I'm sure it's outside the scope of this project, but is it possible to "prove" a particular version of a software is being run (if you know)?
The principle (in theory) of SGX remote attestation is that you can verify that a specific value (e.g. a cryptographic key) has been produced in an enclave running a specified code. The attestation that this code is running in the enclave is called a 'quote' and is signed with a key unique to that CPU. You can then use Intel's attestation service to verify its a genuine enclave.
There are lots of caveats to this though, and you must trust intel (and also there are privacy issues using intel's service).
reply