articleschannelstagsspacestoolkit
NVIDIA Technical Blog

Confidential Computing on NVIDIA H100 GPUs for Secure and Trustworthy AI

View Original
thumbnail

Confidential Computing on NVIDIA H100 GPUs for Secure and Trustworthy AI

  • NVIDIA Confidential Computing provides a solution for securely processing data and code in use, preventing unauthorized access and modification.
  • Confidential computing is achieved by performing computation in a hardware-based trusted execution environment (TEE) to protect data in use.
  • The NVIDIA H100 GPU enables hardware protections for code and data with a secure and measured boot sequence and an attestation report.
  • NVIDIA continues to improve the security and integrity of its GPUs to provide a complete confidential computing solution.
  • The H100 GPU can be operated in full confidential computing mode (CC-On) or a partial mode with security protections disabled (CC-DevTools).
  • Confidential computing with the H100 GPU requires CPUs that support confidential virtual machines (CVMs) for extended trust.
  • The NVIDIA driver inside the CPU TEE enables data movement between the CPU and GPU memories for confidential computing with a GPU.
  • Confidential computing with the H100 GPU provides enhanced security and isolation against software attacks, physical attacks, and cryptographic attacks.
  • Verifiability with device attestation and protection from unauthorized access are among the benefits of the NVIDIA H100 GPU's hardware-based security.

Operating NVIDIA H100 GPUs in Confidential Computing Mode

  • The H100 GPU operates in confidential computing mode with CPUs that support confidential VMs (CVMs).
  • CPU-based confidential computing prevents access to the memory contents of a CVM or confidential container.
  • The NVIDIA driver inside the CPU TEE facilitates data transfer between the CPU and GPU memories for confidential computing with a GPU.
  • Specific CPU hardware SKUs are required for confidential computing with the H100 GPU.
  • Specific hardware and software versions are also necessary to enable confidential computing for the H100 GPU.

Benefits of NVIDIA Hopper H100 Confidential Computing for Trustworthy AI

  • The NVIDIA H100 GPU's confidential computing capabilities provide enhanced security and isolation against various threat vectors.
  • Software attacks, physical attacks, software rollback attacks, cryptographic attacks, and replay attacks are mitigated through hardware-based security.
  • Verifiability with device attestation ensures the integrity and trustworthiness of the H100 GPU.
  • Unauthorized access is prevented, improving the overall security of AI systems utilizing the H100 GPU.