[wbeckler]

Maybe the I/O pattern could be hideable using confidential computing, like with a Nitro Enclave.

[teraflop]

Maybe, but if you have a secure enclave that can be trusted not to leak data, then you don't really need PIR. You can just have clients encrypt their queries with a key that can only be decrypted by the code running in the enclave.