So, what does this mean for Signal?
Lots of discussion on this at the moment. It means that Secure Value Recovery could be used by a malicious Signal server to exfiltrate user data while attesting to some benign version of the code. That user data could be used to “recover” someone else’s Signal account.
Another attack that leaks the private attestation keys in SGX. While this is “just another exploit” it really cements in my mind that SGX can only be relied on as a secondary layer of security.