Protected compute enclaves
Third-party GPU execution with attestation, encrypted package release, runtime evidence, and zeroized cleanup.
Five chapters. One continuous proof story.
The research path moves from a single protected RunPod lifecycle, to provider and GPU breadth, then to same-instance overhead, a cleaner H100 repeat, and real Qwen LoRA wall-clock rows up to 7B on A4000 and H100.
The first three reads in this boundary.
These notes give the clearest path from product behavior to measured evidence before the full archive.
Glasshouse kept Qwen 7B H100 overhead inside same-instance variance.
Follow-up to the H100 overhead work: Qwen 0.5B duration rows, Qwen 7B wall-clock rows, and a 30k-step protected-first H100 repeat ran with verified attestation, distinct adapter digests, and zeroized cleanup.
Glasshouse measured 2.58% overhead on the same H100 allocation.
Follow-up to the same-instance overhead work: protected and raw 30-minute training ran sequentially on one RunPod Secure H100 pod, with verified attestation, zeroized cleanup, and 0 active pods after completion.
Glasshouse passed RunPod Secure GPU portability across RTX PRO, H100, H200, and B200.
Follow-up to the original RunPod proof: four RunPod Secure GPU classes passed, H100 sustained for 15 minutes, and corrected MLP overhead stayed inside runtime variance on RunPod and Vast.ai.
Full archive for this boundary.
Glasshouse same-instance H100 overhead measured 18.05% at 30 minutes.
Follow-up to the RunPod proof: raw and protected training ran sequentially on one H100 allocation, Vast.ai passed a same-instance check, and Qwen 0.5B plus 7B LoRA workloads completed.
Glasshouse ran 30 minutes of protected training on a RunPod RTX 3090.
The first Glasshouse compute proof: encrypted package delivery, manifest-driven attestation, gated key release, 30 minutes of CUDA/PyTorch training, and zeroized cleanup.