Security#

This section provides information about security measures in the NVIDIA DGX™ B200 system.

User Security Measures#

The NVIDIA DGX B200 system is a specialized server designed to be deployed in a data center. It must be configured to protect the hardware from unauthorized access and unapproved use. The DGX B200 system is designed with a dedicated BMC Management Port and multiple Ethernet network ports.

When you install the DGX B200 system in the data center, follow the best practices established by your organization to protect against unauthorized access.

Securing the BMC Port#

NVIDIA recommends connecting the BMC port in the DGX B200 system to a dedicated management network with firewall protection.

If remote access to the BMC is required, such as for a system hosted at a co-location provider, it should be accessed through a secure method that provides isolation from the internet, such as through a VPN server.

System Security Measures#

This section provides information about the security measures incorporated in the NVIDIA DGX B200 system.

Secure Flash of DGX B200 Firmware#

Secure Flash is implemented for the DGX B200 to prevent unsigned and unverified firmware images from being flashed onto the system.

Encryption#

Here is some information about encrypting the DGX B200 firmware.

The firmware encryption algorithm is AES-CBC.

  • The firmware encryption key strength is 128 bits or higher.

  • Each firmware class uses a unique encryption key.

  • Firmware decryption is performed by the same agent performing the signature check or a more trusted agent in the same COT.

NVIDIA System Manager Security#

For information about security in NVIDIA System Management, refer to NVSM documentation page.

Secure Data Deletion#

This section explains how to securely delete data from the DGX B200 system SSDs to destroy all the stored data permanently.

This process performs a more secure SSD data deletion than merely deleting files or reformatting the SSDs.

Prerequisites#

You need to prepare a bootable installation medium containing the current DGX OS Server ISO image.

Refer to Reimaging the System in the NVIDIA DGX OS 7 User Guide for information on the following topics:

  • Obtaining the DGX OS ISO Image

  • Booting the DGX OS ISO Image

Procedure#

Here are the instructions to securely delete data from the DGX B200 system SSDs.

  1. Boot the system from the ISO image, either remotely or from a bootable USB key.

  2. At the GRUB menu, select:

    • (For DGX OS 7): Rescue a broken system and configure the locale and network information.

  3. When prompted to select a root file system, select Do not use a root file system and then select Execute a shell in the installer environment.

  4. Log in.

  5. Run the following command to identify the devices available in the system:

    nvme list

    If the nvme-cli package is not installed, then install the CLI as follows and then run nvme list.

    dpkg -i /usr/lib/live/mount/rootfs/filesystem.squashfs/curtin/repo/<nvme-cli-package.deb>

  6. Perform a secure erase:

    nvme format -s1 <device-path>

    where <device-path> is the specific storage node listed in the previous step. For example, /dev/nvme0n1.