Intel® SGX (Software Guard Extensions) and Intel® TDX (Trust Domain Extensions) are advanced security features available on modern Intel Xeon processors.
OpenMetal’s v4 bare-metal servers (Medium v4, Large v4, XL v4, and XXL v4) use 5th Gen Intel® Xeon® CPUs, which support SGX and TDX. However, enabling these features requires specific hardware configurations, particularly with system memory.
This guide focuses on the hardware requirements only—especially memory layout and total memory size—needed to enable SGX and TDX on these OpenMetal server models. We will compare the typical memory configurations of Medium, Large, XL, and XXL v4 servers with the configurations required for SGX/TDX, outline any necessary upgrades or changes, and provide a cost comparison for enabling these features.
CPU and Memory Prerequisites for SGX/TDX
CPU Support
All OpenMetal v4 servers are equipped with dual 5th Gen Intel Xeon Scalable processors (e.g. Silver 4510 in Medium v4, Gold 65xx in larger models). These CPUs are SGX-capable and TDX-capable, meeting the processor requirement to use these technologies. (Intel SGX is supported on these Xeon CPUs, and Intel TDX is introduced in 4th/5th Gen Xeon for confidential VMs.) No CPU changes are needed – the processors in Medium, Large, XL, and XXL v4 already support SGX/TDX.
Memory Configuration Requirement
Each CPU must have a minimum of one DIMM per memory channel (8 DIMMs per CPU socket) to enable SGX or TDX. In practice, this means populating eight identical memory modules in slots DIMM1 through DIMM8 for each CPU. The memory installed in one CPU socket must be mirrored in the other socket (symmetric configuration).
If even one memory channel is empty on a CPU, SGX/TDX will remain disabled in BIOS.
Both Intel’s documentation and vendor guidance confirm this requirement: for example, Dell notes that to turn on SGX, the system needs “minimum x8 identical DIMM1 to DIMM8 per CPU socket”. In summary, populating all 8 memory channels on each processor is mandatory for these security features to work.
Why 8 DIMMs? Modern dual-socket servers have 8 memory channels per CPU. SGX and TDX use reserved memory and memory encryption engines that operate per channel. Populating all channels ensures the hardware can allocate the enclave or trust domain memory across the entire address space. Partial memory configurations (fewer than 8 DIMMs per CPU) are not compatible with SGX/TDX.
Total Memory Requirement
OpenMetal also requires 1TB of total memory for any TDX/SGX enabled hardware. Reasons are that both SGX and TDX need to reserve memory for their operations.
Intel SGX: SGX uses reserved memory for the Enclave Page Cache (EPC).
- The EPC can be configured to reserve anywhere from 32 MB up to 512 MB per socket — but that memory is not usable by the OS or apps.
- While the EPC itself isn’t huge, SGX workloads often have higher memory needs overall, especially for things like confidential databases, secure AI inference, or trusted code execution.
- Having 1TB gives you the headroom to comfortably allocate memory to enclaves while still supporting your full application stack
Intel TDX: TDX uses a Trust Domain Memory Region (TDMR) and memory encryption per VM.
- Each confidential VM requires additional memory overhead — both reserved and runtime.
- You lose some portion of total RAM to memory encryption metadata and integrity protections.
- If you’re running multiple confidential VMs, 512GB might quickly become limiting. 1TB is recommended for scalability and performance, especially for production
In summary, if you were considering how much total memory is required for SGX / TDX:
| Total RAM | SGX Suitability | TDX Suitability | Notes |
|---|---|---|---|
| 256 GB | ✔️ Possible, limited | ❌ Too tight | Not ideal for anything beyond testing |
| 512 GB | ✔️ Good | ⚠️ Entry-level | May struggle with multiple VMs or enclaves |
| 1TB | ✅ Ideal | ✅ Ideal | Enough headroom for reservations, encryption, and app workloads |
If you’re serious about deploying real workloads using SGX or TDX — especially with production-scale enclaves or multiple confidential VMs — going with 1TB of total memory is the recommended and future-safe choice and a requirement for SGX/TDX enabled servers on the OpenMetal platform.
Memory Configurations on OpenMetal v4 Servers
OpenMetal v4 server models differ in total memory and how that memory is populated. Below, we outline each model’s typical memory setup and what is needed to meet the 8 DIMM per CPU requirement. The key difference is often in the size and number of memory DIMMs per CPU:
Medium v4 (Default: 256 GB RAM)
The Medium v4 server comes with 256 GB of DDR5 RAM, using dual Intel Xeon Silver 4510 CPUs. In its default configuration, this 256 GB is typically achieved by using 4 DIMMs per CPU, often 4×32 GB modules. This only populates half of the 8 memory channels on each socket, which does not meet the requirements for SGX or TDX.
