Is it possible to obtaining a licensed developer certificate for signing security-reviewed, community-developed open source SGX software binary in production mode, and publish it on open source repository like apt or rpm?
Note: I just asked Intel SGX team, they said only verified vendors are able to obtain a certificate and run in production mode. It just like Apple’s App Store, no open source code allowed, right?
Please take a look at this SGX Licensing and Whitelisting FAQ at https://software.intel.com/en-us/articles/intel-software-guard-extensions-product-licensing-faq that may help answer this question.
Here are a few reasons that it documented to ensure a secure trusted computing environment: