Support for NVIDIA Confidential Computing modes in HAMi

[gdagil]

Hi HAMi team! 👋

I'd like to discuss the possibility of adding support for NVIDIA Confidential Computing modes to the HAMi project.

Context

NVIDIA has introduced Confidential Computing technology for GPUs in the Hopper architecture, which extends trust boundaries beyond the traditional CPU-centric approach. This technology provides:

• Hardware-accelerated data isolation
• Protection of data during execution
• Certified environment attestation

Relevant Resources

• k8s-cc-manager - Kubernetes operator for managing Confidential Computing GPUs
• gpu-admin-tools - GPU administration tools with Confidential Computing support

Proposal

Consider integrating support for NVIDIA Confidential Computing modes in HAMi for:

1. Secure GPU virtualization - ensuring data isolation when sharing GPUs
2. Environment attestation - verifying GPU trusted state before running workloads
3. Enhanced security policies - integration with enterprise security requirements

Questions

• Is Confidential Computing support planned in the HAMi roadmap?
• What technical limitations might arise during integration?
• Is community assistance needed for developing this functionality?

Thanks for considering this feature request! 🙏

[archlitchi]

hi @gdagil, thanks for bring CC to our attention, that's a nice feature to be support and i'll add this to RoadMap, if you come up with an idea or design, please submit a PR to let us know

i'm not sure which technical limitations we'll face, but the least thing we could do, is to put gpu-admin-tools into 'vGPUmonitor' container

for your last question, yes, of course, it would be great if you are interested in participate