Combining SGX and TDX on the OpenMetal Large v5

Posted on May 15, 2026 by Sash Ghosh

Q: Can I combine Intel SGX enclaves with TDX guest VMs on the OpenMetal Large v5?

Yes — SGX and TDX work in parallel on the Xeon 6517P; the typical pattern is to run a workload as a TDX-protected guest VM and then run high-value secrets (keys, signing operations) inside SGX enclaves nested within that guest.

Explore bare metal dedicated servers

The two technologies solve different isolation problems. TDX isolates entire guest VMs from the host: the OpenMetal-managed hypervisor and host OS cannot read TD memory, so a compromised host operator or a malicious privileged process on the host cannot exfiltrate guest state. SGX isolates specific regions of application memory inside a process: even another application running as the same OS user, or a kernel module on the same OS, cannot read SGX enclave memory. They are complementary boundaries, not competing ones.

Server architecture diagram showing Intel TDX trust domain boundary surrounding the dual sockets with Intel SGX enclave blocks labeled 128 GB EPC per CPU active in parallel.

Most regulated production deployments combine both. The TD provides the host-level boundary for the whole workload — a tenant VM running banking analytics, a healthcare claims-processing server, a sovereign cloud workload — and SGX enclaves inside the TD provide a second boundary for the narrow operations that warrant it: key derivation, certificate signing, software-HSM emulation, payment HMAC generation, and protocol-level secret handling. The combined pattern is appropriate when both the infrastructure operator and other in-VM processes are part of the threat model.

On the Large v5, every server ships with Intel SGX enabled by default and up to 128 GB of EPC (Enclave Page Cache) per Xeon 6517P, for 256 GB EPC per dual-socket server. TDX activation requires the 1 TB RAM upgrade per OpenMetal policy; once active, TDX and SGX coexist with no special configuration. Guest VMs running TDX-aware kernels and SGX-aware runtime libraries (Open Enclave SDK, Intel SGX SDK, Gramine, EGo) can launch enclaves from inside TDs without losing TD isolation. See the Enabling Intel SGX and TDX guide page for implementation details.

Some Recommended Configurations from our Catalog

Baremetal – Medium v5

CPU: 2x Intel Xeon 6505P
RAM: 256 GB DDR5-6400
Storage: 6.4 TB NVMe SSD
Bandwidth: 6 Gbps
Monthly Price: Contact for pricing

View Pricing

Baremetal – Large v4

CPU: 2x Intel Xeon Gold 6526Y
RAM: 512 GB DDR5
Storage: 12.8 TB NVMe SSD
Bandwidth: 4 Gbps
Monthly Price: Contact for pricing

View Pricing

Interested in OpenMetal Products?

Contact Us

We’re available to answer questions and provide information.

Reach Out

Schedule a Consultation

Get a deeper assessment and discuss your unique requirements.

Schedule Consultation

Try It Out

Take a peek under the hood of our cloud platform or launch a trial.

Trial Options