Announcing Confidential Computing General Access on NVIDIA H100 Tensor Core GPUs

NVIDIA launched the initial release of the Confidential Computing (CC) solution in private preview for early access in July 2023 through NVIDIA LaunchPad. Confidential Computing can be used in virtualized environments and provides the highest level of security with the best performance possible in the industry today. The NVIDIA H100 Tensor Core GPU was the first GPU to introduce support for CC. 

Due to the overwhelming success of that release, support for single-GPU passthrough with CC is now generally available on CUDA 12.4. For access, see the free hands-on lab, Develop Confidential VM Applications with NVIDIA H100 Confidential Computing

New Confidential Computing features now available  

NVIDIA continues at the forefront of Confidential Computing, collaborating with CPU partners, cloud providers, and independent software vendors (ISVs) to ensure that the change from traditional, accelerated workloads to confidential, accelerated workloads will be smooth and transparent. 

The latest release for Confidential Computing on NVIDIA H100 Tensor Core GPU includes:

  • Performance optimizations
  • Security hardening of the driver for Confidential Computing

The importance of security

Security is crucial in today’s interconnected world. The vast amounts of generated data have immense potential for businesses and can impact the entire future of every industry. For many years, protection for data-in-motion (such as transferring data over the Internet), and data-at-rest (such as encrypting stored data), was available from a wide variety of vendors that span the security landscape. 

However, many of these vendors were unaware that data in-use might be in the clear, remain exposed, and be vulnerable to attacks. CC addresses the need to secure data in use, and prevent unauthorized users from accessing or modifying the data. 

As many customers move to running AI training or inference on their data, the data and the code need to be protected, especially when running large language models (LLMs). Many customers cannot risk placing their data in the cloud because of the sensitivity of the data. Such data may contain personally identifiable information (PII) or company proprietary information, and the trained model has valuable intellectual property (IP). 

Confidential Computing is the best solution to protect AI models and data. With NVIDIA, customers don’t need to make a trade-off between performance and security.  

Hardware and software security for NVIDIA H100 GPUs 

Check out the hardware and software you need to get started with Confidential Computing on NVIDIA H100 Tensor Core GPU.


Infrastructure requirements for CC on NVIDIA H100 GPUs include a CPU that supports a VM-based Trusted Execution Environment (TEE). 

CPU CC technology 

  • Intel TDX CPUs 

Supported CPUs 

  • AMD Milan (EPYC 7XX3) or AMD Genoa (EPYC 9XX4) 
  • Intel Emerald Rapids 

Supported GPUs   

  • All GPU protections and firewalls enabled on NVIDIA Hopper architecture, including NVIDIA H100 Tensor Core GPUs; H100 PCle and H100 NVL form factors


  • NVIDIA driver: CUDA 12.4 Data Center Driver (r550) or later 
  • Supported hypervisors: Azure Hyper-V, KVM 
  • Supported operating systems
    • AMD: Ubuntu 22.04 with Kernel 5.19 (vendor fork) 
    • Intel: Ubuntu 22.04 with Kernel 6.2 (vendor fork) 

Linux distributions 

  • Linux 6.9 kernel (should support host and guest)


Support for single-GPU passthrough with CC is now generally available on CUDA 12.4. For access, see the free hands-on lab, Develop Confidential VM Applications with NVIDIA H100 Confidential Computing. With the latest release, NVIDIA has added performance optimizations in addition to security hardening of the driver specific to Confidential Computing. For the deployment guide and related documentation, see NVIDIA Trusted Computing Solutions

To learn more and get started, visit NVIDIA Confidential Computing

Discuss (0)