Secure Flash Of Dgx A100 Firmware; Nvsm Security; Secure Data Deletion; Prerequisite - Nvidia DGX A100 User Manual

12.2.1 Secure Flash of DGX A100 Firmware

Secure Flash is implemented for the DGX A100 to prevent unsigned and unverified
firmware images from being flashed onto the system.
12.2.1.1 Encryption

System firmware is encrypted during over-the-network upgrades.

The firmware encryption algorithm is AES-CBC.

The firmware encryption key strength is 128 bits or higher.

Each firmware class uses a unique encryption key.

Firmware decryption is performed either by the same agent that performs signature
check or a more trusted agent in the same COT
12.2.1.2 Signing

The firmware signature is validated upon each boot of the DGX A100.
This is not implemented for the PSU firmware and CPLD.

The firmware signature is validated on every update before the firmware image is
updated in non-volatile storage.

12.2.2 NVSM Security

See Configuring NVSM
12.3

SECURE DATA DELETION

This section explains how to securely delete data from the NVIDIA DGX A100 system
SSDs to permanently destroy all the data that was stored there. This performs a more
secure SSD data deletion than merely deleting files or reformatting the SSDs.

12.3.1 Prerequisite

Prepare a bootable installation medium that contains the current DGX OS Server ISO
image.
See:

"Obtaining the DGX A100 Software ISO Image and Checksum File"

"Creating a Bootable Installation Medium"
DGX A100 System User Guide
Security.
Chapter 12 : Security
DU-09821-001_v01 | 82