The recent Intel SDM volume 3 (Section 42.2.2) notes that the public-key for verifying Launch Enclave can be configured on new SGX processors. Examining the processors I bought in Dec 2015, none of them have  IA32_FEATURE_CONTROL[bit 17] set, so my question is can someone at Intel point to any processor which is in production and which I can use to configure IA32_SGXLEPUBKEYHASH.

From a cryptographic perspective (as has been independently noted by others https://eprint.iacr.org/2016/086.pdf ), the policy decisions for which enclave should be allowed to run on a platform is a very local to the 3rd party environment. Launch enclave is the ideal place for enforcing these policy decisions, but when third parties cannot sign their own Launch Enclave, they are limited to the generic policies (basic white-listing/black-listing) that can be enforced using Intel provided Launch Enclave. (For example, I'd like the launch enclave to authenticate a certain limited set of users on the system before granting EINIT token. Granted that EINIT is not replay-protected by default, so user auth is not that useful, but that's a flaw in the EINIT design which can be somewhat mitigated if one writes his/her my own Enclave loader.) Furthermore, as a third party, I do not want to place my trust in Intel provided Launch Enclave (unless you can provide a formal proof -- open source is not good enough -- that your launch enclave is only doing what it's supposed to do), so it will be really useful if Intel allowed 3rd parties to create their own launch enclaves.