Yeah it seems like you're right. I was assuming it was the same so that clients could verify SGX enclaves using a stored copy of Intel's public key.
However as far as I can tell they actually have a unique key per CPU, and they store a database of them which you have to query over the internet to verify an enclave.
It has the downside of requiring a network request to Intel to verify the enclave, but it does mean that there isn't a master key to leak.
However as far as I can tell they actually have a unique key per CPU, and they store a database of them which you have to query over the internet to verify an enclave.
It has the downside of requiring a network request to Intel to verify the enclave, but it does mean that there isn't a master key to leak.