Another day, another vulnerability! Remote attestation can be compromised if the EPID key has been extracted. Noted that all optimized side channel attacks targeting SGX requires root privileges on Linux host. Try VED community version if you intend to protect the Linux kernel:

https://github.com/hardenedvault/ved