EP4237983A1 - Grafiksicherheit mit synergistischer verschlüsselung, inhaltsbasierter und ressourcenverwaltungstechnologie - Google Patents

Grafiksicherheit mit synergistischer verschlüsselung, inhaltsbasierter und ressourcenverwaltungstechnologie

Info

Publication number
EP4237983A1
EP4237983A1 EP21887148.1A EP21887148A EP4237983A1 EP 4237983 A1 EP4237983 A1 EP 4237983A1 EP 21887148 A EP21887148 A EP 21887148A EP 4237983 A1 EP4237983 A1 EP 4237983A1
Authority
EP
European Patent Office
Prior art keywords
data
key
memory
graphics
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21887148.1A
Other languages
English (en)
French (fr)
Other versions
EP4237983A4 (de
Inventor
David Zage
Scott Janus
Ned M. Smith
Vidhya Krishnan
Siddhartha CHHABRA
Rajesh Poornachandran
Tomer Levy
Julien Carreno
Ankur Shah
Ronald Silvas
Aravindh Anantaraman
David Puffer
Vedvyas Shanbhogue
David Cowperthwaite
Aditya Navale
Omer Ben-Shalom
Alex NAYSHTUT
Xiaoyu Ruan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/133,336 external-priority patent/US20220138286A1/en
Application filed by Intel Corp filed Critical Intel Corp
Publication of EP4237983A1 publication Critical patent/EP4237983A1/de
Publication of EP4237983A4 publication Critical patent/EP4237983A4/de
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T1/00General purpose image data processing
    • G06T1/20Processor architectures; Processor configuration, e.g. pipelining
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/06Physical realisation, i.e. hardware implementation of neural networks, neurons or parts of neurons
    • G06N3/063Physical realisation, i.e. hardware implementation of neural networks, neurons or parts of neurons using electronic means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/081Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying self-generating credentials, e.g. instead of receiving credentials from an authority or from another peer, the credentials are generated at the entity itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • This disclosure relates generally to data processing and more particularly to data processing via a general-purpose graphics processing unit (GPU).
  • GPU graphics processing unit
  • graphics processors typically implement processing techniques such as pipelining that attempt to process, in parallel, as much graphics data as possible throughout the different parts of the graphics pipeline.
  • graphics processors with single instruction, multiple thread (SIMT) architectures are designed to maximize the amount of parallel processing in the graphics pipeline.
  • SIMT single instruction, multiple thread
  • groups of parallel threads attempt to execute program instructions synchronously together as often as possible to increase processing efficiency.
  • FIG. 1 is a block diagram illustrating a computer system configured to implement one or more aspects of the embodiments described herein;
  • FIGs. 2A-2D illustrate parallel processor components
  • FIGs. 3A-3C are block diagrams of graphics multiprocessors and multiprocessor-based GPUs
  • FIGs. 4A-4F illustrate an exemplary architecture in which a plurality of GPUs is communicatively coupled to a plurality of multi-core processors
  • FIG. 5 illustrates a graphics processing pipeline
  • FIGS. 6A and 6B illustrate a process of an example of a granular, lane-specific encryption and decryption process according to an embodiment
  • FIG. 6C is a block diagram of a SIMD architecture according to an embodiment
  • FIG. 6D is a flowchart of an example of a method of granular encryption and decryption according to an embodiment
  • FIG. 6E is a flowchart of an example of a method of processing read requests according to an embodiment
  • FIG. 6F is a process of an example of an encryption and storage process according to an embodiment
  • FIG. 6G is a block diagram of a performance-enhanced computing architecture according to an embodiment
  • FIG. 6H is a block diagram of an entry according to an embodiment
  • FIG. 61 is a flowchart of an example of a method of entering data into a ledger according to an embodiment
  • FIG. 7A is an exemplary architecture in which a converged cryptographic engine executes encryption and decryption according to an embodiment
  • FIG. 7B is a flowchart of an example of a method of encrypting data and decrypting data according to various trust domains according to an embodiment
  • FIG. 7C is a flowchart of an example of a method of a granular encryption scheme according to various trust domains according to an embodiment
  • FIG. 7D is a flowchart of an example of a method of encrypting data from a same accelerator and/or CPU with different keys according to an embodiment
  • FIG. 7E is a process of an example of a granular encryption process according to an embodiment
  • FIG. 7F is a flowchart of an example of a method of decrypting data with a GPU according to an embodiment
  • FIG. 7G is a process of an example of an encryption and decryption process according to an embodiment
  • FIG. 7H is a process of an example of cryptographic cache with a cryptographic diffusion and confusion according to an embodiment
