An Intel signature does not guarantee that it came from the enclave. It guarantees that it came from something blessed by Intel. To conclude that it must have come from an unmodified enclave requires trust in Intel and the integrity of their signing process. This is inconsistent with "no trust required".
What if, for example, a three-letter agency seized keys from Intel, served them with a gag order to prohibit disclosure of the seizure, put themselves in the middle of the network path between you and the user, and modified the server software to send falsified signatures derived from those seized keys?
What if, for example, a three-letter agency seized keys from Intel, served them with a gag order to prohibit disclosure of the seizure, put themselves in the middle of the network path between you and the user, and modified the server software to send falsified signatures derived from those seized keys?