TDX and SGX for Z8 G5 workstation

kekechen · ‎02-21-2025

Hello,

My workstation has intel xeon gold 5416s, which should support intel SGX and TDX. The user manual https://kaas.hpcloud.hp.com/pdf-public/pdf_7758355_en-US-1.pdf mentioned TXT and SGX. However, I cannot see SGX from my BIOS. Does TXT include TDX?

My bios version is U60 Ver. 01.02.14.

Is there an alternative bios with TDX and SGX enabled? Thank you.

DGroves · ‎02-21-2025

the HP z8 G4 does support SGX not sure about TDX (Trusted Domain Extensions)

for SGX reference page 82 of the Z8 Hardware and Service Manual link below

https://kaas.hpcloud.hp.com/pdf-public/pdf_7758355_en-US-1.pdf

you might want to look in the bios under "security " section then under System security

or under the tab advanced then system options.

kekechen · ‎02-24-2025

I saw only one option in BIOS: Trusted Execution Technology (TXT). Does TXT include both SGX and TDX?

By the way, the workstation is Z8 G5.

Thanks

DGroves · ‎02-24-2025

SGX will have it's own entry by itself TXT usually includes includes TDX

also depending on which global region your workstation was sold in

these options may have been disabled/removed

per the HP service manual (page 82 chapter 6 "Security Configuration")

https://kaas.hpcloud.hp.com/pdf-public/pdf_7758355_en-US-1.pdf

---------------------------------------------------------------------------

Trusted Execution Technology (TXT)
Enables Trusted Execution Technology on select Intel-based systems. Default is disabled.
NOTE: Enabling this feature disables OS management of the Trusted Platform Module (TPM),
prevents a reset of the TPM, and constrains the configuration of VTx, VTd, and TPM.

Intel Software Guard Extensions (SGX)
Intel SGX is a set of processor code instructions that allows user-level code to allocate private
regions of memory. Unlike normal process memory, SGX protects these private memory regions
from processes running at higher privilege levels.
● Software control
● Disable
● Enable

--------------------------------------------------------------------------

kekechen · ‎02-24-2025

Did not see the SGX option in BIOS.

Is there a way to flash a specific version of BIOS to get it back?

About TDX:

According to Intel https://cc-enabling.trustedservices.intel.com/intel-tdx-enabling-guide/05/host_os_setup/

Inside Ubuntu, I ran

sudo dmesg | grep -i tdx

which does not give anything

MSR tool shows the expected outputs for the first three, but for the last two about TDX, it returns errors

Thanks.

SDH · ‎02-24-2025

I did a little reading. SGX is an Intel processor-based feature and you can look up which Intel processors have that. From what I saw your processor is one generation back from the ones SGX was included in.

kekechen · ‎02-24-2025

Intel's official documentation mentioned this CPU Xeon Gold 5416s supports SGX. However, it does not mention TDX (probably included in TXT?). It does mention SGX support: "Yes with Intel® SPS". SPS looks like Server Platform Services. Some online sources mentioned SPS can be enabled in BIOS. However, I could not find it in HP BIOS -- not sure if I missed anything.

https://www.intel.com/content/www/us/en/products/sku/232396/intel-xeon-gold-5416s-processor-30m-cach...

kekechen · ‎02-24-2025

If possible, please forward my message to the BIOS development team and ask them to enable the SGX and TDX options in the next BIOS update. Thank you!

Create an account on the HP Community to personalize your profile and ask a question