  • FIG. 71 is a diagram of an example of a resources diagram according to an embodiment
  • FIG. 8A is a block diagram of an example of a tenant-based processing environment according to an embodiment
  • FIG. 8B is a block diagram of an example of a graphics processing unit architecture according to an embodiment
  • FIG. 8C is a process of an example of securing trust between a tenant and a graphics processing unit according to an embodiment
  • FIG. 8D is a flowchart of an example of a method of securely attesting according to an embodiment
  • FIG. 9A is a block diagram of an example of a software-accelerated, confidential, security enhanced computing architecture according to an embodiment
  • FIG. 9B is a block diagram of an example of hardware-accelerated, confidential security enhanced computing architecture according to an embodiment
  • FIG. 9C is a flowchart of an example of a method of securely transferring data from a guest OS according to an embodiment
  • FIG. 9D is a flowchart of an example of a method of securely handling data according to an embodiment
  • FIG. 9E is a block diagram of an example of an encryption conversion scheme with a paging process according to an embodiment
  • FIG. 9F is a flowchart of an example of a method of handling paging operations securely according to an embodiment
  • FIG. 9G is a flowchart of an example of a method of paging data according to an embodiment
  • FIG. 10 is a block diagram of an example of a processing system according to an embodiment
  • FIGs. 11A-11D are block diagrams of examples of computing systems and graphics processors according to embodiments;
  • FIGs. 12A-12C are block diagrams of examples of additional graphics processor and compute accelerator architectures according to embodiments.
  • FIG. 13 is a block diagram of an example of a graphics processing engine of a graphics processor according to an embodiment
  • FIGs. 14A-14B is a block diagram of an example of thread execution logic of a graphics processor core according to an embodiment
  • FIG. 15 illustrates an example of an additional execution unit according to an embodiment
  • FIG. 16 is a block diagram illustrating an example of a graphics processor instruction formats according to an embodiment
  • FIG. 17 is a block diagram of another example of a graphics processor according to an embodiment
  • FIG. 18A is a block diagram illustrating an example of a graphics processor command format according to an embodiment
  • FIG. 18B is a block diagram illustrating an example of a graphics processor command sequence according to an embodiment
  • FIG. 19 illustrates an example graphics software architecture for a data processing system according to an embodiment
  • FIG. 20A is a block diagram illustrating an example of an IP core development system according to an embodiment
  • FIG. 20B illustrates an example of a cross-section side view of an integrated circuit package assembly according to an embodiment
  • FIGs. 20C-20D illustrates examples of package assemblies according to an embodiment
  • FIG. 21 is a block diagram illustrating an example of a system on a chip integrated circuit according to an embodiment.
  • FIGs. 22A-22B are block diagrams illustrating exemplary graphics processors for use within an SoC, according to embodiments.
  • a graphics processing unit is communicatively coupled to host/processor cores to accelerate, for example, graphics operations, machine-learning operations, pattern analysis operations, and/or various general-purpose GPU (GPGPU) functions.
  • the GPU may be communicatively coupled to the host processor/cores over a bus or another interconnect (e.g., a high-speed interconnect such as PCIe or NVLink).
  • the GPU may be integrated on the same package or chip as the cores and communicatively coupled to the cores over an internal processor bus/interconnect (i.e. , internal to the package or chip).
  • the processor cores may allocate work to the GPU in the form of sequences of commands/instructions contained in a work descriptor.
  • the GPU then uses dedicated circuitry /logic for efficiently processing these commands/instructions.
  • FIG. 1 is a block diagram illustrating a computing system 100 configured to implement one or more aspects of the embodiments described herein.
  • the computing system 100 includes a processing subsystem 101 having one or more processor(s) 102 and a system memory 104 communicating via an interconnection path that may include amemory hub 105.
  • the memory hub 105 may be a separate component within a chipset component or may be integrated within the one or more processor(s) 102.
  • the memory hub 105 couples with an I/O subsystem 111 via a communication link 106.
  • the I/O subsystem 111 includes an I/O hub 107 that can enable the computing system 100 to receive input from one or more input device(s) 108.
  • the I/O hub 107 can enable a display controller, which may be included in the one or more processor(s) 102, to provide outputs to one or more display device(s) 110A.
