for the duration of boot, a PCR on the vTPM is prolonged with the root of the Merkle tree, and later on confirmed with the KMS before releasing the HPKE private critical. All subsequent reads in the root partition are https://bookmarksparkle.com/story18428997/confidential-ai-intel-can-be-fun-for-anyone