Instructions: these are modified versus prior instructions

Question. The authors of Haven state, "We [meaning the Haven system] seek to protect the confidentiality and integrity of a user's unmodified server application from an untrusted cloud provider." Here, the cloud provider supplies infrastructure: servers, hardware, etc. The user is the author of the server application, who has selected the cloud provider as the deployment platform, and who has presumably made a decision to deploy atop Haven. There is also an end-user: the client of the server application in question.

Which entity or entities in the system does the user (defined immediately above) have to trust?

Which entity or entities in the system does the end-user (again, as defined above) have to trust?