I think the technology itself is great to have in the open source sphere. There are many valid reasons to want to have a system that is both open source AND cryptographically proven to run exactly the software you think it runs.
For example voting machines should be done in this way. Open source software such that outsiders are able to verify + a secure boot process such that anyone can verify that the machine is really running the code it is supposed to run.
Of course we should all still be very careful of what we accept in terms of control of our hardware. And I agree with you that things are not moving in the right direction there, with locked ecosystems everywhere.
But nothing here is cryptographically proven. Remote attestation ala Intel SGX is an opaque black box that comes down to trusting Intel.
I think most people would prefer no voting machine software at all, seeing how most people can not "verify that the machine is really running the code it is supposed to run" but can indeed verify a paper ballot.
And of course signing a huge code bundle is the farthest possible thing from "run exactly the software you think it runs". Console manufacturers keep learning that. You really wanted to run that WebKit version that turned out to instead be a generic code execution widget? Think again.
TPM-based remote attestation doesn't involve SGX at all. If Boot Guard is enabled then you're trusting the ACM to perform its measurements correctly, but that's a not overly large amount of code that can be disassembled and verified.
Sure, you can prefer paper ballots, but that's just one example.
The reason I bring it up is that one of the benefits of open source that is often mentioned is the ability to verify that it does what you think it's doing. Doesn't matter whether it's a voting machine, a self driving system or an ATM or whatever. It's still good for open source to have the capability to do this kind of proving in cases where you want it.
> I think most people would prefer no voting machine software at all
The majority of people, with normal sight and no mobility impairment, may be fine with paper ballots. But for some of us, an accessible voting machine is more than a convenience, as it enables us to independently (and therefore privately) cast our votes.
Keep it as a secondary option then? Or, at worst, have every state or county independently write the software for their machines so they won't all be compromised. A scalable way of breaking an election is dangerous.
Even a mobile app to guide blind users on the ballet would be more secure.
If you don't trust the CPU vendor, a solution there would be to buy multiple CPUs from multiple vendors, run the same thing on all of them, and compare the results. You would still want them all to have the equivalent of SGX.
For example voting machines should be done in this way. Open source software such that outsiders are able to verify + a secure boot process such that anyone can verify that the machine is really running the code it is supposed to run.
Of course we should all still be very careful of what we accept in terms of control of our hardware. And I agree with you that things are not moving in the right direction there, with locked ecosystems everywhere.