No, the user is still in control of what they execute on the machine, whether it is run in enclave or not. If anything, because it is deliberately unable to patch itself, software running in an enclave gives more control and auditability to a user who can know exactly what code they are running.
Importantly, a user who does not fully trust the machine administrator can still maintain integrity and confidentiality over their computation.
SGX memory encryption keys are ephemeral, they are generated at boot, and they do not need to be owned by anyone to be useful, on the contrary!
Importantly, a user who does not fully trust the machine administrator can still maintain integrity and confidentiality over their computation.
SGX memory encryption keys are ephemeral, they are generated at boot, and they do not need to be owned by anyone to be useful, on the contrary!