Server Node (Cloud Provider)
Confidential VM
DRAM
System Memory
Encrypted
CPU
Incl. Memory Controller
(encrypt / decrypt)
GPU 0
Compute Die
HBM
Physically bonded to package
(no socket → no interposer)
GPU 1
Compute Die
HBM
Physically bonded to package
(no socket → no interposer)
DDR Memory Bus
AES-XTS (deterministic)
PCIe
AES-GCM
NVLink
See note
DDR Memory Bus (DRAM) Moderate
Memory controller encrypts data with AES-XTS before writing to DRAM. However, encryption is deterministic — same data at the same address always produces the same ciphertext. A physical interposer between DIMM and socket can capture ciphertext and exploit replay patterns with significant effort.
PCIe (CPU ↔ GPU) Strong
Data encrypted with AES-GCM, a non-deterministic scheme using unique nonces. An interposer captures only ciphertext that is not vulnerable to replay attacks. Supported on both Hopper and Blackwell.
NVLink (GPU ↔ GPU) Generation-dependent
Hopper (H200): NVLink traffic is unencrypted in confidential computing mode — currently a gap. Blackwell: encrypted with AES-GCM, closing this attack surface. Workshop will upgrade to Blackwell.