feat: update documentation for v5.2 release

Update version section from 4.* to 5.* with release history.
Document bare metal (v5.1) and GPU (v5.2) support milestones.
Note that bare metal is currently tested on SNO only.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: butler54

README.md

@@ -22,25 +22,22 @@ The topology is controlled by the `main.clusterGroupName` field in `values-globa
 
 Azure deployments use peer-pods, which provision confidential VMs (`Standard_DCas_v5` family) directly on the Azure hypervisor. Bare metal deployments use layered images and hardware TEE features directly.
 
-## Current version (4.*)
+## Current version (5.*)
 
-Breaking change from v3. This is the first version using GA (Generally Available) releases of the CoCo stack:
+Breaking change from v4. Uses GA releases of the CoCo stack with Kyverno-based initdata injection.
 
-- **OpenShift Sandboxed Containers 1.12+** (requires OCP 4.19.28+)
-- **Red Hat Build of Trustee 1.1** (GA release; all versions prior to 1.0 were Technology Preview)
-- External chart repositories for [Trustee](https://github.com/validatedpatterns/trustee-chart), [sandboxed-containers](https://github.com/validatedpatterns/sandboxed-containers-chart), and [sandboxed-policies](https://github.com/validatedpatterns/sandboxed-policies-chart)
-- Self-signed certificates via cert-manager (Let's Encrypt no longer required)
-- Multi-cluster support via ACM
+- **5.0** — Kyverno-based `cc_init_data` injection (replaces MutatingAdmissionPolicy), OSC 1.12 / Trustee 1.1 GA, external chart repositories, self-signed certificates via cert-manager, multi-cluster support via ACM. Requires OCP 4.19.28+.
+- **5.1** — Bare metal support for Intel TDX and AMD SEV-SNP via NFD auto-detection. Currently tested on SNO (Single Node OpenShift) configurations only.
+- **5.2** — NVIDIA H100 confidential GPU support for bare metal (`baremetal-gpu` clusterGroup). Adds GPU Operator, IOMMU configuration, CC Manager, and sample CUDA workload.
 
 ### Previous versions
 
-All previous versions used pre-GA (Technology Preview) releases of Trustee:
-
-| Version | Trustee | OSC | Min OCP |
-|---------|---------|-----|---------|
-| **3.*** | 0.4.* (Tech Preview) | 1.10.* | 4.16+ |
-| **2.*** | 0.3.* (Tech Preview) | 1.9.* | 4.16+ |
-| **1.0.0** | 0.2.0 (Tech Preview) | 1.8.1 | 4.16+ |
+| Version | Trustee | OSC | Min OCP | Notes |
+|---------|---------|-----|---------|-------|
+| **4.*** | 1.1 (GA) | 1.12 | 4.19.28+ | First GA release; MutatingAdmissionPolicy-based initdata |
+| **3.*** | 0.4.* (Tech Preview) | 1.10.* | 4.16+ | |
+| **2.*** | 0.3.* (Tech Preview) | 1.9.* | 4.16+ | |
+| **1.0.0** | 0.2.0 (Tech Preview) | 1.8.1 | 4.16+ | |
 
 ## Setup
 
@@ -100,6 +97,8 @@ These scripts generate the cryptographic material and attestation measurements n
 4. `./pattern.sh make install`
 5. Wait for the cluster to reboot nodes (MachineConfig updates for TDX kernel parameters and vsock)
 
+> **Note:** Bare metal support is currently tested on SNO (Single Node OpenShift) configurations. Multi-node bare metal clusters are expected to work but have not been validated yet.
+
 The system auto-detects your hardware:
 
 - **NFD** discovers Intel TDX or AMD SEV-SNP capabilities and labels nodes