[rjromero]

So you can not start running any code session on the SGX at ALL without this Remote Attestation call to Intel? That seems silly, considering the SGX has two 128 bit keys on board (one known to Intel, and one known only to the SGX).

[teraflop]

Oh, it's not quite that bad. You can run SGX code and work with encrypted data, including generating attestation messages. It's just that there's no way to verify those attestation messages yourself; you have to ask Intel to do it.

It's also worth noting that SGX can run in two modes. There's "debug mode", which provides absolutely no security because a debugger has complete access to the state of the enclave. And then there's "release mode", which requires a key that you can only obtain by signing a commercial agreement and NDA with Intel.

[mtgx]

Why the hell would Intel require an NDA to give you the private key?

That's shady af.

[mike_hearn]

It's not actually an NDA (I've signed it). You have to agree to not use SGX to make un-debuggable malware.