I'm really impressed by how easy it is to get NISTP256 key from the enclave. I think Intel got a lot of things right and then completely failed on the signing and attestation process. Hopefully we can see a future iteration of SGX that builds on this early promise.