Targon Os

Announcing TargonOS

03.30.2026

How do you run sensitive workloads on machines you don't own? Today’s decentralized compute networks run fully public workloads where the user’s data is fully visible to the operator. While these networks bring down the cost of compute, they are not yet secure or robust enough for the enterprise to trust. Without the ability to sell into the enterprise, it has historically been difficult to build a sustainable economic flywheel.

So we built TVM to solve the hardest problem in decentralized compute: enable secure workloads on untrusted host machines.

We worked closely with the Intel team to incorporate Intel TDX into our technology, enabling full encryption in memory. The host operator can't see your data, your model weights, or your code. Intel co-authored a whitepaper validating the architecture.

While TVM enables secure workloads on trusted hardware, the technology still has constraints. It requires Intel TDX-capable CPUs and Nvidia datacenter GPUs (e.g., H100s, H200s, B200s). TVM today does not cover consumer hardware like RTX 4090s or 3090 clusters, and it provisions containers rather than full virtual machines—limiting flexibility for customers.

Those constraints exist for good reason. TDX provides the strongest hardware-level trust guarantees available today. But they also limit participation to a small fraction of global compute. Millions of GPUs remain idle and unusable within the current network.

TargonOS is how we unlock that compute.

What TargonOS Is

TargonOS is a hardened Linux distribution that turns any machine into a Targon node.

The operator downloads an ISO, flashes it to a USB drive, boots from it, enters their hotkey, and within minutes the machine joins the network and begins earning incentives via TAO.

From that point on, the system is fully autonomous:

  • No SSH access
  • No manual configuration
  • No package management
  • Automatic over-the-air updates with rollback (A/B partitions)

The operator’s only interface is a dashboard showing uptime and earnings.

Under the hood, TargonOS provisions fully encrypted virtual machines for customers:

  • Each customer receives an isolated VM
  • Each VM has a LUKS-encrypted disk
  • GPUs can be passed through via VFIO
  • Disks and keys are destroyed upon VM deletion

Why We’re Building It

1. Most of the World’s GPUs Can’t Participate

TVM requires Intel TDX, limiting participation to modern Xeon servers and datacenter GPUs. That excludes the vast majority of global compute capacity.

TargonOS removes this restriction.

Any machine with a TPM 2.0 chip—effectively most hardware from the last decade—can join the network. This unlocks:

  • Consumer GPUs (RTX 4090, 3090, etc.)
  • Small-scale GPU clusters
  • Idle enterprise and personal hardware

More supply reduces costs for customers and improves ROI for operators.

2. Customers Want VMs, Not Just Containers

TVM provides containerized workloads behind a proxy, which works well for inference and serverless use cases.

But many workloads require more control:

  • SSH access
  • Custom software stacks
  • Multi-node training clusters
  • Full OS-level control

TargonOS provisions full virtual machines:

  • Root access
  • Dedicated IPs
  • Complete execution flexibility

3. The Operator Experience Must Be Zero-Effort

Running a TVM node today requires:

  • TDX-compatible kernel setup
  • Virtualization configuration
  • GPU driver management
  • Provisioning pipelines

This is too complex for most operators.

TargonOS simplifies everything:

  • Single ISO install
  • No configuration
  • No maintenance
  • Locked-down OS (no shell, no package manager)
  • Automatic updates

The operator’s only responsibility is keeping the machine online.

How It Stays Secure Without TDX

TVM relies on Intel TDX for hardware-level memory encryption. TargonOS uses a different trust model based on TPM and distributed key management.

Boot Security

  • Disk is encrypted using LUKS
  • Decryption key is split using Shamir’s Secret Sharing
  • Key shares are distributed across independent key servers

At boot:

  1. TPM generates a cryptographic quote verifying the boot chain
  2. Key servers validate the quote
  3. Key shares are released and reconstructed
  4. Disk is decrypted
  5. Key is immediately cleared from memory

Keys are rotated on every reboot.

Runtime Security

  • Each VM has a unique encryption key
  • Keys are never exposed to the operator
  • Disk images remain encrypted at all times
  • Tampering invalidates TPM measurements and prevents boot

If:

  • The OS is modified → attestation fails
  • The disk is copied → remains encrypted
  • The agent is killed → node is revoked

Security Tradeoffs

This model does not match TDX-level guarantees.

With TDX:

  • Even a compromised host kernel cannot read memory

With TargonOS:

  • A highly sophisticated attacker with physical access could potentially extract memory data

Because of this, TargonOS operates as a separate trust tier.

Two Tiers, One Platform

Targon provides two classes of compute:

Enterprise Tier (TVM)

  • Intel TDX-backed
  • Maximum security guarantees
  • Datacenter GPUs (H100, H200, B200)

Community Tier (TargonOS)

  • TPM-based attestation
  • Lower cost
  • Consumer GPUs (RTX 4090, 3090, etc.)

From the customer perspective:

  • Same API
  • Same workflow
  • Same lifecycle management

Only differences:

  • Hardware selection
  • Trust tier
  • Pricing

What’s Next

TargonOS is currently in active development.

We are targeting:

  • A private beta with select operators in the coming weeks
  • A broader rollout shortly after

If you have hardware you want to contribute to the network, we’d love to hear from you.

© 2026 Manifold Labs, Inc.

All Rights Reserved

Product

TargonSybilTao.xyz

Manifold

EcosystemReleasesCareers