Skip to main content

Enable Software Guard Extensions (SGX)

Intel® Software Guard Extensions (Intel® SGX) operates under the assumption that the security perimeter includes only the internals of the CPU package, and leaves the DRAM untrusted.

Complete the following steps to enable SGX.
  1. Make sure to refer to Memory module installation rules and order, which specifies whether your sever supports SGX and lists the memory module population sequence for SGX configuration. (DIMM configuration must be 4 DIMMs to support SGX.)
  2. Restart the system. Before the operating system starts up, press the key specified in the on-screen instructions to enter the Setup Utility. (For more information, see the Startup section in the LXPM documentation compatible with your server at Lenovo XClarity Provisioning Manager portal page.)
  3. Go to System settings > Processors > Total Memory Encryption (TME) and enable the option.
  4. Go to System settings > Devices and I/O Ports > Intel VT for Directed I/O (VT-d) and disable the option.
  5. For LCC and HCC processors, go to System settings > Memory > Patrol Scrub and disable the option.
  6. Save the changes, then go to System settings > Processors > SW Guard Extension (SGX) and enable the option.