  • the one or more display device(s) 110A coupled with the I/O hub 107 can include a local, internal, or embedded display device.
  • the processing subsystem 101 includes one or more parallel processor(s) 112 coupled to memory hub 105 via a bus or other communication link 113.
  • the communication link 113 may be one of any number of standards-based communication link technologies or protocols, such as, but not limited to PCI Express, or may be a vendor specific communications interface or communications fabric.
  • the one or more parallel processor(s) 112 may form a computationally focused parallel or vector processing system that can include a large number of processing cores and/or processing clusters, such as a many integrated core (MIC) processor.
  • the one or more parallel processor(s) 112 form a graphics processing subsystem that can output pixels to one of the one or more display device(s) 110A coupled via the I/O Hub 107.
  • the one or more parallel processor(s) 112 can also include a display controller and display interface (not shown) to enable a direct connection to one or more display device(s) HOB.
  • a system storage unit 114 can connect to the I/O hub 107 to provide a storage mechanism for the computing system 100.
  • An I/O switch 116 can be used to provide an interface mechanism to enable connections between the VO hub 107 and other components, such as a network adapter 118 and/or wireless network adapter 119 that may be integrated into the platform, and various other devices that can be added via one or more add-in device(s) 120.
  • the add-in device(s) 120 may also include, for example, one or more external graphics processor devices and/or compute accelerators.
  • the network adapter 118 can be an Ethernet adapter or another wired network adapter.
  • the wireless network adapter 119 can include one or more of a Wi-Fi, Bluetooth, near field communication (NFC), or other network device that includes one or more wireless radios.
  • the computing system 100 can include other components not explicitly shown, including USB or other port connections, optical storage drives, video capture devices, and the like, may also be connected to the I/O hub 107.
  • Communication paths interconnecting the various components in FIG. 1 may be implemented using any suitable protocols, such as PCI (Peripheral Component Interconnect) based protocols (e.g., PCI-Express), or any other bus or point-to-point communication interfaces and/or protocol(s), such as the NVLink high-speed interconnect, or interconnect protocols known in the art.
  • PCI Peripheral Component Interconnect
  • PCI-Express PCI-Express
  • NVLink high-speed interconnect, or interconnect protocols known in the art.
  • the one or more parallel processor(s) 112 may incorporate circuitry optimized for graphics and video processing, including, for example, video output circuitry, and constitutes a graphics processing unit (GPU). Alternatively or additionally, the one or more parallel processor(s) 112 can incorporate circuitry optimized for general purpose processing, while preserving the underlying computational architecture, described in greater detail herein.
  • Components of the computing system 100 may be integrated with one or more other system elements on a single integrated circuit.
  • the one or more parallel processor(s) 112, memory hub 105, processor(s) 102, and I/O hub 107 can be integrated into a system on chip (SoC) integrated circuit.
  • SoC system on chip
  • the components of the computing system 100 can be integrated into a single package to form a system in package (SIP) configuration.
  • SIP system in package
  • at least a portion of the components of the computing system 100 can be integrated into a multi-chip module (MCM), which can be interconnected with other multi-chip modules into a modular computing system.
  • connection topology including the number and arrangement of bridges, the number of processor(s) 102, and the number of parallel processor(s) 112, may be modified as desired.
  • system memory 104 can be connected to the processor(s) 102 directly rather than through a bridge, while other devices communicate with system memory 104 via the memory hub 105 and the processor(s) 102.
  • the parallel processor(s) 112 are connected to the I/O hub 107 or directly to one of the one or more processor(s) 102, rather than to the memory hub 105.
  • the I/O hub 107 and memory hub 105 may be integrated into a single chip. It is also possible that two or more sets of processor(s) 102 are attached via multiple sockets, which can couple with two or more instances of the parallel processor(s) 112.
  • the memory hub 105 may be referred to as a Northbridge in some architectures, while the I/O hub 107 may be referred to as a Southbridge.
  • FIG. 2A illustrates a parallel processor 200.
  • the parallel processor 200 may be a GPU, GPGPU or the like as described herein.
  • the various components of the parallel processor 200 may be implemented using one or more integrated circuit devices, such as programmable processors, application specific integrated circuits (ASICs), or field programmable gate arrays (FPGA).
  • the illustrated parallel processor 200 may be the, or one of the parallel processor(s) 112 shown in FIG. 1.
  • the parallel processor 200 includes a parallel processing unit 202.
