Is there any reasonable way to enable users of a UNIX-like machine to run workloads that users with root on the machine cannot snoop nor tamper with?
I’d be looking for a "complete" package; preferably a EU-based VPS provider (or bare metal if costs are reasonable) + whatever is needed to run the workloads. (Processes would be ideal, but I expect this can only be done with virtual machines? This might require nested virtualization under a VPS?)
The acceptance criteria is that people can run services in a way that even users with root on the machine could not read secrets, manipulate binaries, etc. Users should be able to verify somehow this- I expect that confidential computing hardware can generate some signature that can be verified to belong to the hardware manufacturer.
–…
Is there any reasonable way to enable users of a UNIX-like machine to run workloads that users with root on the machine cannot snoop nor tamper with?
I’d be looking for a "complete" package; preferably a EU-based VPS provider (or bare metal if costs are reasonable) + whatever is needed to run the workloads. (Processes would be ideal, but I expect this can only be done with virtual machines? This might require nested virtualization under a VPS?)
The acceptance criteria is that people can run services in a way that even users with root on the machine could not read secrets, manipulate binaries, etc. Users should be able to verify somehow this- I expect that confidential computing hardware can generate some signature that can be verified to belong to the hardware manufacturer.
Longer explanation:
I’m still prototyping on a "tilde-like" system for a community. A tilde can be useful without confidential computing, but I believe adding confidential computing could unlock many possibilities.
I guess most tildes operate with some degree of trust, but for example, I expect most people would feel icky to use a tilde account for serious email- whomever has root on the machine could snoop on the email undetectably.
Esp. because another theme I would like to achieve for this community tilde would be to make all users administrators (and maintain the tilde via infrastructure as code, so users could self-manage adding new services, for example).