To make Medium v4 compatible with SGX/TDX and meet the 1 TB total memory requirement, the system must be upgraded to:
- 8 × 64 GB DIMMs per CPU = 512 GB per CPU, 1 TB total
- This both fully populates all 8 DIMM channels per socket and achieves the ideal total system memory for SGX/TDX support
This upgrade requires replacing the existing memory and is a physical change that must be scheduled through OpenMetal Support.
Large v4 (Default: 512 GB RAM)
The Large v4 model has 512 GB of DDR5 RAM, typically installed as 4 × 64 GB DIMMs per CPU. Like the Medium v4, this setup only fills half of the memory channels and does not meet SGX/TDX requirements.
To support SGX/TDX and meet the ideal memory threshold:
- Upgrade to 8 × 64 GB DIMMs per CPU = 512 GB per CPU, 1 TB total
- This fills all memory channels and meets the 1 TB recommendation for SGX/TDX workloads
This memory upgrade adds 4 additional 64 GB DIMMs per CPU socket and brings the system to full compliance with SGX/TDX specs. This change can be provisioned upon request.
XL v4 (Default: 1024 GB RAM)
The XL v4 server comes with 1024 GB (1 TB) of DDR5 RAM out of the box, using dual Intel Xeon Gold 6530 CPUs. Because of this high memory capacity, the XL v4 is typically configured with 8 DIMMs per CPU from the start. One common configuration is 8 × 64 GB modules per CPU, giving 512 GB per socket (and 1 TB total). Another possibility is using higher-capacity DIMMs (if available); for example, 4 × 128 GB per CPU could also yield 1 TB, but that would only populate 4 channels and would not meet SGX/TDX requirements. In practice, OpenMetal’s 1 TB servers are arranged to maximize performance, which usually means populating all channels rather than using the fewest modules. It’s safe to assume the XL v4 has memory in all 8 channels of each CPU.
- Default Memory Setup: 8 × 64 GB per CPU = 512 GB per socket (1 024 GB total), or an equivalent 8-DIMM configuration.
- SGX/TDX-Ready Setup: (Already meets requirement.) Each CPU has 8 DIMMs installed (no change needed).
Because the XL v4 already has at least eight DIMMs in each processor, it supports SGX and TDX out-of-the-box from a hardware standpoint. No memory hardware changes are typically required. If by some chance an XL v4 were configured with larger DIMMs in fewer slots (which is unlikely in standard provisioning), then enabling SGX/TDX would require rearranging the memory to fill all 8 channels per CPU. However, given the 1 TB capacity, any standard configuration will involve enough modules. In summary, if you have an XL v4, you should be able to enable SGX and TDX as long as the BIOS settings are adjusted, since the hardware already meets the 8-DIMM minimum requirement.
XXL v4 (Default: 2048 GB RAM)
The XXL v4 is a high-end model with 2048 GB (2 TB) of DDR5 RAM, using dual Intel Xeon Gold 6530 processors. With such a large memory size, the memory channels on each CPU are necessarily fully populated (and then some). To reach 2 TB, each CPU socket must have around 1 TB of RAM. This can be accomplished in two ways: either 8 × 128 GB DIMMs per CPU (if 128 GB modules are available), or 16 × 64 GB DIMMs per CPU. Both configurations fill all 8 channels on each CPU (the latter actually puts two DIMMs in each channel). In either scenario, the requirement for at least 8 identical DIMMs per socket is satisfied.
- Default Memory Setup: Likely 16 × 64 GB per CPU = 1024 GB per socket (2 048 GB total), or possibly 8 × 128 GB per CPU = 1024 GB per socket. In both cases, 8+ DIMMs are installed per CPU.
- SGX/TDX-Ready Setup: (Already meets requirement.) Each CPU has all 8 memory channels populated (with one or two DIMMs per channel).
The XXL v4, by virtue of its design, already has the necessary memory population for SGX and TDX. No reconfiguration is needed since this server class ships with a fully populated memory configuration to achieve 2 TB. Users of XXL v4 can proceed to enable SGX/TDX in firmware, knowing the hardware is aligned with Intel’s requirements. (In fact, the XXL likely goes beyond the minimum – even if only 8 DIMMs per CPU were required, it has double that in the 16×64 GB case, which is perfectly fine.)
