Docs: secure laptop showcase

Signed-off-by: Jenni Nikolaenko <[email protected]>

docs/src/scenarios/run_win_vm.md

@@ -7,6 +7,8 @@
 
 You can run Windows 11 in a VM on Ghaf with NVIDIA Jetson Orin AGX (ARM64) or Generic x86 device. This method uses [QEMU](https://www.qemu.org/) as VMM. For information on how to build and run a Ghaf image, see [Build and Run](../ref_impl/build_and_run.md).
 
+![Windows 11 in VM](../img/windows_in_vm.png)
+
 
 ## Getting Windows 11 Image
 

docs/src/scenarios/showcases.md

@@ -7,6 +7,25 @@
 
 The Ghaf Platform can be used in various different environments, configurations, and hardware to serve several purposes. Ghaf is not a fully-fledged product but a module that can serve as a centerpiece to enable secure edge systems.
 
+### Secure Laptop
+
+Secure Laptop demonstrates how our open-source Ghaf Platform can increase the security offering for laptops through hardware-backed isolation by means of virtualization. We use Lenovo ThinkPad X1 Carbon Gen 11 as a target device.
+
+In this showcase, the following applications are running in isolated VMs:
+
+* [Windows VM](./run_win_vm.md)
+* Browser VM that can be used as an application launcher. For example, MS Office suite running in the Browser environment. All data is stored in the enterprise cloud.
+* PDF Viewer VM. No data can be extracted or shared locally.
+* [Cloud Android VM](./run_cuttlefish.md) for secure communication.
+
+Each VM operates independently and securely within its own isolated environment, without interference from other VMs running on the same physical hardware. Additionally beneath the surface Ghaf contains two hidden system VMS:
+
+* [Networking VM](../architecture/adr/netvm.md)
+* [GUI VM](../architecture/stack.md#system-vms)
+
+![Ghaf Secure Laptop](../img/secure_laptop.drawio.svg)
+
+
 ## In This Chapter
 
 - [Running Windows VM on Ghaf](./run_win_vm.md)