Hi everyone,

I’m working on a system with two components:

1. Orchestrator Node

• Coordinates tasks and sends requests to distributed containers.

2. Distributed Container Node

• A minimal Docker container (built from scratch) that exposes an HTTP endpoint.
• These containers are designed to be run by anyone, so we don’t control the host environment.

is it possible ensure runtime integrity for a distributed container in this scenario?
How can the Orchestrator verify if it’s communicating with a genuine, untampered Distributed node?

I think the hacking of most game consoles proves so far that you can’t make things secure, when people get a hand on it, even if it’s your own custom hardware.

With latest CPUs you can do “confidential computing” and run attestation on workloads (wiki), that might help to solve your use-case.