I understand the concern (to some extent). I personally wouldn’t invest that level of energy in worrying about my control plane unless I had really good tight control of the software supply chain that goes into my product. Like do I have a SBOM? Do I have SLSA Level 3 in my stack to ensure that outside parties or hijacked open source projects cannot directly inject dependencies into my code base without my knowledge (or at least with a clear chain of how it got there and how to rip it out). That to me seems like a more likely threat model.
I understand the concern (to some extent). I personally wouldn’t invest that level of energy in worrying about my control plane unless I had really good tight control of the software supply chain that goes into my product. Like do I have a SBOM? Do I have SLSA Level 3 in my stack to ensure that outside parties or hijacked open source projects cannot directly inject dependencies into my code base without my knowledge (or at least with a clear chain of how it got there and how to rip it out). That to me seems like a more likely threat model.
However it does seem like Google has something to address this specific usecase: https://cloud.google.com/confidential-computing. I think it meets all the requirements laid out.
Matthew has already written about the GCP confidential computing part, and it is apparently not up to snuff.
https://twitter.com/mjg59/status/1602436842015510528