公开(公告)号：US20230297406A1

公开(公告)日：2023-09-21

申请号：US18123222

申请日：2023-03-17

Applicant: NVIDIA Corporation

Inventor： Philip Rogers ,  Mark Overby ,  Vyas Venkataraman ,  Naveen Cherukuri ,  James Leroy Deming ,  Gobikrishna Dhanuskodi ,  Dwayne Swoboda ,  Lucien Dunning ,  Aruna Manjunatha ,  Aaron Jiricek ,  Mark Hairgrove ,  Mike Woodmansee

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45587

Abstract: In examples, trusted execution environments (TEE) are provided for an instance of a parallel processing unit (PPU) as PPU TEEs. Different instances of a PPU correspond to different PPU TEEs, and provide accelerated confidential computing to a corresponding TEE. The processors of each PPU instance have separate and isolated paths through the memory system of the PPU which are assigned uniquely to an individual PPU instance. Data in device memory of the PPU may be isolated and access controlled amongst the PPU instances using one or more hardware firewalls. A GPU hypervisor assigns hardware resources to runtimes and performs access control and context switching for the runtimes. A PPU instance uses a cryptographic key to protect data for secure communication. Compute engines of the PPU instance are prevented from writing outside of a protected memory region. Access to a write protected region in PPU memory is blocked from other computing devices and/or device instances.

公开(公告)号：US12219057B2

公开(公告)日：2025-02-04

申请号：US17485110

申请日：2021-09-24

Applicant: NVIDIA Corporation

Inventor： Philip John Rogers ,  Mark Overby ,  Michael Asbury Woodmansee ,  Vyas Venkataraman ,  Naveen Cherukuri ,  Gobikrishna Dhanuskodi ,  Dwayne Frank Swoboda ,  Lucien Burton Dunning ,  Mark Hairgrove ,  Sudeshna Guha

IPC: H04L29/00 ,  G06F9/455 ,  H04L9/08 ,  H04L9/30

Abstract: Apparatuses, systems, and techniques to generate a trusted execution environment including multiple accelerators. In at least one embodiment, a parallel processing unit (PPU), such as a graphics processing unit (GPU), operates in a secure execution mode including a protect memory region. Furthermore, in an embodiment, a cryptographic key is utilized to protect data during transmission between the accelerators.

公开(公告)号：US20230094125A1

公开(公告)日：2023-03-30

申请号：US17485110

申请日：2021-09-24

Applicant: NVIDIA Corporation

Inventor： Philip John Rogers ,  Mark Overby ,  Michael Asbury Woodmansee ,  Vyas Venkataraman ,  Naveen Cherukuri ,  Gobikrishna Dhanuskodi ,  Dwayne Frank Swoboda ,  Lucien Burton Dunning ,  Mark Hairgrove ,  Sudeshna Guha

IPC: H04L9/08 ,  G06F9/455 ,  H04L9/30

Abstract: Apparatuses, systems, and techniques to generate a trusted execution environment including multiple accelerators. In at least one embodiment, a parallel processing unit (PPU), such as a graphics processing unit (GPU), operates in a secure execution mode including a protect memory region. Furthermore, in an embodiment, a cryptographic key is utilized to protect data during transmission between the accelerators.

公开(公告)号：US11966480B2

公开(公告)日：2024-04-23

申请号：US17654355

申请日：2022-03-10

Applicant: NVIDIA Corporation

Inventor： Adam Hendrickson ,  Vaishali Kulkarni ,  Gobikrishna Dhanuskodi ,  Naveen Cherukuri ,  Wish Gandhi ,  Raymond Wong

IPC: G06F21/00 ,  G06F13/16 ,  G06F13/28 ,  G06F21/60 ,  G06F21/79 ,  G06N3/04 ,  H04L9/06 ,  G06F21/10

CPC classification number: G06F21/602 ,  G06F13/1673 ,  G06F13/28 ,  G06F21/79 ,  G06N3/04 ,  H04L9/0637 ,  H04L9/0643 ,  G06F21/107

