Skip to main content

Enable Software Guard Extensions (SGX)

Intel® Software Guard Extensions (Intel® SGX) operates under the assumption that the security perimeter includes only the internals of the CPU package, and leaves the DRAM untrusted.

Complete the following steps to enable SGX.
Note
Make sure you follow the memory module population sequence for SGX configurations in Independent memory mode.
  1. Make sure you follow the memory module population sequence for SGX configurations in Independent memory mode. (DIMM configuration must be at least 8 DIMMs per socket to support SGX).
  2. Restart the system. Before the operating system starts up, press the key specified in the on-screen instructions to enter the Setup Utility. (For more information, see the Startup section in the LXPM documentation compatible with your server at Lenovo XClarity Provisioning Manager portal page.)
  3. Go to System settings > Processors > UMA-Based Clustering and disable the option.
  4. Go to System settings > Processors > Total Memory Encryption (TME) and enable the option.
  5. Save the changes, then go to System settings > Processors > SW Guard Extension (SGX) and enable the option.
Note
For more information, see (sgx_ug_v2).