Creating a confidential computing environment relies on enabling trusted execution environments (TEEs) to drive data protection at a CPU-level. Processors for Intel and AMD already enable users to create TEEs to encrypt data when resting, when in use, or even in transit. Microsoft also already uses the same concepts in Azure. One of the problems with TEEs in their current form is that they are built in CPUs. Microsoft wants to extend their capabilities to GPUs and to make that happen is collaborating with NVIDIA. This means data can become more secure at a hardware level for more powerful machines that handle intensive workloads. Microsoft points out transitioning TEEs from CPUs to GPUs is a complex task. The GPU must protect from attacks while still providing full admin capabilities in Azure. Even for hardware the performance should not be impacted by placing TEE on the GPU.

Success

Along with NVIDIA, Microsoft says its TEE features on GPUs can achieve the following:

“A new mode where all sensitive state on the GPU, including GPU memory, is isolated from the host A hardware root-of-trust on the GPU chip that can generate verifiable attestations capturing all security sensitive state of the GPU, including all firmware and microcode Extensions to the GPU driver to verify GPU attestations, set up a secure communication channel with the GPU, and transparently encrypt all communications between the CPU and GPU Hardware support to transparently encrypt all GPU-GPU communications over NVLink Support in the guest operating system and hypervisor to securely attach GPUs to a CPU TEE, even if the contents of the CPU TEE are encrypted.”

Microsoft and NVIDIA have already baked confidential computing abilities into NVIDIA’s A100 Tensor Core GPU on Azure. The companies used a tool known as Ampere Protected Memory (APM). It is a technical achievement, so you should check out the full blog post for all the details. In the meantime, Microsoft is private previewing the TEEs through Azure Confidential GPU VMs. Tip of the day: Did you know that your data and privacy might be at risk if you run Windows without encryption? A bootable USB with a live-linux distribution is often just enough to gain access to all of your files. If you want to change that, check out our detailed BitLocker guide where we show you how to turn on encryption for your system disk or any other drive you might be using in your computer.

Microsoft and NVIDIA Bring Confidential Computing to GPUs on Azure - 45Microsoft and NVIDIA Bring Confidential Computing to GPUs on Azure - 6Microsoft and NVIDIA Bring Confidential Computing to GPUs on Azure - 96Microsoft and NVIDIA Bring Confidential Computing to GPUs on Azure - 16Microsoft and NVIDIA Bring Confidential Computing to GPUs on Azure - 96