Make no mistake. Shoving user-hostile malware down people's throats is the primary use case for this in the consumer space. Bootloader malware is very esoteric right now. Enterprise might have valid use cases beyond screwing people but none of them make sense for a consumer device.
I think consumer devices should have opt-outs for sure. But personally I am much more comfortable with myself and my family having fully locked down apple phones then anything else on the market right now, precisely because of how difficult it is to get persistent malware into that ecosystem.
> none of them make sense for a consumer device.
One of the valid use cases on consumer devices is video game anti-cheat software. Theoretically remote attestation can enable them to be less invasive.
You say that, and also remote attestation is how Signal knows it's talking to a legitimate SGX enclave running the expected payload