The fundamental problem with the secure enclave on PC is that to make it work you have to basically lock out all of the untrusted hardware on the box, which is pretty much all of it. So while you are doing your secure computation nobody is servicing the PCIe bus. The graphics card drivers aren't getting any CPU cycles. Ring buffers on your network cards aren't emptied. From the perspective of everything else on the machine the whole thing just crashed.
If your computation is quick you might be able to get away with this sometimes, but the potential for problems is almost unlimited. The fact that the TPM itself is pretty slow throws another monkeywrench into the plan.
In order for it to work the whole system needs to be designed from the bottom up to support it, which means you need to touch every layer of the PC stack. It's a lot of work. It is a lot easier on something like a cellphone where you can control the hardware from top to bottom and don't have to consider the case where someone installs additional hardware to suit their needs.
If your computation is quick you might be able to get away with this sometimes, but the potential for problems is almost unlimited. The fact that the TPM itself is pretty slow throws another monkeywrench into the plan.
In order for it to work the whole system needs to be designed from the bottom up to support it, which means you need to touch every layer of the PC stack. It's a lot of work. It is a lot easier on something like a cellphone where you can control the hardware from top to bottom and don't have to consider the case where someone installs additional hardware to suit their needs.