[mindslight]

That may sound like a worthwhile goal, but it's actually ripe for abuse by exacerbating existing power imbalances. For example, right now we just laugh at websites that insisting on imposing nonsensical requirements on end users (client side form validation, insistence on using a particular browser, disable copy/paste, anti-adblock, etc). Imagine they have the power to do this and succeed.

Furthermore, the actual implementation isn't likely to use a narrow proof that the running javascript hasn't been tampered with, but rather a blunt proof over the entire software environment. The outcome would basically be putting decades of personal computing freedom back in the box. Imagine needing to run Windows on your bona fide desktop and not being able to virtualize it or even use a headless box via RDP.

[anonymousDan]

Why? SGX allows you to attest the contents of the enclave independently of the host software stack (OS/hypervisor, other apps).

[mindslight]

I was speaking to the general concern.

A small sandbox isn't a full threat in the manner I laid out, just the same owner-is-hostile dynamic.

If attestation keys were only rooted in the processor itself (ie not signed by Intel/AMD) and users could load their own, the worthwhile properties of hardened hardware would be preserved without making the owner an enemy.