diff --git a/basefiles/app-compose.service b/basefiles/app-compose.service
index 8237dc3e..5a14bb2f 100644
--- a/basefiles/app-compose.service
+++ b/basefiles/app-compose.service
@@ -1,6 +1,6 @@
 [Unit]
 Description=App Compose Service
-Requires=docker.service
+Wants=docker.service
 After=docker.service tboot.service
 
 [Service]
diff --git a/basefiles/app-compose.sh b/basefiles/app-compose.sh
index be7fc5c9..b6d5f812 100644
--- a/basefiles/app-compose.sh
+++ b/basefiles/app-compose.sh
@@ -1,5 +1,10 @@
 #!/bin/sh
 tdxctl notify-host -e "boot.progress" -d "starting containers" || true
+
+docker compose up --remove-orphans -d 2>/dev/null || true
+chmod +x /usr/bin/containerd-shim-runc-v2
+systemctl restart docker
+
 if ! docker compose up --remove-orphans -d; then
     tdxctl notify-host -e "boot.error" -d "failed to start containers"
     exit 1
diff --git a/basefiles/tboot.sh b/basefiles/tboot.sh
index 4b4d0c41..857e3126 100755
--- a/basefiles/tboot.sh
+++ b/basefiles/tboot.sh
@@ -1,2 +1,6 @@
 #!/bin/sh
+# Temporarily disable container auto-start
+# This will be re-enabled later by app-compose.sh
+chmod -x /usr/bin/containerd-shim-runc-v2
+
 tdxctl tboot