  • the parallel processing unit includes an I/O unit 204 that enables communication with other devices, including other instances of the parallel processing unit 202.
  • the I/O unit 204 may be directly connected to other devices.
  • the I/O unit 204 connects with other devices via the use of a hub or switch interface, such as memory hub 105.
  • the connections between the memory hub 105 and the I/O unit 204 form a communication link 113.
  • the I/O unit 204 connects with a host interface 206 and a memory crossbar 216, where the host interface 206 receives commands directed to performing processing operations and the memory crossbar 216 receives commands directed to performing memory operations.
  • the host interface 206 can direct work operations to perform those commands to a front end 208.
  • the front end 208 couples with a scheduler 210, which is configured to distribute commands or other work items to a processing cluster array 212.
  • the scheduler 210 ensures that the processing cluster array 212 is properly configured and in a valid state before tasks are distributed to the processing clusters of the processing cluster array 212.
  • the scheduler 210 may be implemented via firmware logic executing on a microcontroller.
  • the microcontroller implemented scheduler 210 is configurable to perform complex scheduling and work distribution operations at coarse and fine granularity, enabling rapid preemption and context switching of threads executing on the processing array 212.
  • the host software can prove workloads for scheduling on the processing array 212 via one of multiple graphics processing doorbells. The workloads can then be automatically distributed across the processing array 212 by the scheduler 210 logic within the scheduler microcontroller.
  • the processing cluster array 212 can include up to “N” processing clusters (e.g., cluster 214A, cluster 214B, through cluster 214N). Each cluster 214A-214N of the processing cluster array 212 can execute a large number of concurrent threads.
  • the scheduler 210 can allocate work to the clusters 214A-214N of the processing cluster array 212 using various scheduling and/or work distribution algorithms, which may vary depending on the workload arising for each type of program or computation. The scheduling can be handled dynamically by the scheduler 210, or can be assisted in part by compiler logic during compilation of program logic configured for execution by the processing cluster array 212.
  • different clusters 214A-214N of the processing cluster array 212 can be allocated for processing different types of programs or for performing different types of computations.
  • the processing cluster array 212 can be configured to perform various types of parallel processing operations.
  • the cluster array 212 is configured to perform general-purpose parallel compute operations.
  • the processing cluster array 212 can include logic to execute processing tasks including filtering of video and/or audio data, performing modeling operations, including physics operations, and performing data transformations.
  • the processing cluster array 212 is configured to perform parallel graphics processing operations.
  • the processing cluster array 212 can include additional logic to support the execution of such graphics processing operations, including, but not limited to texture sampling logic to perform texture operations, as well as tessellation logic and other vertex processing logic.
  • the processing cluster array 212 can be configured to execute graphics processing related shader programs such as, but not limited to vertex shaders, tessellation shaders, geometry shaders, and pixel shaders.
  • the parallel processing unit 202 can transfer data from system memory via the VO unit 204 for processing. During processing the transferred data can be stored to on-chip memory (e.g., parallel processor memory 222) during processing, then written back to system memory.
  • the scheduler 210 may be configured to divide the processing workload into approximately equal sized tasks, to better enable distribution of the graphics processing operations to multiple clusters 214A-214N of the processing cluster array 212.
  • portions of the processing cluster array 212 can be configured to perform different types of processing. For example a first portion may be configured to perform vertex shading and topology generation, a second portion may be configured to perform tessellation and geometry shading, and a third portion may be configured to perform pixel shading or other screen space operations, to produce a rendered image for display.
  • Intermediate data produced by one or more of the clusters 214A-214N may be stored in buffers to allow the intermediate data to be transmitted between clusters 214A-214N for further processing.
  • the processing cluster array 212 can receive processing tasks to be executed via the scheduler 210, which receives commands defining processing tasks from front end 208.
  • processing tasks can include indices of data to be processed, e.g., surface (patch) data, primitive data, vertex data, and/or pixel data, as well as state parameters and commands defining how the data is to be processed (e.g., what program is to be executed).
  • the scheduler 210 may be configured to fetch the indices corresponding to the tasks or may receive the indices from the front end 208.
  • the front end 208 can be configured to ensure the processing cluster array 212 is configured to a valid state before the workload specified by incoming command buffers (e.g., batch-buffers, push buffers, etc.) is initiated.
  • incoming command buffers e.g., batch-buffers, push buffers, etc.
