Thinking about it, an alternative would be the ability to use user-supplied debug keys (in the BIOS) instead of intel signing keys.

That way neither DRM nor malware would not be possible because the user could enter debug mode to inspect the enclaves if he wanted to but could still use SGX to secure his own applications because malicious code would not have access to the private keys.

Intel clearly wants complete control over what gets to run on the PC platform --- which is rather disturbing, but seems to be the way a lot of other companies are moving these days. Introducing SGX and "verified" software and promoting it as the best thing for everyone is only the first step. It's only a matter of time before they convince everyone to eventually deprecate "insecure" (i.e. free) software that doesn't use it, completely killing the "P" in "PC".

I'd consider SGX a small step forward for security and a big step backward for personal freedom... it makes me sad just how accurate Stallman was nearly 20 years ago:

https://www.gnu.org/philosophy/right-to-read.en.html

As such, I don't consider this announcement great news at all --- it's downright scary, an indicator of where things are going.

Its been a slow boiling frog ever since the Palladium debacle.

The issue is secure computing isn't happening and the current approach to security is broken. Malware and viruses and firmware hacks, ransomeware. And this approach of laziness is spreading to IOT and will lead to massive national infrastructure failures. State sponsored attacks you the US via the NSA, by Russia, China and stateless organizations will yield digital carnage. The more our everyday things are integrated with compute the great propensity for hacks, loss of data, loss of identity etc.

The current OS platforms don't even offer you any form of real protection of your person. And companies like Facebook, Google et all are all about mining YOU.