公开(公告)号：US20230297406A1

公开(公告)日：2023-09-21

申请号：US18123222

申请日：2023-03-17

Applicant: NVIDIA Corporation

Inventor： Philip Rogers ,  Mark Overby ,  Vyas Venkataraman ,  Naveen Cherukuri ,  James Leroy Deming ,  Gobikrishna Dhanuskodi ,  Dwayne Swoboda ,  Lucien Dunning ,  Aruna Manjunatha ,  Aaron Jiricek ,  Mark Hairgrove ,  Mike Woodmansee

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45587

Abstract: In examples, trusted execution environments (TEE) are provided for an instance of a parallel processing unit (PPU) as PPU TEEs. Different instances of a PPU correspond to different PPU TEEs, and provide accelerated confidential computing to a corresponding TEE. The processors of each PPU instance have separate and isolated paths through the memory system of the PPU which are assigned uniquely to an individual PPU instance. Data in device memory of the PPU may be isolated and access controlled amongst the PPU instances using one or more hardware firewalls. A GPU hypervisor assigns hardware resources to runtimes and performs access control and context switching for the runtimes. A PPU instance uses a cryptographic key to protect data for secure communication. Compute engines of the PPU instance are prevented from writing outside of a protected memory region. Access to a write protected region in PPU memory is blocked from other computing devices and/or device instances.

公开(公告)号：US20230297696A1

公开(公告)日：2023-09-21

申请号：US18185654

申请日：2023-03-17

Applicant: NVIDIA Corporation

Inventor： Philip Rogers ,  Mark Overby ,  Vyas Venkataraman ,  Naveen Cherukuri ,  James Leroy Deming ,  Gobikrishna Dhanuskodi ,  Dwayne Swoboda ,  Lucien Dunning ,  Aruna Manjunatha ,  Aaron Jiricek ,  Mark Hairgrove ,  Michael Woodmansee

IPC: G06F21/60 ,  G06F9/455 ,  G06F21/57

CPC classification number: G06F21/602 ,  G06F9/45558 ,  G06F21/575 ,  G06F2009/45587

Abstract: In examples, a parallel processing unit (PPU) operates within a trusted execution environment (TEE) implemented using a central processing unit (CPU). A virtual machine (VM) executing within the TEE is provided access to the PPU by a hypervisor. However, data of an application executed by the VM is inaccessible to the hypervisor and other untrusted entities outside of the TEE. To protect the data in transit, the VM and the PPU may encrypt or decrypt the data for secure communication between the devices. To protect the data within the PPU, a protected memory region may be created in PPU memory where compute engines of the PPU are prevented from writing outside of the protected memory region. A write protect memory region is generated where access to the PPU memory is blocked from other computing devices and/or device instances.

公开(公告)号：US20240070277A1

公开(公告)日：2024-02-29

申请号：US18064480

申请日：2022-12-12

Applicant: NVIDIA Corporation

Inventor： Li Ge ,  Nivedita Viswanath ,  Philip Rogers ,  Rajat Chopra ,  Satish Salagame

IPC: G06F21/57 ,  G06F21/60

CPC classification number: G06F21/57 ,  G06F21/602

Abstract: In various examples, systems for performing cloud-based updating of operating systems (e.g., root file systems) using system partitioning. For instance, a system(s) may initiate updates of the operating systems of machines, where the machines use system partitioning for the updating. More specifically, the system(s) may cause a machine to update the operating system using a standby system partition while the machine is currently running on another, active system partition. In some circumstances, the system(s) may perform these processes in order to update a cluster of machines, such as during a specific time period or at a certain frequency. By using such processes, the cluster of machines may still operate during the updating of the machines and/or even if the update fails on one or more of the machines.