Existing cross-domain confidential computing frameworks either rely on high-overhead user-space library operating systems or are confined to single-host execution, struggling to balance security and performance. This work proposes a split Trusted Computing Base (TCB) architecture that orchestrates a hardware-isolated control plane with a kernel-based eBPF data plane to enable verifiable workflow execution across untrusted networks. The design enforces encrypted routing policies in the kernel by integrating hardware-measurement-bound key release, Mutual Authentication Key Exchange (MAKE), and Trusted Execution Environment (TEE) federation. Experimental results demonstrate a per-packet policy enforcement overhead of only 6 μs and an end-to-end latency increase of 13–15 μs. The distributed pipeline incurs just a 6.1% performance degradation compared to a plaintext baseline—substantially outperforming user-space alternatives (62% overhead)—and achieves cluster initialization in under 1.5 seconds for a 100-node deployment.

Confidential high-performance computing orchestrates workloads across federated domains, yet existing frameworks rely on high-overhead user-space library operating systems or assume single-host execution. We propose \codename, an architecture federating Trusted Execution Environments via a split Trusted Computing Base (TCB) design. It couples a hardware-isolated Control Plane executing Mutually Attested Key Exchange (\make) with a measured guest-resident extended Berkeley Packet Filter (eBPF) Data Plane. By anchoring cryptographic key release to hardware measurements and executing enforcement in the kernel, \codename\ achieves native-speed encrypted routing. Empirical evaluation demonstrates a steady-state enforcement cost of $6\,μ$s per packet, imposing a $13$--$15\,μ$s absolute latency overhead. On distributed pipelines, \codename\ incurs just a $6.1\%$ execution penalty over plaintext baselines, bypassing the $62\%$ penalty of user-space counterparts. The system initializes a 100-node cluster in under 1.5 seconds, providing an efficient confidential interconnect for long-running workflows.