CONFIDENTIAL COMPUTING USING MULTI-INSTANCING OF PARALLEL PROCESSORS

• Main Authors: Woodmansee, Mike, Hairgrove, Mark, Overby, Mark, Dhanuskodi, Gobikrishna, Cherukuri, Naveen, Jiricek, Aaron, Rogers, Philip, Venkataraman, Vyas, Deming, James Leroy, Swoboda, Dwayne, Dunning, Lucien, Manjunatha, Aruna
• Format: Patent
• Language: English
• Published: 21.09.2023
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

In examples, trusted execution environments (TEE) are provided for an instance of a parallel processing unit (PPU) as PPU TEEs. Different instances of a PPU correspond to different PPU TEEs, and provide accelerated confidential computing to a corresponding TEE. The processors of each PPU instance have separate and isolated paths through the memory system of the PPU which are assigned uniquely to an individual PPU instance. Data in device memory of the PPU may be isolated and access controlled amongst the PPU instances using one or more hardware firewalls. A GPU hypervisor assigns hardware resources to runtimes and performs access control and context switching for the runtimes. A PPU instance uses a cryptographic key to protect data for secure communication. Compute engines of the PPU instance are prevented from writing outside of a protected memory region. Access to a write protected region in PPU memory is blocked from other computing devices and/or device instances.