SGX includes microcode-based crypto which allows an enclave to both sign and encrypt things using keys based on a hash of the contents of the enclave and some master private key locked away in the CPU. I haven't looked into exactly how this works (although I'd love to defeat it some day when it's released...), but it can't be emulated in software unless you manage to extract the private key.
So, Intel plans to embed a key, signed by some well known root key, in each CPU. I might have skipped over a step or two here, but basically the idea is that only Intel would have the necessary signing key to be able to spoof attestations?
Whoever wants to run their code in the enclave would send over a sort of bootloader, which would be responsible for acquiring the signed attestation from the CPU and sending it back. If the signature is good, then the actual code to be run in the enclave can be uploaded.
Something about this feels wrong... but then again if Intel wanted to backdoor its CPUs we'd all be screwed anyway, so it's hard to see how this feature could hurt.
If applications want anti-virus to be able to get at their data, then they'll just have to provide an explicit interface to do that.
If this becomes widely deployed, that root key would be pretty valuable!
https://software.intel.com/sites/default/files/article/41393...