Note: Whether 16 smaller modules or 8 larger ones are used, the critical point is that each CPU has at least 8 identical DIMMs installed. The XXL v4 meets this by default. If OpenMetal in the future offers even larger memory modules, they will ensure at least 8 are present per CPU for compatibility with these features.
Provisioning Changes, Upgrades, and Timeline
Enabling SGX or TDX on a system that wasn’t initially configured for it will likely require a memory provisioning change. If you are not already on a server that meets the 8-DIMM-per-CPU rule (for example, Medium or Large v4 in default state), you should plan for a hardware update:
- Coordinate with OpenMetal Support: You will need to request either a memory reconfiguration (swapping/adding DIMMs) or an upgrade to a larger instance type. For instance, a Medium v4 user might upgrade to a Large v4, or a Large v4 user might request the 8×32 GB per CPU memory layout or upgrade to an XL v4 for 1 TB. OpenMetal can advise on whether they can simply add DIMMs to your existing server or if a migration to a different server is required to meet the SGX/TDX specs.
- Supported Models and Upgrades: The XL v4 and XXL v4 models support SGX/TDX immediately, since their memory is already appropriately populated. The Large v4 can support SGX/TDX after a memory reconfiguration (no increase in total RAM) or by upgrading to 1 TB. The Medium v4 will typically require an upgrade or custom reconfiguration, as its default 256 GB config leaves half the channels empty. In many cases, moving from a Medium 256 GB to a Large 512 GB (with 8×32 GB DIMMs per CPU) is the straightforward path to achieve compliance. This essentially means some users may need to choose a larger server model or a custom RAM layout if they require these security features.
- Downtime and Migration: Changing the memory configuration involves powering down the server and physically adding or replacing DIMMs. This will incur some downtime. If upgrading to a different server model, you will also need to migrate your data/workloads. Plan accordingly for a maintenance window.
Provisioning Timeframe: Adjusting a server’s hardware is not instantaneous. Expect the process of reconfiguring memory or scheduling a new server could take a couple days (up to a week). OpenMetal may need time to acquire the appropriate memory modules (if they are not already on hand) and schedule a technician to perform the upgrade. Therefore, if you know you need SGX or TDX, communicate early and plan for the change. Once the hardware is in place (8 identical DIMMs per CPU), SGX/TDX can be enabled in the BIOS/firmware settings of the server. The BIOS setting for Intel SGX or Intel TDX will remain unavailable (or “Off”) until the memory population meets the requirement, so it’s essential to get the hardware right first.
Cost Comparison: SGX/TDX-Ready OpenMetal Servers
To help you plan ahead, here’s a cost comparison showing estimated monthly and 2-year costs for SGX/TDX-enabled server configurations.
SGX/TDX-Ready v4 Bare Metal Server Cost Comparison (2-Year Agreement)
| Server Tier | Default Memory | Default Monthly Price | SGX/TDX Memory Config | Memory Monthly Price | New Monthly Price | 2-Year Total Price |
|---|---|---|---|---|---|---|
| Medium v4 | 256 GB (4x32G/CPU) | $532.51 | 1 TB (8x64G/CPU) | $520.08 | $1052.59 | $25,262.16 |
| Large v4 | 512 GB (4x64G/CPU) | $947.38 | 1 TB (8x64G/CPU) | $346.72 | $1,294.10 | $31,058.4 |
| XL v4 | 1 TB (8x64G/CPU) | $1,708.99 | Already SGX/TDX Ready | $0 | $1,708.99 | $41,015.76 |
| XXL v4 | 2 TB (≥8x128G/CPU) | $2,390.11 | Already SGX/TDX Ready | $0 | $2,390.11 | $57,362.64 |
Note: Actual pricing may vary. Confirm server availability and final specs with OpenMetal sales.
Summary
Intel SGX and TDX can be enabled on OpenMetal v4 servers, but doing so requires:
- 8 identical DIMMs per CPU socket to fully populate memory channels
- 1 TB of Total RAM – an OpenMetal requirements for servers that are production-ready SGX/TDX
For performance, scalability, and security, choosing a 1 TB memory configuration ensures you have the headroom needed for enclave memory reservations, confidential VM overhead, and smooth workload execution.
While the XL and XXL v4 servers come SGX/TDX-ready by default, Medium and Large v4 servers must be upgraded to 1 TB configurations to fully support these features. Provisioning changes may take a few days up to a week, so plan accordingly.
Contact OpenMetal Sales or Support teams to review your desired setup and
begin the provisioning process for an SGX/TDX-capable server today.
Questions? Schedule a meeting or start a chat.