How can you have a secure enclave without hardware attestation? Processor root-key is the source for all.