The plan is calculated into a PCR of your Confidential VM's vTPM (which can be matched in The main element launch policy around the KMS While using the anticipated plan hash for the deployment) and enforced by a hardened container runtime hosted inside of Each and every occasion. The runtime displays instructions with the Kubernetes Regulate airc