Is your feature request related to a problem? Please describe.
A built-in support for Trusted Execution Environment (TEE) validation. This limits its ability to enforce hardware-rooted trust for container image integrity-critical for regulated or high-security enterprise environments.
Describe the solution you'd like
Add native TEE support to verify that container images are pulled and executed only within attested, secure enclaves (e.g., Intel SGX, AMD SEV, or Arm TrustZone). This would include:
- Integration with attestation services (e.g., Open Confidential Computing Consortium standards)
- Optional policy enforcement for TEE-compliant image pulls
- Metadata tagging in Artifact Hub to indicate TEE readiness
Describe alternatives you've considered
n/a
Additional context
- It's 2026, and lots' of enterprise will take the self-hosted AI route. I think we need this.
- Willing to work on this one.
- More context:
Is your feature request related to a problem? Please describe.
A built-in support for Trusted Execution Environment (TEE) validation. This limits its ability to enforce hardware-rooted trust for container image integrity-critical for regulated or high-security enterprise environments.
Describe the solution you'd like
Add native TEE support to verify that container images are pulled and executed only within attested, secure enclaves (e.g., Intel SGX, AMD SEV, or Arm TrustZone). This would include:
Describe alternatives you've considered
n/a
Additional context