As many enterprises move to running AI training or inference on their data, the data and the code need to be protected, especially for large language models (LLMs). Many customers can’t risk placing their data in the cloud because of data sensitivity. Such data may contain personally identifiable information (PII) or company proprietary information, and the trained model has valuable intellectual property (IP).
NVIDIA Confidential Computing (CC) is the best solution to protect large AI models and data. With NVIDIA CC, enterprises don’t need to make a trade-off between performance and security. NVIDIA initially released CC in 2023, and continues to collaborate with CPU partners, cloud providers, and independent software vendors (ISVs) to ensure that the change from traditional, accelerated workloads to confidential, accelerated workloads will be smooth and transparent.
This post explains the latest release for Secure AI, or Protected PCIe, on NVIDIA HGX H100 8-GPU and NVIDIA HGX H200 8-GPU. It includes:
- Protected PCIe (PPCIE) mode: PPCIE protects multi-GPU with eight GPUs and four switches in the Confidential Virtual Machine. This mode is different from a single GPU with CC that was configured using CC mode.
- NV Link encryption removed: To improve performance.
- Attestation changes: To measure both GPUs and switches configuration running in PPCIE mode.
Importance of security
Security is crucial in today’s interconnected world. The vast amounts of generated data have immense potential for businesses and can impact the entire future of every industry. For many years, protection for data-in-motion (such as transferring data over the Internet), and data-at-rest (such as encrypting stored data), was available from a wide variety of vendors that span the security landscape.
However, many of these vendors were unaware that data in use might be in the cleartext, remain exposed, and be vulnerable to attacks. CC addresses the need to secure data in use, and prevent unauthorized users from accessing or modifying the data.
Hardware and software security for NVIDIA GPUs
This section details the hardware and software you’ll need to get started with PPCIE on NVIDIA GPUs.
Hardware
PPCIE requires a system with NVIDIA H100 Tensor Core GPUs or NVIDIA H200 Tensor Core GPUs on an HGX 8-GPU system. The system must also have a CPU that supports a trusted execution environment (TEE).
CPU CC technology
- AMD SEV-SNP
- Intel TDX
Supported CPUs
- AMD Milan (EPYC 7XX3) or AMD Genoa (EPYC 9XX4)
- Intel Emerald Rapids (5th gen Xeon scalable) and Intel Granite Rapids (6th generation Xeon scalable)
Supported GPUs
- All GPU protections and firewalls enabled on NVIDIA Hopper architecture, including NVIDIA HGX H100 8-GPU 80 GB and HGX H200 NVL systems
Software
- NVIDIA driver: CUDA 12.8 Data Center Driver (r570) or later
- NVIDIA firmware 1.7.0 or later
- Supported hypervisors: Microsoft Azure Hyper-V, KVM
- Supported operating systems
- AMD: Ubuntu 25.04
- Intel: Ubuntu 24.04 with patches
Getting started
Support for PPCIE is now generally available on CUDA 12.8. You can now run your LLMs with PPCIE to leverage full 8-GPU performance with the latest hardware security.
For the deployment guide and related documentation for Secure AI (Protected PCIe), see NVIDIA Deployment Guide. To check out the additional security offerings, including NVIDIA Confidential Computing, visit NVIDIA Trusted Computing Solutions.
