A hardware-rooted chain of trust verifies the integrity of every relevant component in the cloud platform, giving you security automation that flexibly integrates into the DevOps pipeline. A true chain of trust would start in the host chip firmware and build up through the container engine and orchestration system, securing all critical data and workloads during an application’s lifecycle.
Hardware is the ideal foundation because it is rooted in silicon, making it difficult for hackers to alter.
The chain of trust would be built from this root using the measure-and-verify security model, with each component measuring, verifying and launching the next level. This process would extend to the container engine, creating a trust boundary, with measurements stored in a Trusted Platform Module (TPM) on the host.
Read more at The New Stack