Installing The Software; Configuring Trusted Computing; Determining Whether Drives Support Sid - Nvidia DGX A100 User Manual

Hide thumbs Also See for DGX A100:

User manual (120 pages)

Service manual (108 pages)

User manual (115 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

page of 118

/ 118
Contents
Table of Contents
Bookmarks

Table of Contents

6.2.

Installing the Software

Use the package manager to install the

tools package, and reboot the system. You need the TPM tools package if you plan to use the

TPM2 to store security keys.

1. Update the packages.

$ sudo apt update

2. Install

nv-disk-encrypt

$ sudo apt install -y nv-disk-encrypt

3. (Optional) Install

tpm2-tools

$ sudo apt install -y tpm2-tools

4. Reboot.

$ sudo reboot

If you plan to use TPM2, enable it. Refer to "Configuring Trusted Computing" for more

information.

6.3.

Configuring Trusted Computing

Here is some information about the controls that are required to configure Trusted Computing

(TC).

The DGX A100 system BIOS provides setup controls for configuring the following TC features:

‣

Trusted Platform Module

The NVIDIA DGX A100 incorporates Trusted Platform Module 2.0 (TPM 2.0) which can be

enabled from the system BIOS and used in conjunction with the nv-disk-encrypt tool. After

being enabled, the

vault and SED authentication keys on the TPM instead of on the file system. Using the TPM

is preferred because this allows the vault data to persist even if the system is reimaged.

‣

Block SID

Certain drives shipped with the DGX A100 system might support the Block SID

authentication feature. Block SID authentication prevents malicious actors from taking

ownership of drives and blocks others from using the drives. By default, the DGX BIOS will

send the Block SID request. On such setups, you will need to enable the Disable Block Sid

feature in the BIOS before proceeding with the initialization steps.

6.3.1.

Determining Whether Drives Support SID

The drive model is a good indicator of whether the drive supports this feature. Issue the

following and look for the

$ sudo nvme list

Node

---------------- -------------------- ---------------------

NVIDIA DGX A100

nv-disk-encrypt

tool uses the TPM for encryption and stores the

nv-disk-encrypt

model string:

KCM6DRUL3T84

Model ...

Managing the DGX A100 Self-Encrypting Drives

package and, optionally, the TPM2

DU-09821-001 _v01 | 32

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Installing The Software; Configuring Trusted Computing; Determining Whether Drives Support Sid - Nvidia DGX A100 User Manual

Installing the Software

Configuring Trusted Computing

Determining Whether Drives Support SID

Hide quick links:

Related Manuals for Nvidia DGX A100

Related Content for Nvidia DGX A100

Table of Contents