IBM Cloud Docs
Provisioning a bare metal server with Intel® Software Guard Extension architecture

Provisioning a bare metal server with Intel® Software Guard Extension architecture

Intel Software Guard Extensions (SGX) can protect data that uses hardware-based server security. With Intel SGX applications, you can protect select code and data from disclosure or modification. By using trusted execution environments (TEE), known as enclaves, you can encrypt the pieces of your application memory that contains sensitive data while it is in use.

Provisioning your bare metal server with SGX

To provision a bare metal server with SGX, follow these steps:

  1. Create a customer server by following the procedure Build a custom bare metal server

  2. On the bare metal provisioning page, select the following options on the order form:

Table 1. SGX order form options
Field Value
Server Single processor Intel Xeon® 2174 with storage up to four drives
Image Windows® 2019
Windows Server 2016 Standard Edition (64 bit)
Windows Server 2016 Standard Edition (64 bit)
Windows Server 2016 Datacenter Edition (64 bit)
CentOS 7.x (64 bit)
Ubuntu Linux 16.04 LTS Xenial Xerus (64 bit)
CentOS 8.x (64 bit)
RHEL® 8.x (64 bit) (per-processor licensing)
Image Add-ons Software Guard Extensions (SGX)

Installing Intel SGX platform software and drivers

When you're working with Intel SGX enabled bare metal servers, be sure that you also install the SGX platform software and drivers.

  1. Go to the Intel open source website and select the option for installation that matches your operating system.
  2. Download the binary installation option. This option makes sure that you're using a stable version of SGX in your workloads.
  3. For specific instructions for each type of installation, see the Intel SGX Installation Guide for Windows or the Intel SGX Installation Guide for Linux.