throughout boot, a PCR from the vTPM is extended Using the root of the Merkle tree, and later on confirmed because of the KMS just before releasing the HPKE non-public crucial. All subsequent reads from the foundation partition are checked against the Merkle tree. This makes certain that the complete contents of the basis partition are attested and