NVIDIA Confidential Computing

Protect sensitive data and proprietary AI models from unauthorized access using strong hardware-based security.

The most distilled set of instructions required to configure a system for Confidential Computing (CC) with the NVIDIA®Hopper™ H100 GPU.
The NVIDIA® Hopper™ Confidential Compute (HCC) feature provides a GPU Trusted Execution Environment (TEE) and enables a CPU TEE to establish trust with the GPU to accelerate compute workloads in a secure environment. As a part of establishing trust, the GPU proves its trustworthiness with an attestation report that is verified and compared by CPU TEE.
GitHub for developers working on nvtrust.
This EA software release features a complete software stack that targets a single NVIDIA H100 GPU in passthrough mode with a session key for encryption and authentication and basic use of the Developer Tools. Code and data will be confidential up to the limits of the NIST SP800-38D AES-GCM standard, after which the VM should be restarted.
Exceptional Performance, Scalability, And Security For The Data Center
This document is designed to provide a high-level overview of the CC capabilities of the NVIDIA H100 GPU. Specific details on industry standards such as encryption/authentication algorithms, certifications may be beyond the scope of this document.
Higher security and better privacy-enhancing technologies are in high demand everywhere. Confidential computing protects a user's code and data from even the owner of the computer or cloud service, and Hopper delivers the required GPU feature set to enable accelerated confidential computing. We'll explain how the Hopper GPU and its firmware and software work together to deliver a confidential computing environment acceleration for your existing CUDA applications.
Increasingly, developers are looking to privacy-enhancing technologies to help navigate the complex regulatory, privacy, and market barriers to realizing the full potential of both local and shared data opportunities; the NVIDIA H100 was built with privacy and security in mind. The NVIDIA H100 introduces several new hardware features to ensure the security and integrity of both the data and algorithms operating within the GPU.
Join CUDA experts for this in-depth overview of the CUDA 12.2 release. This update offers multiple features to help you reduce programming time, create more efficient code, and accelerate your applications. New features include support for NVIDIA Hopper GPU hardware architecture, confidential computing to protect sensitive data and AI workloads, heterogeneous memory management (HMM), and enhancements to MPS prioritization.
As confidential computing extends to include NVIDIA GPUs at cloud service providers and in enterprise data centers, attestation features that provide and verify the evidence of the trustworthiness of the environment are paramount. In this video, you can learn about the Hopper GPU attestation architecture which is used to measure the necessary security posture to protect your valuable data in use. Mark Overby covers topics such as how is attestation used throughout the life cycle of the confidential compute session and how to solve the time domain problem of attestation evidence.