Abstract: Apparatuses, systems, and techniques for supporting fairness of multiple context sharing cryptographic hardware. An accelerator circuit includes a copy engine (CE) with AES-GCM hardware configured to perform both encryption and authentication of data transfers for multiple applications or multiple data streams in a single application or belonging to a single user. The CE splits a data transfer of a specified size into a set of partial transfers. The CE sequentially executes the set of partial transfers using a context for a period of time (e.g., a timeslice) for an application. The CE stores in a secure memory for the application one or more data for encryption or decryption (e.g., a hash key, a block counter, etc.) computed from a last partial transfer. The one or more data for encryption or decryption are retrieved and used when data transfers for the application is resumed by the CE.

公开(公告)号：US20230297696A1

公开(公告)日：2023-09-21

申请号：US18185654

申请日：2023-03-17

Applicant: NVIDIA Corporation

Inventor： Philip Rogers ,  Mark Overby ,  Vyas Venkataraman ,  Naveen Cherukuri ,  James Leroy Deming ,  Gobikrishna Dhanuskodi ,  Dwayne Swoboda ,  Lucien Dunning ,  Aruna Manjunatha ,  Aaron Jiricek ,  Mark Hairgrove ,  Michael Woodmansee

IPC: G06F21/60 ,  G06F9/455 ,  G06F21/57

CPC classification number: G06F21/602 ,  G06F9/45558 ,  G06F21/575 ,  G06F2009/45587

Abstract: In examples, a parallel processing unit (PPU) operates within a trusted execution environment (TEE) implemented using a central processing unit (CPU). A virtual machine (VM) executing within the TEE is provided access to the PPU by a hypervisor. However, data of an application executed by the VM is inaccessible to the hypervisor and other untrusted entities outside of the TEE. To protect the data in transit, the VM and the PPU may encrypt or decrypt the data for secure communication between the devices. To protect the data within the PPU, a protected memory region may be created in PPU memory where compute engines of the PPU are prevented from writing outside of the protected memory region. A write protect memory region is generated where access to the PPU memory is blocked from other computing devices and/or device instances.

公开(公告)号：US12141268B2

公开(公告)日：2024-11-12

申请号：US17485148

申请日：2021-09-24

Applicant: NVIDIA Corporation

Inventor： Philip John Rogers ,  Mark Overby ,  Michael Asbury Woodmansee ,  Vyas Venkataraman ,  Naveen Cherukuri ,  Gobikrishna Dhanuskodi ,  Dwayne Frank Swoboda ,  Lucien Burton Dunning ,  Mark Hairgrove ,  Sudeshna Guha

IPC: G06F21/53 ,  G06F9/455 ,  G06F21/10 ,  G06F21/54 ,  G06F21/60 ,  G06F21/79

Abstract: Apparatuses, systems, and techniques to generate a trusted execution environment including multiple accelerators. In at least one embodiment, a parallel processing unit (PPU), such as a graphics processing unit (GPU), operates in a secure execution mode including a protect memory region. Furthermore, in an embodiment, a cryptographic key is utilized to protect data during transmission between the accelerators.

公开(公告)号：US12001592B2

公开(公告)日：2024-06-04

申请号：US17652088

申请日：2022-02-22

Applicant: NVIDIA Corporation

Inventor： Anuj Rao ,  Adam Hendrickson ,  Vaishali Kulkarni ,  Gobikrishna Dhanuskodi ,  Naveen Cherukuri

IPC: G06F21/72 ,  G06F21/60 ,  G06F21/71 ,  G06F21/74 ,  G06F21/79

CPC classification number: G06F21/72 ,  G06F21/602 ,  G06F21/71 ,  G06F21/74 ,  G06F21/79

Abstract: Apparatuses, systems, and techniques for handling faults by a direct memory access (DMA) engine. When a DMA engine detects an error associated with an encryption or decryption operation, the DMA engine reports the error to a CPU, which may be executing an untrusted software directing a DMA operation, and the secure processor. The DMA engine waits for clearance from the secure processor before responding to further directions from the potentially untrusted software.

