Enable Software Guard Extensions (SGX)

Intel® Software Guard Extensions (Intel® SGX) operates under the assumption that the security perimeter includes only the internals of the CPU package, and leaves the DRAM untrusted.

Complete the following steps to enable SGX.
Note: Make sure you follow the memory module population sequence for SGX configurations in Independent memory mode: Installation guidelines and sequence.
  1. Restart the system. Before the operating system starts up, press the key specified in the on-screen instructions to enter the Setup Utility. (For more information, see the Startup section in the LXPM documentation compatible with your server at Lenovo XClarity Provisioning Manager portal page.)
  2. Go to System settings > Processors > UMA-Based Clustering and disable the option.
  3. Go to System settings > Processors > Total Memory Encryption (TME) and enable the option.
  4. Save the changes, then go to System settings > Processors > SW Guard Extension (SGX) and enable the option.