Verifies signed boot components. Unsigned kernel modules (e.g. NVIDIA, DKMS) fail to load.

See the Shielded VM documentation.