Invention Title:

TRUSTED LOCAL MEMORY MANAGEMENT IN A VIRTUALIZED GPU

Publication number:

US20260105164

Publication date:

2026-04-16

Section:

Physics

Class:

G06F21/602

Inventors:

Reshma Lal 🇺🇸 Portland, OR, United States

Luis S. Kida 🇺🇸 Beaverton, OR, United States

Pradeep M. Pappachan 🇺🇸 Tualatin, OR, United States

Assignee:

INTEL CORPORATION 🇺🇸 Santa Clara, CA, United States

Applicant:

Intel Corporation 🇺🇸 Santa Clara, CA, United States

Smart overview of the Invention

The patent application describes a system for managing local memory in a virtualized GPU environment securely. This system integrates a trusted execution environment (TEE) with a GPU that includes a trusted agent, ensuring proper allocation and deallocation of GPU local memory. The memory is divided into protected and unprotected regions, with the protected region containing a memory permission table. This table manages virtual functions assigned to trusted domains and facilitates address translation between virtual and physical addresses within the GPU.

Background

High-performance processing tasks often rely on GPUs, particularly for general-purpose GPU (GPGPU) operations. These tasks can be virtualized, requiring secure containers for execution. Trusted execution environments (TEEs) are crucial for maintaining security in such scenarios, especially when offloading workloads to a virtualized GPU. However, conventional management of GPU local memory by host kernel mode drivers (KMDs) poses security risks, as these drivers are outside the trusted computing base (TCB) of the host TEE, making the memory susceptible to various attacks.

Technical Approach

The invention proposes a system that manages GPU local memory in a trusted manner, preserving the role of the KMD while securing the memory against attacks. This includes protection against software attacks from both the host and other concurrent GPU workloads, as well as physical attacks. The system provides two main embodiments: one that implements memory encryption and access control, and another that focuses on preventing privileged software attacks when encryption is not feasible.

Components and Mechanisms

GPU Trusted Agent (GTA): Ensures correct memory allocation and address translation, preventing unauthorized mapping of memory pages.
Multiple Key Encryption Engine (MKTME): Provides workload separation through encryption, maintaining confidentiality and integrity.
GPU Memory Partitioning: Divides local memory into hidden, protected, and unprotected regions, with varying levels of access control.
GPU Memory Permission Table (GMPT): Manages access permissions and mappings for memory pages allocated to virtual functions.
Trusted Programming of GPU Page Tables: Handles address translation for memory accesses, ensuring secure mapping from virtual to physical addresses.

Security Implications

The system enhances security for virtualized GPU workloads by addressing vulnerabilities associated with conventional memory management. By implementing trusted agents and encryption mechanisms, the system protects against both software and physical attacks. The memory partitioning strategy ensures that sensitive data remains inaccessible to unauthorized software, while the GMPT and trusted programming of page tables safeguard against incorrect address mappings. This approach provides a robust framework for secure memory management in virtualized GPU environments.