Q: Does the OpenMetal XL v4 support Intel TDX confidential computing?
The OpenMetal XL v4 ships with Intel TDX active by default — no RAM upgrade and no configuration request required. Every XL v4 deploys with all 16 DIMM slots populated at 1TB, meeting Intel’s full memory population requirement for Trust Domain Extensions at the baseline configuration.
Explore confidential computing infrastructure
This distinguishes the XL v4 from lower-tier servers like the Large v4, where TDX activation requires a customer-initiated RAM upgrade from the base 512GB configuration to a full 1TB DIMM population. On the XL v4, TDX is available from day one without any additional steps. Trust Domains can be provisioned immediately after deployment — each domain receives encrypted memory pages with a unique key held only by the CPU and guest OS, inaccessible to the host operating system, the hypervisor, or OpenMetal operators.
Intel SGX is also available on the XL v4, with up to 128GB of Enclave Page Cache (EPC) for application-level enclave workloads. TDX and SGX serve different isolation granularities and can run simultaneously: TDX isolates full virtual machines at the hardware level, while SGX isolates specific application processes within a Trust Domain or on the host OS. A key management service, for example, can run in an SGX enclave while a broader application stack runs inside a TDX Trust Domain on the same physical server.
TME-MK (Total Memory Encryption — Multi-Key) provides per-VM AES memory encryption across the full 1TB DRAM range, adding an additional encryption layer beneath TDX. For multi-tenant bare metal deployments — or for a single XL v4 running isolated workloads for separate customers — TDX, SGX, and TME-MK together provide layered hardware isolation without requiring separate physical servers per tenant.
Interested in OpenMetal Products?
Schedule a Consultation
Get a deeper assessment and discuss your unique requirements.