Update Dockerfile to patch OS vulnerabilities and update README

Author: jimmychiuuuu

Dockerfile

@@ -4,6 +4,11 @@ COPY . /src
 RUN CGO_ENABLED=0 go build -o /cc-device-plugin
 
 FROM debian:trixie-slim
-LABEL maintainer="ruidezhang <ruidezhang@google.com>"
+LABEL maintainer="jimmychiu <jimmychiu@google.com>"
+
+# Update and upgrade OS packages to patch vulnerabilities
+RUN apt update && apt -y upgrade
+RUN apt -y autoremove
+
 COPY --from=build /cc-device-plugin /cc-device-plugin
 ENTRYPOINT ["/cc-device-plugin"]

README.md

@@ -2,20 +2,43 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/google/cc-device-plugin)](https://goreportcard.com/report/github.com/google/cc-device-plugin)
 
 ## Introduction
-This is a [Kubernetes][k8s] [device plugin][dp] implementation that enables the
-registration of Confidential Computing devices in a Google
-Kubernetes Engine (GKE) for compute workload. With the appropriate GKE setup and
-this plugin deployed in your Kubernetes cluster, you will be able to run jobs
-(e.g. Attestation) that require Confidential Computing devices. (Note that: Current version supports [TPM][tpm]. Support for [SEV SNP][sevsnp] and [TDX][tdx] are on the way.)
+
+This is a [Kubernetes][k8s] [device plugin][dp] implementation that enables
+the registration of Confidential Computing devices in a Google Kubernetes
+Engine (GKE) cluster for compute workloads. With the appropriate GKE setup
+and this plugin deployed, your Kubernetes cluster will be able to run jobs
+(e.g., Attestation) that require Confidential Computing devices.
+
+This plugin supports the following technologies on GKE:
+*   **vTPM / AMD SEV:** Exposes `google.com/cc` resource.
+*   **AMD SEV-SNP:** Exposes `amd.com/sev-snp` resource. Requires AMD SNP machines.
+*   **Intel TDX:** Exposes `intel.com/tdx` resource. Requires Intel TDX machines.
 
 ## Prerequisites
-* GKE
+*   A GKE cluster with node pools configured to support the desired
+    Confidential Computing technology (SEV, SEV-SNP, or TDX). This
+    includes selecting appropriate machine types and enabling Confidential
+    Nodes in the node pool settings.
+*   For SEV-SNP, ensure the node pool uses AMD SEV-SNP machine types.
+*   For TDX, ensure the node pool uses Intel TDX machine types.
 
 ## Limitations
-* This plugin targets Kubernetes v1.18+.
+*   This plugin targets Kubernetes v1.18+.
+*   Refer to [Confidential VM Supported Configurations](https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations)
+    for specific version and region availability.
+
 
 ## Deployment
-The device plugin needs to be run on all the nodes that are equipped with Confidential Computing devices (e.g. TPM).  The simplest way of doing so is to create a Kubernetes [DaemonSet][dp], which run a copy of a pod on all (or some) Nodes in the cluster.  We have a pre-built Docker image on [Google Artifact Registry][release] that you can use for with your DaemonSet.  This repository also have a pre-defined yaml file named `cc-device-plugin.yaml`.  You can create a DaemonSet in your Kubernetes cluster by running this command:
+The device plugin needs to be run on all the nodes that are equipped with
+Confidential Computing devices.  The simplest way to do this is to create a
+Kubernetes [DaemonSet][dp], which runs a copy of a pod on all (or some) Nodes
+in the cluster. 
+
+We have a pre-built Docker image on [Google Artifact Registry][release] that
+you can use with your DaemonSet.  This repository also has a pre-defined yaml
+file named `cc-device-plugin.yaml`.  You can create a DaemonSet in your
+Kubernetes cluster by running this command using a stable version from the
+release repository:
 
 ```
 kubectl create -f manifests/cc-device-plugin.yaml