It looks like this boils down to 'check the magic number in the code against the magic number our server gives you. It matches!!!'
Is there some indication the user has that your server isn't simply hard coded to return the right magic number? I don't understand how this provides any assurance of anything.
The SGX certificate is signed by intel and includes a certification of the hash of the code loaded in the secure enclave ("MRENCLAVE").
When the client connects to the server, the server presents a tls certificate that includes an attestation (with OID 1.3.6.1.4.1.311.105.1) which certifies a number of things:
- the TLS certificate's own public key (to make sure the connection is secure)
- The enclave hash
It is signed by Intel with a chain of custody going to intel's CA root. It's not "just a magic number" but "a magic number certified by Intel", of course it's up to you to choose to trust Intel or not, but it goes a much longer way than any other VPN.
Is there some indication the user has that your server isn't simply hard coded to return the right magic number? I don't understand how this provides any assurance of anything.