Update Dockerfile to patch OS vulnerabilities and update README

Author: jimmychiuuuu

Dockerfile

@@ -4,6 +4,11 @@ COPY . /src
 RUN CGO_ENABLED=0 go build -o /cc-device-plugin
 
 FROM debian:trixie-slim
-LABEL maintainer="ruidezhang <ruidezhang@google.com>"
+LABEL maintainer="jimmychiu <jimmychiu@google.com>"
+
+# Update and upgrade OS packages to patch vulnerabilities
+RUN apt update && apt -y upgrade
+RUN apt -y autoremove
+
 COPY --from=build /cc-device-plugin /cc-device-plugin
 ENTRYPOINT ["/cc-device-plugin"]

README.md

@@ -2,20 +2,27 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/google/cc-device-plugin)](https://goreportcard.com/report/github.com/google/cc-device-plugin)
 
 ## Introduction
-This is a [Kubernetes][k8s] [device plugin][dp] implementation that enables the
-registration of Confidential Computing devices in a Google
-Kubernetes Engine (GKE) for compute workload. With the appropriate GKE setup and
-this plugin deployed in your Kubernetes cluster, you will be able to run jobs
-(e.g. Attestation) that require Confidential Computing devices. (Note that: Current version supports [TPM][tpm]. Support for [SEV SNP][sevsnp] and [TDX][tdx] are on the way.)
+This is a [Kubernetes][k8s] [device plugin][dp] implementation that enables the registration of Confidential Computing devices in a Google Kubernetes Engine (GKE) for compute workload. With the appropriate GKE setup and this plugin deployed in your Kubernetes cluster, you will be able to run jobs (e.g. Attestation) that require Confidential Computing devices.
+
+This plugin supports the following technologies on GKE:
+*   **vTPM / AMD SEV:** Exposes `google.com/cc` resource.
+*   **AMD SEV-SNP:** Exposes `amd.com/sev-snp` resource. Requires N2D machines with AMD Milan or later.
+*   **Intel TDX:** Exposes `intel.com/tdx` resource. Requires C3 machines.
 
 ## Prerequisites
-* GKE
+*   A GKE cluster with node pools configured to support the desired Confidential Computing technology (SEV, SEV-SNP, or TDX). This includes selecting appropriate machine types and enabling Confidential Nodes in the node pool settings.
+*   For SEV-SNP, ensure the N2D node pool uses the "AMD Milan" minimum CPU platform.
+*   For TDX, ensure the node pool uses C3 machine types.
 
 ## Limitations
-* This plugin targets Kubernetes v1.18+.
+*   This plugin targets Kubernetes v1.18+.
+*   Refer to [Confidential VM Supported Configurations](https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations) for specific version and region availability.
+
 
 ## Deployment
-The device plugin needs to be run on all the nodes that are equipped with Confidential Computing devices (e.g. TPM).  The simplest way of doing so is to create a Kubernetes [DaemonSet][dp], which run a copy of a pod on all (or some) Nodes in the cluster.  We have a pre-built Docker image on [Google Artifact Registry][release] that you can use for with your DaemonSet.  This repository also have a pre-defined yaml file named `cc-device-plugin.yaml`.  You can create a DaemonSet in your Kubernetes cluster by running this command:
+The device plugin needs to be run on all the nodes that are equipped with Confidential Computing devices.  The simplest way to do this is to create a Kubernetes [DaemonSet][dp], which runs a copy of a pod on all (or some) Nodes in the cluster. 
+
+We have a pre-built Docker image on [Google Artifact Registry][release] that you can use for with your DaemonSet.  This repository also have a pre-defined yaml file named `cc-device-plugin.yaml`.  You can create a DaemonSet in your Kubernetes cluster by running this command using a stable version from the release repository:
 
 ```
 kubectl create -f manifests/cc-device-plugin.yaml