Signal uses (or used?) SGX for remote attestation, which presumably lets the client verify that the code running on the server is a build of the OSS code and not a modified version. But I don't know the details or if this is reliable.
It should be possible to independently verify Signal's attestation, but I don't know if anyone has done it. Before you go and say "what's even the point then", the point is that this gives Signal plausible deniability for when the TLAs show up asking for user info.
I wonder, how could one use SGX for remote attestation when they didn't publish the source code for more than a year just to get their insiders' knowledge cryptocoin deployed.