Learn what Intel SGX is, how it is used, and which Cherry Servers' dedicated servers support it.
What is Intel SGX?
Intel Software Guard Extensions (SGX) is a set of hardware-based security features
built into select Intel processors. It allows developers to create secure enclaves, isolated memory regions where sensitive code and data can be processed securely, away from the rest of the system.
SGX is designed to protect against threats such as compromised operating systems, hypervisors, or even administrators, by enforcing strict access control at the processor level. This approach enhances data confidentiality and integrity, making SGX well-suited for use cases like secure cloud deployments, edge computing, and multi-tenant environments that benefit from hardware-enforced isolation.
For technical details, visit the official Intel SGX developer zone.
What are the common use cases for Intel SGX?
Intel SGX is widely used in industries where security, confidentiality, and data integrity are paramount. Some of the most impactful applications include:
-
Confidential computing – protects sensitive data during runtime, even from privileged system components. This is especially useful in sectors such as finance and healthcare, where data must be protected from unauthorized access.
-
Digital Rights Management (DRM) – secures encryption keys, license validation, and playback logic within a protected enclave. Media platforms use SGX to prevent piracy and unauthorized duplication of digital content.
-
Secure blockchain processing – enhances the reliability of smart contracts, wallets, and consensus mechanisms by executing them within secure enclaves. SGX is used in decentralized finance (DeFi) and enterprise blockchain platforms to ensure integrity and prevent manipulation.
-
Secure Multi-Party Computation (SMPC) – enables multiple organizations to collaborate on data analysis without revealing their private datasets to one another.
-
Trusted AI/ML execution – prevents reverse engineering or data leakage from AI models. For example, a company can deploy proprietary machine learning algorithms in public environments without exposing the underlying model or sensitive inference data.
-
Secure remote attestation – verifies that code is running in a genuine enclave on a genuine SGX-capable processor. This is critical for establishing trust in remote systems, especially for distributed workloads or hybrid cloud deployments.
Which servers support Intel SGX at Cherry Servers?
SGX requires specific Intel CPUs with BIOS-level support, which is only possible on dedicated (bare-metal) servers. Cherry Servers currently offers the following SGX-capable CPU models:
-
2× Intel GOLD 6330
-
Intel GOLD 5315Y
-
E3‑1240Lv5
-
E3‑1240v5
Note: SGX must be enabled in BIOS. It is disabled by default.
Can I use SGX on VPS or VDS at Cherry Servers?
No, SGX is not supported on VPS or VDS instances because these environments do not provide direct access to the physical hardware or BIOS-level configuration needed for SGX to function.
Do I need Intel SGX?
You might need SGX if your project handles:
-
Highly confidential or regulated data (healthcare, finance, government)
-
Third-party computations where inputs must remain private
-
Proprietary algorithms or models that need to be shielded from end users or attackers
How can I order a server with SGX support?
If your project requires Intel SGX, contact Cherry Servers support at support@cherryservers.com before placing your order. The support team will help you:
-
Confirm hardware availability
-
Enable SGX in BIOS on the selected server
-
Ensure you are provisioned with compatible infrastructure
What are the hardware and software requirements for Intel SGX?
To use Intel SGX, you need:
-
A supported Intel processor with SGX instructions (e.g., E3‑1240v5, GOLD 5315Y)
- Full RAM population, since SGX requires the entire memory channel to be populated in order to initialize and reserve EPC (Enclave Page Cache) memory for enclaves.
-
BIOS/UEFI firmware with SGX explicitly enabled
-
An operating system that supports SGX (such as Ubuntu, CentOS, or Windows Server)
-
Intel SGX SDK and driver installed on the server
How can I check if SGX is enabled on my server?
After server provisioning, you can verify SGX support using a Linux command (see Fig. 1):
$ dmesg | grep -i sgx
Fig. 1. SGX successfully initialized, dmesg output showing EPC (Enclave Page Cache) memory section detected by the system.
Or by checking SGX capability (see Fig. 2):
$ cat /proc/cpuinfo | grep sgx
Fig. 2. Output of /proc/cpuinfo showing sgx and sgx_lc CPU flags, confirming that Intel SGX is supported and SGX launch control is available on this processor.
For more detailed diagnostics, you can install Intel’s SGX SDK tool:
- Linux SDK: Intel SGX SDK for Linux
- Windows SDK: Intel SGX SDK for Windows
If SGX is not detected, it may be disabled in the BIOS. In this case, please contact Cherry Servers support for assistance at support@cherryservers.com.
Summary
Intel SGX provides a powerful hardware-based security layer for protecting sensitive code and data in isolated memory enclaves. It is ideal for high-trust workloads such as confidential computing, secure blockchain operations, DRM, and trusted AI/ML processing.
At Cherry Servers, SGX is available only on select Intel-based dedicated servers, and it must be explicitly enabled in the BIOS. SGX is not supported on VPS or VDS instances due to hardware access limitations. If you require SGX support, we strongly recommend contacting Cherry Servers support at support@cherryservers.com before placing your order to confirm CPU compatibility and ensure the feature is properly configured on your system.