Configuring Intel SGX control options
Use this screen to configure Intel SGX control options.
- From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Processor Options > Intel SGX Control.
-
Configure the following options:
Intel(R) Software Guard Extensions (SGX): Enable or disable Software Guard Extensions (SGX).
Intel(R) Speed Select: Speed Select processors have configuration options that support higher base frequencies with fewer enabled core counts. Changing this option results in increasing the CPU base frequency and reducing the number of available cores. Read the documentation for the processor model for more information on configuring these options.
Base
Config 1
Config 2
Software Controlled
PRMRR Size: Select the size of the PRMRR.
Select Owner EPOCH input type: There are three Owner EPOCH modes: no change in Owner EPOCHs, change to new random Owner EPOCHs, and manually enter new Owner EPOCHs. Modifying the Owner EPOChs will cause all persistent data protected by Intel(R) Software Guard Extensions to be lost.
CAUTION:All persistent data protected by Intel(R) Software Guard Extensions Technology will be lost if the Owner EPOCH value is changed.
Software Guard Extensions Epoch: Software Guard Extensions 128-bit Epoch hexadecimal value.
SGX Launch Control Policy: Software Guard Extensions (SGX) Launch Control Policy. Options are:
Intel Locked: Select the Intel Launch Enclave.
Unlocked: Enable OS/VMM configuration of Launch Enclave.
Locked: Allow owner to configure Launch Enclave.
SGX LE Public Key Hash 0: Bytes 0 - 7 of Software Guard Extensions (SGX) Launch Enclave Public Key Hash
SGX LE Public Key Hash 1: Byte 8 - 15 of Software Guard Extensions (SGX) Launch Enclave Public Key Hash
SGX LE Public Key Hash 2: Byte 16 - 23 of Software Guard Extensions (SGX) Launch Enclave Public Key Hash
SGX LE Public Key Hash 3: Byte 24 - 31 of Software Guard Extensions (SGX) Launch Enclave Public Key Hash
- Save your options.