diff --git a/cmd/buildkitd/config/config.go b/cmd/buildkitd/config/config.go
index 480f0450a..1e104eb4c 100644
--- a/cmd/buildkitd/config/config.go
+++ b/cmd/buildkitd/config/config.go
@@ -23,6 +23,8 @@ type Config struct {
 
 	OTEL OTELConfig `toml:"otel"`
 
+	CDI CDIConfig `toml:"cdi"`
+
 	Workers struct {
 		OCI        OCIConfig        `toml:"oci"`
 		Containerd ContainerdConfig `toml:"containerd"`
@@ -74,6 +76,11 @@ type OTELConfig struct {
 	SocketPath string `toml:"socketPath"`
 }
 
+type CDIConfig struct {
+	Enabled  *bool    `toml:"enabled"`
+	SpecDirs []string `toml:"specDirs"`
+}
+
 type GCConfig struct {
 	GC *bool `toml:"gc"`
 	// Deprecated: use GCReservedSpace instead
diff --git a/cmd/buildkitd/main.go b/cmd/buildkitd/main.go
index cdfe9a948..a407b234a 100644
--- a/cmd/buildkitd/main.go
+++ b/cmd/buildkitd/main.go
@@ -74,6 +74,7 @@ import (
 	"google.golang.org/grpc/health"
 	healthv1 "google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/grpc/reflection"
+	"tags.cncf.io/container-device-interface/pkg/cdi"
 )
 
 func init() {
@@ -216,6 +217,14 @@ func main() {
 			Name:  "otel-socket-path",
 			Usage: "OTEL collector trace socket path",
 		},
+		cli.BoolFlag{
+			Name:  "cdi-enabled",
+			Usage: "enables support of the Container Device Interface (CDI)",
+		},
+		cli.StringSliceFlag{
+			Name:  "cdi-spec-dir",
+			Usage: "list of directories to scan for CDI spec files",
+		},
 	)
 	app.Flags = append(app.Flags, appFlags...)
 	app.Flags = append(app.Flags, serviceFlags()...)
@@ -281,6 +290,12 @@ func main() {
 		}
 		closers = append(closers, mp.Shutdown)
 
+		if cfg.CDI.Enabled != nil && *cfg.CDI.Enabled {
+			if err := cdi.Configure(cdi.WithSpecDirs(cfg.CDI.SpecDirs...)); err != nil {
+				return errors.Wrap(err, "failed to configure CDI registry")
+			}
+		}
+
 		statsHandler := tracing.ServerStatsHandler(
 			otelgrpc.WithTracerProvider(tp),
 			otelgrpc.WithMeterProvider(mp),
@@ -537,6 +552,10 @@ func setDefaultConfig(cfg *config.Config) {
 	if cfg.OTEL.SocketPath == "" {
 		cfg.OTEL.SocketPath = appdefaults.TraceSocketPath(isRootlessConfig())
 	}
+
+	if len(cfg.CDI.SpecDirs) == 0 {
+		cfg.CDI.SpecDirs = appdefaults.CDISpecDirs
+	}
 }
 
 // isRootlessConfig is true if we should be using the rootless config
@@ -619,6 +638,14 @@ func applyMainFlags(c *cli.Context, cfg *config.Config) error {
 		cfg.OTEL.SocketPath = c.String("otel-socket-path")
 	}
 
+	if c.IsSet("cdi-enabled") {
+		cdiEnabled := c.Bool("cdi-enabled")
+		cfg.CDI.Enabled = &cdiEnabled
+	}
+	if c.IsSet("cdi-spec-dir") {
+		cfg.CDI.SpecDirs = c.StringSlice("cdi-spec-dir")
+	}
+
 	applyPlatformFlags(c)
 
 	return nil
diff --git a/docs/buildkitd.toml.md b/docs/buildkitd.toml.md
index 71061c626..70cbb7229 100644
--- a/docs/buildkitd.toml.md
+++ b/docs/buildkitd.toml.md
@@ -46,6 +46,13 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
   # OTEL collector trace socket path
   socketPath = "/run/buildkit/otel-grpc.sock"
 
+[cdi]
+  # Enables support of the Container Device Interface (CDI).
+  enabled = true
+  # List of directories to scan for CDI spec files. For more details about CDI
+  # specification, please refer to https://github.com/cncf-tags/container-device-interface/blob/main/SPEC.md#cdi-json-specification
+  specDirs = ["/etc/cdi", "/var/run/cdi"]
+
 # config for build history API that stores information about completed build commands
 [history]
   # maxAge is the maximum age of history entries to keep, in seconds.
diff --git a/go.mod b/go.mod
index fde31734e..2bc7ab934 100644
--- a/go.mod
+++ b/go.mod
@@ -107,6 +107,7 @@ require (
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1
 	google.golang.org/protobuf v1.35.2
 	kernel.org/pub/linux/libs/security/libcap/cap v1.2.73
+	tags.cncf.io/container-device-interface v0.8.0
 )
 
 require (
@@ -183,7 +184,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	kernel.org/pub/linux/libs/security/libcap/psx v1.2.73 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
-	tags.cncf.io/container-device-interface v0.8.0 // indirect
 	tags.cncf.io/container-device-interface/specs-go v0.8.0 // indirect
 )
 
diff --git a/util/appdefaults/appdefaults_unix.go b/util/appdefaults/appdefaults_unix.go
index cb1aa06d1..5742c4dea 100644
--- a/util/appdefaults/appdefaults_unix.go
+++ b/util/appdefaults/appdefaults_unix.go
@@ -17,6 +17,7 @@ const (
 
 var (
 	UserCNIConfigPath = filepath.Join(UserConfigDir(), "cni.json")
+	CDISpecDirs       = []string{"/etc/buildkit/cdi"}
 )
 
 // UserAddress typically returns /run/user/$UID/buildkit/buildkitd.sock
diff --git a/util/appdefaults/appdefaults_windows.go b/util/appdefaults/appdefaults_windows.go
index 323c8a98a..c2103887a 100644
--- a/util/appdefaults/appdefaults_windows.go
+++ b/util/appdefaults/appdefaults_windows.go
@@ -18,6 +18,7 @@ var (
 
 var (
 	UserCNIConfigPath = DefaultCNIConfigPath
+	CDISpecDirs       []string
 )
 
 func UserAddress() string {