The policy is calculated right into a PCR of your Confidential VM's vTPM (which is matched in The important thing release plan over the KMS With all the anticipated plan hash for that deployment) and enforced by a hardened container runtime hosted in Each and every instance. The runtime monitors commands through the Kubernetes Regulate airplane,