Installing The Software; Configuring Trusted Computing - Nvidia DGX A100 User Manual

6.2

Installing the Software

Use the package manager to install the nv-disk-encrypt package (and, optionally, the TPM2
tools package) and then reboot the system. The TPM tools package is needed if you intend to
use the TPM2 for storage of security keys.
Update the packages
1.
$ sudo apt update
Install nv-disk-encrypt.
2.
$ sudo apt install -y nv-disk-encrypt
(Optional) Install tpm2-tools.
3.
$ sudo apt install -y tpm2-tools
Reboot
4.
$ sudo reboot
If you will use TPM2, be sure to enable it. See the instructions at "Configuring Trusted
Computing".
6.3

Configuring Trusted Computing

The DGX A100 system BIOS provides setup controls for configuring the following Trusted
Computing (TC) features:
Trusted Platform Module

The NVIDIA DGX A100 incorporates Trusted Platform Module 2.0 (TPM 2.0) which can be
enabled from the system BIOS and used in conjunction with the nv-disk-encrypt tool. Once
enabled, the nv-disk-encrypt tool uses the TPM for encryption and then stores the vault
and SED authentication keys on the TPM instead of on the file system. Using the TPM is
preferred because this allows the vault data to persist even if the system gets re-imaged.
Block SID

Certain drives shipped with the DGX A100 system may support the Block SID
authentication feature. Block SID authentication prevents malicious actors from taking
ownership of drives and blocks others from using them. By default, the DGX BIOS will send
the Block SID request. On such setups, you will need to enable the "Disable Block Sid"
feature in the BIOS before proceeding with the initialization steps.
DGX A100 System
Managing the DGX A100 Self-Encrypting Drives
DU-09821-001_v06 | 33