Intel SGX Support
#What is Intel SGX?
Intel Software Guard Extensions (SGX) is a set of hardware-based security features built into select Intel processors. It allows developers to create secure enclaves, isolated memory regions where sensitive code and data can be processed securely, away from the rest of the system. SGX is designed to protect against threats such as compromised operating systems, hypervisors, or even administrators, by enforcing strict access control at the processor level. This approach enhances data confidentiality and integrity, making SGX well-suited for use cases like secure cloud deployments, edge computing, and multi-tenant environments that benefit from hardware-enforced isolation. You can find further technical details about SGX on the Intel SGX developer zone.
#Do I Need Intel SGX?
You might need SGX if your project handles:
- Highly confidential or regulated data (healthcare, finance, government)
- Third-party computations where inputs must remain private
- Proprietary algorithms or models that need to be shielded from end users or attackers
#What Are the Common Use Cases for Intel SGX?
Intel SGX is widely used in industries where security, confidentiality, and data integrity are paramount. Some of the most impactful applications include:
- Confidential computing – protects sensitive data during runtime, even from privileged system components. This is especially useful in sectors such as finance and healthcare, where data must be protected from unauthorized access.
- Digital Rights Management (DRM) – secures encryption keys, license validation, and playback logic within a protected enclave. Media platforms use SGX to prevent piracy and unauthorized duplication of digital content.
- Secure blockchain processing – enhances the reliability of smart contracts, wallets, and consensus mechanisms by executing them within secure enclaves. SGX is used in decentralized finance (DeFi) and enterprise blockchain platforms to ensure integrity and prevent manipulation.
- Secure Multi-Party Computation (SMPC) – enables multiple organizations to collaborate on data analysis without revealing their private datasets to one another.
- Trusted AI/ML execution – prevents reverse engineering or data leakage from AI models. For example, a company can deploy proprietary machine learning algorithms in public environments without exposing the underlying model or sensitive inference data.
- Secure remote attestation – verifies that code is running in a genuine enclave on a genuine SGX-capable processor. This is critical for establishing trust in remote systems, especially for distributed workloads or hybrid cloud deployments.
#Which Servers Support Intel SGX at Cherry Servers?
SGX requires specific Intel CPUs with BIOS-level support, which is only possible on our dedicated bare metal servers.
Our VPS and VDS servers do not provide direct access to their physical hardware and do not offer the required BIOS-level configuration, and therefore do not support SGX.
Cherry Servers currently offers the following SGX-capable CPU models for bare metal servers:
- 2× Intel GOLD 6330
- Intel GOLD 5315Y
- E3‑1240Lv5
- E3‑1240v5
#What Are Intel SGX’s Hardware and Software Requirements?
To use Intel SGX, you will need the following:
- A supported Intel processor with SGX instructions (e.g., E3‑1240v5, or GOLD 5315Y);
- Full RAM population, since SGX requires the entire memory channel to be populated in order to initialize and reserve Enclave Page Cache (EPC) memory for enclaves;
- BIOS/UEFI firmware with SGX explicitly enabled;
- An operating system that supports SGX (such as Ubuntu, CentOS, or Windows Server);
- Intel SGX SDK and its driver installed on the server.
#How to Order a Server with SGX Support
If your project requires Intel SGX, please contact our dedicated technical support team at support@cherryservers.com before placing your order. The support team will be able to help you:
- Confirm hardware availability,
- Ensure you are provisioned with compatible infrastructure.
- Enable SGX in BIOS on your selected server,
#How to Check if SGX Is Enabled on My Server
Once your server has been deployed, you can verify whether the server has SGX support in one of two ways:
-
On a Linux server, you can use the following command:
dmesg | grep -i sgxWhich will return an output similar to this:
Output
root@ujwesdabyz-gayhjixwtn:~# dmesg | grep -i sgx [ 1.786281] sgx: EPC section 0x4000c00000-0x407f7fffffThis example output shows that SGX successfully initialized, and that the EPC memory section is detected by the system.
-
You can check for SGX capability in the CPU information using:
cat /proc/cpuinfo | grep sgxOutput
root@ujwesdabyz-gayhjixwtn:~# cat /proc/cpuinfo | grep sgx flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust sgx bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb intel_pt avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local split_lock_detect wbnoinvd dtherm arat pln pts avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg tme avx512_vpopcntdq la57 rdpid sgx_lc fsrm md_clear pconfig flush_l1d arch_capabilitiesThis example output shows the sgx and sgx_lc CPU flags, which confirms to us that Intel SGX is supported and SGX launch control is available on this processor. If you do not see SGX or SGX_lc, it may not be enabled.
For more detailed diagnostics, you can also install Intel’s SGX SDK tool:
- Linux SDK: Intel SGX SDK for Linux
- Windows SDK: Intel SGX SDK for Windows
If your server meets all of the above requirements, but SGX is not detected during verification, it may be disabled in the BIOS. In this case, please contact Cherry Servers support, using support@cherryservers.com, and we will be more than happy to help.