Keep in mind that SGX is not as secure as advertised[1][2].
Also whole security dangles on Intel to be trusted to not give its private keys to anyone. Which is a big ask for any company. NSA/CIA likely can get those keys legally via FISA court order or illegaly via hacking and/or insider.
Sure, but the question wasn't "does the NSA have access to data", it was "how do we know that information isn't stored."
The answer is that signal includes an industry-leading attestation process using CPU security features.
It's true that if the CPU manufacturer is compromised that would compromise anything running on it, including attestation. But that's not really to do with Signal's implementation, and it is out of scope of the question.
Sure, but the question wasn't "does the NSA have access to data", it was "how do we know that information isn't stored."
The answer is that signal includes an industry-leading attestation process using CPU security features. If the CPU manufacturer is compromised that would compromise anything running on it, including attestation. But that's not a flaw in Signal's implementation, and it is out of scope of the question.
The answer is that signal includes an industry-leading attestation process using CPU security features.
It's true that if the CPU manufacturer is compromised that would compromise anything running on it, including attestation. But that's not really to do with Signal's implementation, and it is out of scope of the question.