The policy is calculated into a PCR in the Confidential VM's vTPM (which can be matched in the key release plan on the KMS Together with the expected policy hash for the deployment) and enforced by a hardened container runtime hosted inside of Each individual instance. The runtime screens instructions from the Kubernetes Handle aircraft, and make