Nvidia Corp. is collaborating with Intel Corp. to provide extensive attestation services for Nvidia H100 GPUs, using Intel Trust Domain Extensions and Intel’s trust service, “Project Amber,” for customers that deploy confidentiality-preserving artificial intelligence solutions.

The announcement was made at the Confidential Computing Summit in San Francisco last week but was highlighted today, with further details provided by Anil Rao, Intel’s vice president of systems architecture and engineering, in a blog post.

Rao argues that AI is the defining workload of our time and frequently necessitates using graphics processing units for hardware acceleration, especially for demanding tasks. These AI workloads often handle sensitive data that require robust security measures due to privacy regulations or security concerns. As a response, the confidential computing movement has emerged, aiming to protect sensitive data and code by running it within hardware-hardened trusted execution environment or TEEs.

Attestation — the process in confidential computing where a stakeholder is provided cryptographically verified proof that the TEE it plans to use is genuine — is critical to establish trust in the computing platform on which highly sensitive data is being used. Intel’s and Nvidia’s confidential computing technologies establish independent TEEs on the central processing unit and the GPU. That presents a challenge for customers needing attestation from two different services to verify the trustworthiness of both the CPU and the GPU TEEs.

Through the announced collaboration, Intel and Nvidia aim to create a more unified attestation solution for “Confidential AI” based on Intel Xeon Scalable CPUs with Intel Trust Domain Extensions and Nvidia H100 GPUs. It will do so through Project Amber, Intel’s cloud-based trust service.

Project Amber, which was announced in May 2022 before opening with a pilot project in September, provides organizations with remote verification of trustworthiness in cloud, edge and on-premises environments. Designed to address growing security needs, the service focuses on trust and operates as an independent trust authority through a service-based security implementation code.

Through the collaboration, users will be able to request attestation from Nvidia Remote Attestation Service for GPU attestation and Project Amber for CPU attestation, or make a single request to Amber to gather required evidence from one service. Amber will also integrate with NRAS to offer a seamless user experience.

The partnership will rely on separate CPU and GPU-based TEEs that communicate via an Nvidia driver, encrypting data across a PCI Express connection. With the collaboration between the two companies, Nvidia will provide support for Intel TDX Connect confidential communications and memory sharing between TEEs on the CPU and PCI Express-attached devices.

Photo: Wallpaper Flare