TEEs inherently require trust in operators and manufacturers, but it's also possible to use them in ways that strictly *improve* a system's security without introducing new trust bottlenecks. I wrote about two use cases where this is possible:

Use case 1: multisigs! TEE-based signers can act as a failsafe in case regular signers sign a malicious transaction. These won't be first-class signers though; they would only allow the tx to be executed without delay. This prevents censorship.

Use case 2: transaction simulation! Multisig UI hacks can deceive signers that their high-value transactions will have the intended effects. Simulating txes in a wholly separate system can thwart supply-chain UI attacks.

Many thanks to @arnaudbrousseau and @kobigurk for their feedback on this post! Check it out here: