Chapter 4: UEFI BIOS
111
Disable Excluding Mem Below 1MB in CMR (Availalble when "Memory Ecnryption
(TME)" is set to Enabled and when "Trust Domain Extension (TDX)" is set to
Enabled)
Use this feature to enable/disable TDX Excluding CMR below 1MB. The options are Disabled,
Enabled, and Auto.
TME-MT/TDX Key Split (Available when "Memory Encryption (TME)" is set to
Enabled and when "Trust Domain Extension (TDX)" is set to Enabled)
Use this feature to set the number of bits for TDX. The other bits will be used by TME-MT.
The default setting is 1.
TME-MT Keys: (Available when "Memory Encryption (TME)" is set to Enabled and
when "Trust Domain Extension (TDX)" is set to Enabled)
This feature displays the number of keys designated for TME-MT.
TDX Keys: (Available when "Memory Encryption (TME)" is set to Enabled and when
"Trust Domain Extension (TDX)" is set to Enabled)
This feature displays the number of keys designated for TDX.
----------------------------------------------------------------
Software Guard Extension (SGX)
----------------------------------------------------------------
*The following SGX features are available when "Memory Encryption (TME)" is set
to Enabled and when your CPU supports Intel SGX.
Note: Each memory channel must have at least one DIMM populated on the
motherboard to support the Intel SGX features.
SGX Factory Reset
Use this feature to perform an SGX factory reset to delete all registration data and force an
options are Disabled and Enabled.
SW Guard Extensions (SGX)
Use this feature to enable Intel Software Guard Extensions (SGX) support. Intel SGX is a set
of extensions that increases the security of application code and data by using enclaves in
memory to protect sensitive information. The options are Disabled and Enabled.
SGX Package Info In-Band Access
Setting this feature to Enabled is required before the BIOS provides software with the key
blobs, which are generated for each CPU package. The options are Disabled and Enabled.
To Next Page
Loading...
