Security#

This section provides information about security measures in the NVIDIA DGX™ H100/H200 system.

User Security Measures#

The NVIDIA DGX H100/H200 system is a specialized server designed to be deployed in a data center. It must be configured to protect the hardware from unauthorized access and unapproved use. The DGX H100/H200 system is designed with a dedicated BMC Management Port and multiple Ethernet network ports.

When you install the DGX H100/H200 system in the data center, follow best practices as established by your organization to protect against unauthorized access.

Securing the BMC Port#

NVIDIA recommends that you connect the BMC port in the DGX H100/H200 system to a dedicated management network with firewall protection.

If remote access to the BMC is required, such as for a system hosted at a co-location provider, it should be accessed through a secure method that provides isolation from the internet, such as through a VPN server.

System Security Measures#

This section provides information about the security measures that have been incorporated in the NVIDIA DGX H100/H200 system.

Secure Flash of DGX H100/H200 Firmware#

Secure Flash is implemented for the DGX H100/H200 to prevent unsigned and unverified firmware images from being flashed onto the system.

Encryption#

Here is some information about encrypting the DGX H100/H200 firmware.

The firmware encryption algorithm is AES-CBC.

  • The firmware encryption key strength is 128 bits or higher.

  • Each firmware class uses a unique encryption key.

  • Firmware decryption is performed either by the same agent that performs signature check or a more trusted agent in the same COT.

NVIDIA System Manager Security#

For information about security in NVIDIA System Management, refer to NVSM documentation page.

Secure Data Deletion#

This section explains how to securely delete data from the DGX H100/H200 system SSDs to permanently destroy all the data that was stored there.

This process performs a more secure SSD data deletion than merely deleting files or reformatting the SSDs.

Prerequisites#

You need to prepare a bootable installation medium that contains the current DGX OS Server ISO image.

Refer to Reimaging in the NVIDIA DGX OS 6 User Guide for information on the following topics:

  • Obtaining the DGX OS ISO Image

  • Booting the DGX OS ISO Image

Procedure#

Here are the instructions to securely delete data from the DGX H100/H200 system SSDs.

  1. Boot the system from the ISO image, either remotely or from a bootable USB key.

  2. At the GRUB menu, select:

    • (For DGX OS 6): Rescue a broken system and configure the locale and network information.

  3. When prompted to select a root file system, select Do not use a root file system and then select Execute a shell in the installer environment.

  4. Log in.

  5. Run the following command to identify the devices available in the system:

    nvme list

    If the nvme-cli package is not installed, then install the CLI as follows and then run nvme list.

    dpkg -i /usr/lib/live/mount/rootfs/filesystem.squashfs/curtin/repo/<nvme-cli-package.deb>

  6. Perform a secure erase:

    nvme format -s1 <device-path>

    where <device-path> is the specific storage node as listed in the previous step. For example, /dev/nvme0n1.

On this page