The plan is calculated right into a PCR of the Confidential VM's vTPM (which can be matched in The true secret launch plan over the KMS While using the anticipated coverage hash for the deployment) and enforced by a hardened container runtime hosted in Each individual occasion. The runtime screens commands in the Kubernetes control plane, and ens… Read More