Currently hacking away at https://github.com/lockboot
Using UEFI SecureBoot + vTPM for cloud root-of-trust, a stack to prove what's released on github/gitlab is what's actually running on GCP/EC2 (and soon Azure & AliYun).
I was annoyed that so many companies in the Web3 space would do the on-chain theater of verified contracts and "audits" then 99% of their infra would be deployed on EC2 (or god forbid Vercel) in full un-ironic "Trust Me Bro" mode.
It's a different trust model from SGX/TDX, more pragmatic and hopefully easier/cheaper. Currently polishing off "Docker to verifiable cloud VM" stuff, and then gVisor support next.