for the duration of boot, a PCR in the vTPM is prolonged Together with the root of this Merkle tree, and afterwards verified via the KMS before releasing the HPKE private key. All subsequent reads from the root partition are checked towards the Merkle tree. This makes certain that your complete contents of the basis partition are attested and any t