Suppose I receive data from Bob and he says the data are generated or calculated by TEE (e.g., Intel SGX).
Is there any method, TEE, or auxiliary information like zero-knowledge in cryptography that he can provide to prove the data are indeed from TEE, not from an ordinary PC?
Then, everyone trust him the data are generated or calculated by TEE.
BTW, could you provide some materials or useful tutorials to learn SGX programming that is easy to understand?
Yes. The method is called attestation. As, in general, the third party will be remote, the method used will be the remote attestation.
Each application running inside an SGX enclave generates a set of information regarding the enclave. Once a third party wants to communicate with that application (for instance, you want to communicate with Bob), it starts the remote attestation process through a challenge message. During this process, the third party receives the enclave's information and checks with the Intel Attestation Service (IAS) if the information is from a valid Intel SGX. In your example, you would receive the Bob's enclave information and check with IAS if Bob uses a genuine Intel SGX.
More information you can find in the following links:
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html
https://www.intel.com/content/www/us/en/developer/articles/code-sample/software-guard-extensions-remote-attestation-end-to-end-example.html
https://sgx101.gitbook.io/sgx101/sgx-bootstrap/attestation
https://gts3.org/pages/remote-attestation.html