Remote attestation and reproducible builds let users verify the exact code running in the enclave.

Still need to trust Intel