Intel TDX Support on the OpenMetal Medium v5

Q: Does the OpenMetal Medium v5 support Intel TDX confidential computing?

The OpenMetal Medium v5 supports Intel TDX, but it is not enabled at the base 256 GB configuration; TDX requires upgrading all 16 DIMM slots to 64 GB modules (1 TB total) and enabling TDX in BIOS; it is a customer-initiated configuration step, not a default.

Learn about confidential computing

This distinguishes the Medium v5 from the XL v4 and XXL v4, where TDX is active by default. On the Medium v5, the Xeon 6505P CPU fully supports TDX at the silicon level; the 1 TB RAM threshold is a platform requirement for Trust Domain memory isolation to operate correctly. Once activated, TDX creates hardware-isolated Trust Domains where guest VM memory is encrypted with a TD-specific key managed by the CPU, inaccessible to the hypervisor, firmware, or other tenants on the same server.

Intel SGX is enabled by default on all Medium v5 deployments at the base 256 GB configuration, with 128 GB of Enclave Page Cache (EPC) available. SGX operates at the application layer, protecting specific code and data within a process rather than isolating full VMs. For architectures requiring both VM-level isolation (TDX) and application-layer enclave execution (SGX), both are available simultaneously once the 1 TB upgrade is complete. Intel TME-MK is also available with TDX active, providing up to 1,024 memory encryption keys for concurrent workload isolation.

The Medium v5 TDX configuration is suited for healthcare PHI processing, PCI DSS cardholder data environments, key management services requiring hardware-level attestation, and multi-tenant SaaS platforms needing cryptographic proof of tenant isolation.