•
Enabled
—Generates the ACPI x2APIC control structures, and adds the option of enabling x2APIC
support to the operating system when it loads.
•
Force Enabled
—For certain processors, enables x2APIC support to the operating system when it
loads.
•
Disabled
—Disables x2APIC support.
3.
Save your setting.
Intel Software Guard Extensions (SGX)
The SGX feature provides a secured memory enclave accessible only to certain authorized functions.
SGX is used with Intel SGX drivers on the OS.
The locked memory uses a security key. A default is set at the factory. Hewlett Packard Enterprise
recommends that, at start-up, you change the seed that the Intel drivers use to generate the key. You can
have the system generate a seed or you can manually enter a new seed.
The default size for the locked memory region is 128 MB. You can change the size to 32 MB or 64 MB.
Enabling the Intel Software Guard Extensions (SGX)
Use this task to create a protected region of memory that is accessible only by certain authorized
functions. Enable this feature only if you have the appropriate Intel driver on your OS. This feature is
disabled by default.
The first time you use this feature, set SGX to Enabled. Even if you plan to use
Software Controlled
, set
SGX to Enabled until you complete the necessary steps in the OS for the Intel drivers. Set SGX to
Software Controlled
after you have configured your Intel drivers in the OS.
Procedure
1.
From the
System Utilities
screen, select
System Configuration
>
BIOS/Platform Configuration
(RBSU)
>
System Options
>
Processor Options
>
Intel Software Guard Extensions (SGX)
and
press
Enter
.
2.
Select a setting and press
Enter
.
a. Enabled
b. Disabled
c. Software Controlled
- Enabling or disabling of SGX is determined by the Intel drivers, which can
be configured in the OS.
If you select
Enabled
or
Software Controlled
, more configuration options are displayed:
• Select Owner EPOCH input type
• PRMRR Size
3.
Press
F10
.
Selecting the Owner EPOCH input type
Use this task to change the seed for the security key used for the locked memory region that is created.
The Intel drivers use the seed to create a key to lock the secure memory enclave. The system ships with
a default seed. Change this number at startup to secure your memory.
40
Configuring System Options