We are working in a set of patches for the linux kernel that will enable the use of virtual TPMs inside containers. The goal is to be able to verify the integrity of files inside containers.
We would like to use this feature in Kubernetes. We are working on some experimental changes in containerd, CRI API and OCI API.
We'd like to hear your thoughts. Would this feature be useful? If we see good feedback, we will start working on a KEP.