Security

This section provides information about security measures in the DGX H100 system.

User Security Measures

The NVIDIA DGX H100 system is a specialized server designed to be deployed in a data center. It must be configured to protect the hardware from unauthorized access and unapproved use. The DGX H100 system is designed with a dedicated BMC Management Port and multiple Ethernet network ports.

When you install the DGX H100 system in the data center, follow best practices as established by your organization to protect against unauthorized access.

Securing the BMC Port

NVIDIA recommends that you connect the BMC port in the DGX H100 system to a dedicated management network with firewall protection.

If remote access to the BMC is required, such as for a system hosted at a co-location provider, it should be accessed through a secure method that provides isolation from the internet, such as through a VPN server.

System Security Measures

This section provides information about the security measures that have been incorporated in an NVIDIA DGX H100 system.

Secure Flash of DGX H100 Firmware

Secure Flash is implemented for the DGX H100 to prevent unsigned and unverified firmware images from being flashed onto the system.

Encryption

Here is some information about encrypting the DGX H100 firmware.

The firmware encryption algorithm is AES-CBC.

  • The firmware encryption key strength is 128 bits or higher.

  • Each firmware class uses a unique encryption key.

  • Firmware decryption is performed either by the same agent that performs signature check or a more trusted agent in the same COT.

NVIDIA System Manager Security

For information about security in NVIDIA System Management, refer to NVSM documentation page.

Secure Data Deletion

This section explains how to securely delete data from the DGX H100 system SSDs to permanently destroy all the data that was stored there.

This process performs a more secure SSD data deletion than merely deleting files or reformatting the SSDs.

Prerequisites

You need to prepare a bootable installation medium that contains the current DGX OS Server ISO image.

Refer to Reimaging in the NVIDIA DGX OS 6 User Guide for information on the following topics:

  • Obtaining the DGX OS ISO Image

  • Booting the DGX OS ISO Image

Procedure

Here are the instructions to securely delete data from the DGX H100 system SSDs.

  1. Boot the system from the ISO image, either remotely or from a bootable USB key.

  2. At the GRUB menu, select:

    • (For DGX OS 6): Rescue a broken system and configure the locale and network information.

  3. When prompted to select a root file system, select Do not use a root file system and then select Execute a shell in the installer environment.

  4. Log in.

  5. Run the following command to identify the devices available in the system:

    nvme list

    If the nvme-cli package is not installed, then install the CLI as follows and then run nvme list.

    dpkg -i /usr/lib/live/mount/rootfs/filesystem.squashfs/curtin/repo/<nvme-cli-package.deb>

  6. Perform a secure erase:

    nvme format -s1 <device-path>

    where <device-path> is the specific storage node as listed in the previous step. For example, /dev/nvme0n1.