公开(公告)号：US20240232360A1

公开(公告)日：2024-07-11

申请号：US18151175

申请日：2023-01-06

Applicant: NVIDIA Corporation

Inventor： Lucien Dunning ,  Seth Schneider ,  Dwayne Swoboda ,  Marko Mitic ,  Adam Zabrocki

IPC: G06F21/57 ,  A63F13/73

CPC classification number: G06F21/57 ,  A63F13/73

Abstract: In examples, a VM may receive and aggregate a first attestation report corresponding to a
CPU and a second attestation report corresponding to a GPU. The aggregated data may be provided to an attestation service, which may verify the attestation reports indicate a TCB is to include the VM and GPU state data and is to isolate the GPU state data and the VM from an untrusted host OS. Based at least on the TCB being verified, the VM may perform one or more operations using the TCB. The TCB may include a trusted hypervisor to isolate the VM and GPU state data within the GPU(s) from the untrusted host OS. The trusted hypervisor may prevent the host OS from accessing device memory assigned to the VM based at least on controlling an IOMMU and/or second-level address translation (SLAT) used to access the data.

公开(公告)号：US20240286043A1

公开(公告)日：2024-08-29

申请号：US18174163

申请日：2023-02-24

Applicant: NVIDIA Corporation

Inventor： Lucien Dunning ,  Seth Schneider ,  Dwayne Swoboda ,  Marko Mitic ,  Daniel Rohrer

IPC: A63F13/73 ,  A63F13/75 ,  H04L9/40

CPC classification number: A63F13/73 ,  A63F13/75 ,  H04L63/20

Abstract: In examples, properties of an execution environment may be verified for a game session to comply with security policies based at least on analyzing attestation reports generated using one or more host devices. Content items may be associated with the game session to indicate the verification for presentation with a live stream video of the game session, in a pre-recorded video of the game session, and/or in another user interface associated with the game session. A record of the verification may be stored in a database, and the database may be queried to display the content item and/or to determine whether the verification occurred. The attestation reports may include an attestation report(s) generated using an input device(s) used to capture user inputs for the game session, such as an input device used to control the game session and/or provide a video capture of the player during the game session.

公开(公告)号：US20230297406A1

公开(公告)日：2023-09-21

申请号：US18123222

申请日：2023-03-17

Applicant: NVIDIA Corporation

Inventor： Philip Rogers ,  Mark Overby ,  Vyas Venkataraman ,  Naveen Cherukuri ,  James Leroy Deming ,  Gobikrishna Dhanuskodi ,  Dwayne Swoboda ,  Lucien Dunning ,  Aruna Manjunatha ,  Aaron Jiricek ,  Mark Hairgrove ,  Mike Woodmansee

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45587

Abstract: In examples, trusted execution environments (TEE) are provided for an instance of a parallel processing unit (PPU) as PPU TEEs. Different instances of a PPU correspond to different PPU TEEs, and provide accelerated confidential computing to a corresponding TEE. The processors of each PPU instance have separate and isolated paths through the memory system of the PPU which are assigned uniquely to an individual PPU instance. Data in device memory of the PPU may be isolated and access controlled amongst the PPU instances using one or more hardware firewalls. A GPU hypervisor assigns hardware resources to runtimes and performs access control and context switching for the runtimes. A PPU instance uses a cryptographic key to protect data for secure communication. Compute engines of the PPU instance are prevented from writing outside of a protected memory region. Access to a write protected region in PPU memory is blocked from other computing devices and/or device instances.

公开(公告)号：US20230297696A1

公开(公告)日：2023-09-21

申请号：US18185654

申请日：2023-03-17

Applicant: NVIDIA Corporation

Inventor： Philip Rogers ,  Mark Overby ,  Vyas Venkataraman ,  Naveen Cherukuri ,  James Leroy Deming ,  Gobikrishna Dhanuskodi ,  Dwayne Swoboda ,  Lucien Dunning ,  Aruna Manjunatha ,  Aaron Jiricek ,  Mark Hairgrove ,  Michael Woodmansee

IPC: G06F21/60 ,  G06F9/455 ,  G06F21/57

CPC classification number: G06F21/602 ,  G06F9/45558 ,  G06F21/575 ,  G06F2009/45587

Abstract: In examples, a parallel processing unit (PPU) operates within a trusted execution environment (TEE) implemented using a central processing unit (CPU). A virtual machine (VM) executing within the TEE is provided access to the PPU by a hypervisor. However, data of an application executed by the VM is inaccessible to the hypervisor and other untrusted entities outside of the TEE. To protect the data in transit, the VM and the PPU may encrypt or decrypt the data for secure communication between the devices. To protect the data within the PPU, a protected memory region may be created in PPU memory where compute engines of the PPU are prevented from writing outside of the protected memory region. A write protect memory region is generated where access to the PPU memory is blocked from other computing devices and/or device instances.

公开(公告)号：US20160188251A1

公开(公告)日：2016-06-30

申请号：US14800684

申请日：2015-07-15

Applicant: Nvidia Corporation

Inventor： Lucien Dunning ,  Dwayne Swoboda ,  Arvind Gopalakrishnan ,  Cameron Buschardt

IPC: G06F3/06 ,  G06F12/10

CPC classification number: G06F12/1009 ,  G06F12/109 ,  G06F12/1491 ,  G06F2212/1044 ,  G06F2212/152

Abstract: Unified virtual memory (UVM) management techniques using page table sharing between user mode and kernel mode GPU address spaces and creating the notion of privileged level of data.

Abstract translation: 统一虚拟内存（UVM）管理技术，使用用户模式和内核模式之间的页表共享GPU地址空间，并创建特权数据级别的概念。

公开(公告)号：US20150091912A1

公开(公告)日：2015-04-02

申请号：US14040048

申请日：2013-09-27

Applicant: NVIDIA Corporation

Inventor： Dwayne Swoboda

IPC: G06T1/60 ,  G06T1/20

CPC classification number: G06T1/60 ,  G06F12/00 ,  G06T1/20 ,  G09G5/363

Abstract: A method to render graphics on a computer system having a plurality of graphics-processing units (GPUs) includes the acts of instantiating an independent physical-memory allocator for each GPU, receiving a physical-memory allocation request from a graphics-driver process, and passing the request to one of the independent physical-memory allocators. The method also includes creating a local physical-memory descriptor to reference physical memory on the GPU associated with that physical-memory allocator, assigning a physical-memory handle to the local physical-memory descriptor, and returning the physical-memory handle to the graphics-driver process to fulfill a subsequent memory-map request from the graphics-driver process.

Abstract translation: 在具有多个图形处理单元（GPU）的计算机系统上呈现图形的方法包括为每个GPU实例化独立物理内存分配器的动作，从图形驱动程序进程接收物理内存分配请求，以及 将请求传递给独立的物理内存分配器之一。 该方法还包括创建本地物理存储器描述符以引用与该物理内存分配器相关联的GPU上的物理存储器，向物理内存描述符分配物理内存句柄，以及将物理内存句柄返回到图形 驱动程序来完成来自图形驱动程序进程的后续内存映射请求。