You can enable vSGX on a virtual machine when you deploy a virtual machine, edit or clone an existing virtual machine.

Prerequisites

To use vSGX, your vSphere Client environment must meet a list of requirements.
  • The ESXi host must be installed on an SGX-capable CPU and SGX must be enabled in the BIOS of the ESXi host. For information about the supported CPUs, see the VMware KB article at https://kb.vmware.com/s/article/71367.
  • Verify that the ESXi host is ESXi 7.0 or later.
  • The guest operating system of the virtual machine must be Linux, Windows 10 (64-bit) and later, or Windows Server 2016 (64-bit) and later.
  • Verify that the virtual machine hardware is of version 17.
  • Verify that the virtual machine uses EFI firmware.
  • Verify that the virtual machine is powered off.
  • Verify that you have the privileges to create, clone, or edit virtual machine settings. For more information, see Create a Virtual Machine with the New Virtual Machine Wizard and Clone an Existing Virtual Machine.
Note: Some operations and features are not supported for a virtual machine when vSGX is enabled.
  • Migration with Storage vMotion.
  • Suspending or resuming the virtual machine.
  • Taking snapshot of the virtual machine, especially if you take a snapshot of the virtual machine memory.
  • Fault Tolerance
  • Enabling Guest Integrity (GI, platform foundation for VMware AppDefense™ 1.0).

Procedure

  1. You can enable SGX when you deploy a virtual machine or edit an existing virtual machine.
    Option Action
    Deploy a virtual machine
    1. Right-click any inventory object that is a valid parent object of a virtual machine and select New Virtual Machine.
    2. On the Select a creation type page, select Create a new virtual machine, and click Next.
    3. Navigate through the pages of the wizard.
    4. On the Customize hardware page, click the Virtual Hardware tab.
    Edit a virtual machine
    1. Right-click a virtual machine in the inventory and select Edit Settings.
    2. Click the Virtual Hardware tab.
    Clone an existing virtual machine
    1. Right-click a virtual machine in the inventory and select Clone > Clone to Virtual Machine.
    2. Navigate through pages of the wizard.
    3. On the Select clone options page, select Customize this virtual machine's hardware and click Next.
    4. Click the Virtual Hardware tab.
  2. On the Virtual Hardware tab, expand Security Devices.
  3. To enable SGX, select the Enable check box.
  4. In the Enclave page cache size (MB) text box, enter the size of the cache size in MB.
    Note: The enclave page cache size must be multiple of 2 MB.
  5. From the Launch control configuration drop-down menu, select the appropriate mode.
    Option Action
    Unlocked This option enables the launch enclave configuration of the guest operating system.
    Locked This option allows you to configure the launch enclave.
    1. Select the Launch enclave public key hash option.
    2. To use one of the public keys configured on the host, select Use from host and from the drop-down menu, select a public key hash.
    3. To enter the public key manually, select Enter manually and enter a valid SHA256 hash (64) characters key.
  6. Click OK.