公开(公告)号：US20230289453A1

公开(公告)日：2023-09-14

申请号：US17654355

申请日：2022-03-10

Applicant: NVIDIA Corporation

Inventor： Adam Hendrickson ,  Vaishali Kulkarni ,  Gobikrishna Dhanuskodi ,  Naveen Cherukuri ,  Wish Gandhi ,  Raymond Wong

IPC: G06F21/60 ,  G06F21/79 ,  H04L9/06 ,  G06F13/16 ,  G06F13/28 ,  G06N3/04

CPC classification number: G06F21/602 ,  G06F21/79 ,  H04L9/0637 ,  H04L9/0643 ,  G06F13/1673 ,  G06F13/28 ,  G06N3/04 ,  G06F2221/0751

Abstract: Apparatuses, systems, and techniques for supporting fairness of multiple context sharing cryptographic hardware. An accelerator circuit includes a copy engine (CE) with AES-GCM hardware configured to perform both encryption and authentication of data transfers for multiple applications or multiple data streams in a single application or belonging to a single user. The CE splits a data transfer of a specified size into a set of partial transfers. The CE sequentially executes the set of partial transfers using a context for a period of time (e.g., a timeslice) for an application. The CE stores in a secure memory for the application one or more data for encryption or decryption (e.g., a hash key, a block counter, etc.) computed from a last partial transfer. The one or more data for encryption or decryption are retrieved and used when data transfers for the application is resumed by the CE.

公开(公告)号：US20230267235A1

公开(公告)日：2023-08-24

申请号：US17652088

申请日：2022-02-22

Applicant: NVIDIA Corporation

Inventor： Anuj Rao ,  Adam Hendrickson ,  Vaishali Kulkarni ,  Gobikrishna Dhanuskodi ,  Naveen Cherukuri

IPC: G06F21/72

CPC classification number: G06F21/72

Abstract: Apparatuses, systems, and techniques for handling faults by a direct memory access (DMA) engine. When a DMA engine detects an error associated with an encryption or decryption operation, the DMA engine reports the error to a CPU, which may be executing an untrusted software directing a DMA operation, and the secure processor. The DMA engine waits for clearance from the secure processor before responding to further directions from the potentially untrusted software.

公开(公告)号：US11698869B1

公开(公告)日：2023-07-11

申请号：US17654359

申请日：2022-03-10

Applicant: NVIDIA Corporation

Inventor： Vaishali Kulkarni ,  Naveen Cherukuri ,  Raymond Wong ,  Adam Hendrickson ,  Gobikrishna Dhanuskodi ,  Wish Gandhi

IPC: G06F12/14 ,  G06F13/16 ,  G06F13/28 ,  G06N3/04 ,  H04L9/06

CPC classification number: G06F12/1408 ,  G06F12/1441 ,  G06F12/1458 ,  G06F13/1673 ,  G06F13/28 ,  G06N3/04 ,  H04L9/0637 ,  H04L9/0643

Abstract: The subject application relates to computing an authentication tag for partial transfers scheduled across multiple direct memory access (DMA) engines. Apparatuses, systems, and techniques are described for computing an authentication tag for a data transfer when the data transfer is scheduled as partial transfers across a specified number of direct memory access (DMA) engines. An orchestration circuit stores partial authentication tags, computed by the DMA engines, and corresponding adjustment exponents during one or more rounds in which the partial transfers are scheduled and processed by the specified number of DMA engines. During a last round, a combined authentication tag can be computed based on the partial authentication tags and the corresponding adjustment exponents stored by the orchestration circuit during the rounds.