Supported Platforms

Following are the platforms supported by the NVIDIA Confidential Containers Reference Architecture.

Supported Hardware Platform

NVIDIA GPUs

GPU	Passthrough
NVIDIA H100	Single-GPU
NVIDIA H200	Single-GPU
NVIDIA H100 Protected PCIe (PPCIe)	Multi-GPU
NVIDIA H200 Protected PCIe (PPCIe)	Multi-GPU
NVIDIA B200	Single-GPU, Multi-GPU
NVIDIA RTX Pro 6000 BSE	Single-GPU

Note

Multi-GPU passthrough on NVIDIA Hopper HGX systems requires that you set the Confidential Computing mode to ppcie mode. Refer to Managing the Confidential Computing Mode for details.

Note

For both single and multi GPU Passthrough, all GPUs on the host must be configured for Confidential Computing and all GPUs must be assigned to one Confidential Container virtual machine. Configuring only some GPUs on a node for Confidential Computing is not supported.

CPU Platforms

Category	Operating System	Kernel Version
AMD Genoa / Milan	Ubuntu 25.10	6.17+
Intel Emerald Rapids (ER) / Granite Rapids (GR)	Ubuntu 25.10	6.17+

For additional information on node configuration, refer to the Confidential Computing Deployment Guide for information about supported NVIDIA GPUs, such as the NVIDIA Hopper H100.

The following topics in the deployment guide apply to a cloud-native environment:

• Hardware selection and initial hardware configuration, such as BIOS settings.

• Host operating system selection, initial configuration, and validation.

When following the cloud-native sections in the deployment guide linked above, use Ubuntu 25.10 as the host OS with its default kernel version and configuration.

For additional resources on machine setup:

• Refer to the NVIDIA Trusted Computing Solutions website.

• Refer to the Licensing page for more information on the licensing requirements for NVIDIA Confidential Computing capabilities.

Supported Software Components

Component	Release/Version
Guest OS	Distroless
Guest kernel	6.18.5
OVMF	edk2-stable202511
QEMU	10.1 + Patches
Containerd	2.2.2
Kubernetes	1.32 +
NVIDIA GPU Operator and its components. Refer to the GPU Operator Component Matrix for the list of components and versions included in each release.	v26.3.1 and higher
Kata Containers	3.29 (installed with kata-deploy Helm chart)
Key Broker Service (KBS) protocol	0.4.0
Kata Lifecycle Manager	0.1.4
Red Hat OpenShift Sandboxed Containers	1.12