Supported Platforms#

Following are the platforms supported by the NVIDIA Confidential Containers Reference Architecture.

Supported Hardware Platform#

NVIDIA GPUs#

GPU

Passthrough

NVIDIA HGX H100

Single-GPU

NVIDIA HGX H200

Single-GPU

NVIDIA H100 PCIe

Single-GPU

NVIDIA HGX B200

Single-GPU, Multi-GPU

NVIDIA HGX B300

Single-GPU, Multi-GPU

NVIDIA RTX Pro 6000 BSE

Single-GPU

Note

Multi-GPU passthrough on NVIDIA Hopper HGX systems requires ppcie mode. Refer to Managing the Confidential Computing Mode in the deployment guide for details.

Note

For both single and multi GPU Passthrough, all GPUs on the host must be configured for Confidential Computing and all GPUs must be assigned to one Confidential Container virtual machine. Configuring only some GPUs on a node for Confidential Computing is not supported.

CPU Platforms#

Category

Operating System

Kernel Version

AMD Genoa / Milan

Ubuntu 25.10

6.17+

Intel Emerald Rapids (ER) / Granite Rapids (GR)

Ubuntu 25.10

6.17+

For additional information on node configuration, refer to the Confidential Computing Deployment Guide for information about supported NVIDIA GPUs, such as the NVIDIA Hopper H100.

The following topics in the deployment guide apply to a cloud-native environment:

  • Hardware selection and initial hardware configuration, such as BIOS settings.

  • Host operating system selection, initial configuration, and validation.

When following the cloud-native sections in the deployment guide linked above, use Ubuntu 25.10 as the host OS with its default kernel version and configuration.

For additional resources on machine setup:

Supported Software Components#

Component

Release/Version

Guest OS

Distroless

Guest kernel

6.18.5

OVMF

edk2-stable202511

QEMU

10.1 + Patches

Containerd

2.2.2 +

Kubernetes

1.32 +

Node Feature Discovery (NFD)

v0.6.0

NVIDIA GPU Operator

v26.3.0 and higher

Kata Containers

3.29 (installed with kata-deploy Helm chart)

Key Broker Service (KBS) protocol

0.4.0

Kata Lifecycle Manager

0.1.4