Confidential GPU Computing, NVIDIA’s Cloud Gets An Azure Lining
We Interrupt Your Regularly Scheduled Vulnerability News For Some Good Security
If you have been wondering how secure data being processed by GPUs on cloud solutions like Azure, or just how hard it will be to crack Skynet when it comes about this news from Microsoft and NVIDIA will give you some idea. Microsoft and NVIDIA are currently handing out invitations for customers to try out their new confidential GPU computing on Azure. The new feature will encrypt data with a key exchange between the NVIDIA driver and the physical A100 GPU installed in the system. This should, in theory, prevent any useful hijacking of the data passed over the PCIe bus between the CPU and GPU.
This will mimic the same SEV security features AMD included in EPYC processors at launch, which has proven to be rather effective and to have little impact on performance. Now you may be able to have that same level of trust in your virtual GPUs as you can in your virtual machines. There are those with concerns, as TPM implementations do not always go as planned and that is exactly what this is. The good news is that this will be implemented on servers, not the RTX card in your main rig, and there are already many reasons not to go about upgrading drivers willy nilly on production machines.
Hopefully this will stave off the intentional poisoning of HPC applications for a little longer.
To enable confidential computing in GPUs, data gets encrypted to be transferred between the CPU and GPU across the PCIe bus, using encryption keys that are securely exchanged between Nvidia’s device driver and the GPU.