The talk discusses the development of a new trust for machine arrest, focusing on appliances for data centers. The key pieces include the use of security platform and TPM2 demands, ensuring unique identity and device authenticity, securely establishing trust through the kernel and user space, verifying software authenticity before accessing secrets and incorporating continuous updates. The runtime process involves unlocking storage, accessing registers and verifying certificates before starting services. Offline protection and prevention of zero-day attacks are also discussed. Updates require verification of signatures and layers before restarting services or rebooting the system.