The coverage is measured right into a PCR on the Confidential VM's vTPM (which happens to be matched in The important thing release plan on the KMS While using the envisioned policy hash to the deployment) and enforced by a hardened container runtime hosted within just Just about every occasion. The runtime displays commands within the Kubernetes