Hardware (Host) and Platform Software Requirements#
Hardware support is tied to a specific validated configuration. Each deployment must document the validated hardware and software profile: server model, CPU TEE, GPU SKU and count, firmware, GPU confidential-computing mode, memory, storage, network adapters, management network, and acceptance tests.
Support status changes quickly. Treat this section as a point-in-time validation profile, not the source of truth for currently supported combinations. For NVIDIA GPU confidential-computing support, start with NVIDIA Confidential Computing, the NVIDIA CC Compatibility Matrix, and the current NVIDIA Trusted Computing Solutions documentation. Also check the CC software provider’s product page and support matrix for the selected stack.
An example validation profile uses Dell PowerEdge XE7745 servers with dual AMD EPYC 9555 processors, eight NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs, 1.5 TB-class system memory, local NVMe, and BlueField-3 plus ConnectX networking. Other platforms need their own validation profile.
Before the CVM launches, the host checks that the CPU TEE, secure boot, IOMMU, memory encryption, GPU firmware, GPU confidential-computing capability, and the launch stack itself are all in the expected state. On AMD that means SEV-SNP enabled in firmware and exposed to the kernel and hypervisor; on Intel it means the same for TDX.
The GPU goes into confidential-computing mode before the guest starts. The host binds devices for passthrough and avoids loading conflicting drivers — some mode transitions require a device reset or host-level privilege to complete.
GPU generation and topology matter. A configuration validated on one GPU generation, form factor, interconnect, driver version, or firmware level does not automatically cover another. PCIe, SXM, NVLink, NVSwitch, MIG, firmware, and GPU confidential-computing support status can change security and performance behavior.
Licensing can also shape the deployment. If a model provider license is tied to a specific GPU class or cannot span two validated profiles, the validation profile needs to say so.