The short-term solution for workaround is to protect the OS runtime. Otherwise you'd have to build the defense-in-depth at very infrastructure level from scratch with hardware, firmware and OS with attestation service not only based on the "confidential computing" but typically TCG's trusted computing.
Another day, another vulnerability! Remote attestation can be compromised if the EPID key has been extracted. Noted that all optimized side channel attacks targeting SGX requires root privileges on Linux host. Try VED community version if you intend to protect the Linux kernel:
Thanks for the feedback. Yes, usability is very important in some case-uses. Vault1317 is an open source implementation of secure communication protocol. We demonstrated it as a pidgin plugin named as lurch1317 which is easy to use for XMPP/pidgin users. It'd be very different to the company product. This is the product/solution white paper if you're interested:
We demonstrated a practical implementation of vault1317 with metadata protection with deniablity on a famous federated protocol XMPP. Try lurch1317 as a pidgin plugin and tweak it if the paper is too boring to you:
