From 582cc04be6162f10adcd13918ee37a6245449191 Mon Sep 17 00:00:00 2001
From: Justin Chadwell <me@jedevc.com>
Date: Mon, 6 Feb 2023 10:53:49 +0000
Subject: [PATCH] build: add docs for boolean attestation flags

Signed-off-by: Justin Chadwell <me@jedevc.com>
(cherry picked from commit 07548bc898d803272a8be4f1bd281b0415ee4c73)
---
 docs/reference/buildx_build.md | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/docs/reference/buildx_build.md b/docs/reference/buildx_build.md
index f56ab1f6..60ea921a 100644
--- a/docs/reference/buildx_build.md
+++ b/docs/reference/buildx_build.md
@@ -88,6 +88,9 @@ BuildKit currently supports:
   Use `--attest=type=provenance` to generate provenance for an image at
   build-time. Alternatively, you can use the [`--provenance` shorthand](#provenance).
 
+  By default, a minimal provenance attestation will be created for the build
+  result, which will only be attached for images pushed to registries.
+
   For more information, see [here](https://docs.docker.com/build/attestations/slsa-provenance/).
 
 ### <a name="allow"></a> Allow extra privileged entitlement (--allow)
@@ -477,8 +480,20 @@ $ docker buildx build --load --progress=plain .
 
 ### <a name="provenance"></a> Create provenance attestations (--provenance)
 
-Shorthand for [`--attest=type=provenance`](#attest). Enables provenance
-attestations for the build result.
+Shorthand for [`--attest=type=provenance`](#attest), used to configure
+provenance attestations for the build result. For example,
+`--provenance=mode=max` can be used as an abbreviation for
+`--attest=type=provenance,mode=max`.
+
+Additionally, `--provenance` can be used with boolean values to broadly enable
+or disable provenance attestations. For example, `--provenance=false` can be
+used to disable all provenance attestations, while `--provenance=true` can be
+used to enable all provenance attestations.
+
+By default, a minimal provenance attestation will be created for the build
+result, which will only be attached for images pushed to registries.
+
+For more information, see [here](https://docs.docker.com/build/attestations/slsa-provenance/).
 
 ### <a name="push"></a> Push the build result to a registry (--push)
 
@@ -487,8 +502,16 @@ build result to registry.
 
 ### <a name="sbom"></a> Create SBOM attestations (--sbom)
 
-Shorthand for [`--attest=type=sbom`](#attest). Enables SBOM attestations for
-the build result.
+Shorthand for [`--attest=type=sbom`](#attest), used to configure SBOM
+attestations for the build result. For example,
+`--sbom=generator=<user>/<generator-image>` can be used as an abbreviation for
+`--attest=type=sbom,generator=<user>/<generator-image>`.
+
+Additionally, `--sbom` can be used with boolean values to broadly enable or
+disable SBOM attestations. For example, `--sbom=false` can be used to disable
+all SBOM attestations.
+
+For more information, see [here](https://docs.docker.com/build/attestations/sbom/).
 
 ### <a name="secret"></a> Secret to expose to the build (--secret)