[Retr0id]

SGX on consumer client devices is sucky for that reason, but SGX on the server can be used to defend user interests.

If I put my sensitive customer data inside SGX (such that I can operate on it but not extract it), and the nation-state adversary says "we have a warrant for your customer data, hand it over", I can reasonably say "I can't".

I could also produce attestations that my code really is running inside SGX, verifiable by clients (this is a weak proof since it assumes SGX is not compromised, but it's better than nothing).

The adversary may demand physical access to the server pwn SGX themselves, but like bypassing ASLR or NX, that's an extra step. They're only going to bother if they really care about that data.

[immibis]

SGX on the server is breakable if and only if SGX on the client is breakable. You can either own other people's computers, or you can prevent other people owning your computer. You can't eat your cake and have it.

Yes, it might be good for ass-covering as you indicate. A lot of ineffective technical solutions are effective legal liability shields anyway. But if this becomes mainstream, the NSA will develop something they can covertly (or not) install on any such server to break SGX, so make sure you have a backup plan anyway.

Also note that Intel removed SGX from their processors because it was breakable and underused.

[Retr0id]

They removed SGX but are still working on SGX-like technologies (I forget the acronyms) specifically for server-oriented processors.

I'm sure the NSA already has various tools to break SGX but they'll be protective of that investment, they're probably not going to be using them against lower-priority targets.

I used NX and ASLR as a point of comparison because they are mitigations that are routinely bypassed - but we still usually consider them a good idea.