US20250292353
2025-09-18
Physics
G06T1/20
The patent application describes an apparatus designed to enhance trust in graphics data processing through the use of multiple roots of trust and runtime attestation. This system is centered around a graphics processor which is integral to the process of collecting and using various measurements to ensure secure bindings at different stages of data processing.
The initial step involves the graphics processor collecting measurements from a Physical Partition Manager (PPM) using a hardware root-of-trust (RoT). These measurements are crucial for generating a PPM compound device identifier (CDI), which serves as a secure binding mechanism for the PPM, ensuring that the data associated with it is trustworthy.
Subsequently, the apparatus collects additional measurements from a Logical Partition Manager (LPM) using the PPM. These second measurements, along with the previously generated PPM CDI, are used to create an LPM CDI. This CDI is essential for securely binding to the LPM, thereby extending the trust established in the first stage.
The apparatus further collects measurements from a graphics tenant partition within the graphics processor. This partition includes a confidential compute environment designed to handle workloads for a host tenant partition. The third set of measurements, combined with the LPM CDI, is used to generate a GPUN-TDn CDI, which securely binds to the graphics tenant partition.
This multi-layered approach ensures that each stage of data processing within the graphics processor is securely bound and trustworthy. By leveraging multiple roots of trust and runtime attestation, this system enhances security for graphics data processing environments, particularly beneficial in scenarios requiring high levels of data integrity and confidentiality.