconfig
+```shell
+# create the top most bundle directory
+cd "$HOME/rune_workdir"
+mkdir rune-container
+cd rune-container
+
+# create the rootfs directory
+mkdir rootfs
+
+# export stub-enclave image via Docker into the rootfs directory
+docker export $(docker create stub-enclave) | sudo tar -C rootfs -xvf -
 ```
 
-``` shell
-docker build -t ${stub-enclave-image} .
+After a root filesystem is populated you just generate a spec in the format of a config.json file inside your bundle. `rune` provides a spec command which is similar to `runc` to generate a template file that you are then able to edit.
+
+```shell
+rune spec
 ```
 
-# run stub-enclave images with rune
-``` shell
-docker run -it --rm --runtime=rune -e ENCLAVE_TYPE=intelSgx \
-	-e ENCLAVE_RUNTIME_PATH=/lib/liberpal-stub.so \
-	-e ENCLAVE_RUNTIME_ARGS=stub-enclave ${stub-enclave-image}
+To find features and documentation for fields in the spec please refer to the [specs](https://github.com/opencontainers/runtime-spec) repository.
+
+In order to run the stub-enclave bundle with `rune`, you need to configure enclave runtime as following:
+```json
+  "annotations": {
+      "enclave.type": "intelSgx",
+      "enclave.runtime.path": "/usr/lib/liberpal-stub.so",
+      "enclave.runtime.args": "stub-enclave"
+  }
+```
+
+where:
+- @enclave.type: specify the type of enclave hardware to use, such as intelSgx.
+- @enclave.runtime.path: specify the path to enclave runtime to launch.
+- @enclave.runtime.args: specify the specific arguments to enclave runtime, seperated by the comma.
+
+## Run stub
+Assuming you have an OCI bundle from the previous step you can execute the container in this way.
+
+```shell
+cd "$HOME/rune_workdir/rune-container"
+sudo rune run stub-enclave-container
 ```