I just had a skim over the post and it seems to be saying that it allows them to process user data without the OS having access to it. This does nothing at all for letting me verify what is running on their server or that they are even using this SGX feature at all.
It protects signal from hackers or a malicious datacenter provider at best.
> SGX enclaves also support a feature called remote attestation. Remote attestation provides a cryptographic guarantee of the code that is running in a remote enclave over a network.
> Originally designed for DRM applications, most SGX examples imagine an SGX enclave running on a client. This would allow a server to stream media content to a client enclave with the assurance that the client software requesting the media is the “authentic” software that will play the media only once, instead of custom software that reverse engineered the network API call and will publish the media as a torrent instead.
It protects signal from hackers or a malicious datacenter provider at best.