  • Each of the one or more instances of the parallel processing unit 202 can couple with parallel processor memory 222.
  • the parallel processor memory 222 can be accessed via the memory crossbar 216, which can receive memory requests from the processing cluster array 212 as well as the I/O unit 204.
  • the memory crossbar 216 can access the parallel processor memory 222 via a memory interface 218.
  • the memory interface 218 can include multiple partition units (e.g., partition unit 220A, partition unit 220B, through partition unit 220N) that can each couple to a portion (e.g., memory unit) of parallel processor memory 222.
  • the number of partition units 220A-220N may be configured to be equal to the number of memory units, such that a first partition unit 220A has a corresponding first memory unit 224A, a second partition unit 220B has a corresponding memory unit 224B, and an Nth partition unit 220N has a corresponding Nth memory unit 224N. In other embodiments, the number of partition units 220A- 220N may not be equal to the number of memory devices.
  • the memory units 224A-224N can include various types of memory devices, including dynamic random-access memory (DRAM) or graphics random access memory, such as synchronous graphics random access memory (SGRAM), including graphics double data rate (GDDR) memory.
  • DRAM dynamic random-access memory
  • SGRAM synchronous graphics random access memory
  • GDDR graphics double data rate
  • the memory units 224A-224N may also include 3D stacked memory, including but not limited to high bandwidth memory (HBM).
  • Render targets such as frame buffers or texture maps may be stored across the memory units 224A-224N, allowing partition units 220A-220N to write portions of each render target in parallel to efficiently use the available bandwidth of parallel processor memory 222.
  • a local instance of the parallel processor memory 222 may be excluded in favor of a unified memory design that utilizes system memory in conjunction with local cache memory.
  • any one of the clusters 214A-214N of the processing cluster array 212 has the ability to process data that will be written to any of the memory units 224A- 224N within parallel processor memory 222.
  • the memory crossbar 216 can be configured to transfer the output of each cluster 214A-214N to any partition unit 220 A- 220N or to another cluster 214A-214N, which can perform additional processing operations on the output.
  • Each cluster 214A-214N can communicate with the memory interface 218 through the memory crossbar 216 to read from or write to various external memory devices.
  • the memory crossbar 216 has a connection to the memory interface 218 to communicate with the I/O unit 204, as well as a connection to a local instance of the parallel processor memory 222, enabling the processing units within the different processing clusters 214A-214N to communicate with system memory or other memory that is not local to the parallel processing unit 202.
  • the memory crossbar 216 may, for example, by able to use virtual channels to separate traffic streams between the clusters 214A- 214N and the partition units 220A-220N.
  • any number of instances of the parallel processing unit 202 can be included.
  • multiple instances of the parallel processing unit 202 can be provided on a single add-in card, or multiple add-in cards can be interconnected.
  • the different instances of the parallel processing unit 202 can be configured to interoperate even if the different instances have different numbers of processing cores, different amounts of local parallel processor memory, and/or other configuration differences.
  • some instances of the parallel processing unit 202 can include higher precision floating point units relative to other instances.
  • Systems incorporating one or more instances of the parallel processing unit 202 or the parallel processor 200 can be implemented in a variety of configurations and form factors, including but not limited to desktop, laptop, or handheld personal computers, servers, workstations, game consoles, and/or embedded systems.
  • FIG. 2B is a block diagram of a partition unit 220.
  • the partition unit 220 may be an instance of one of the partition units 220A-220N of FIG. 2A.
  • the partition unit 220 includes an L2 cache 221, a frame buffer interface 225, and a ROP 226 (raster operations unit).
  • the L2 cache 221 is a read/write cache that is configured to perform load and store operations received from the memory crossbar 216 and ROP 226. Read misses and urgent write-back requests are output by L2 cache 221 to frame buffer interface 225 for processing. Updates can also be sent to the frame buffer via the frame buffer interface 225 for processing.
  • the frame buffer interface 225 interfaces with one of the memory units in parallel processor memory, such as the memory units 224A-224N of FIG. 2A (e.g., within parallel processor memory 222).
  • the partition unit 220 may additionally or alternatively also interface with one of the memory units in parallel processor memory via a memory controller (not shown).
  • the ROP 226 is a processing unit that performs raster operations such as stencil, z test, blending, and the like.
  • the ROP 226 then outputs processed graphics data that is stored in graphics memory.
  • the ROP 226 includes compression logic to compress depth or color data that is written to memory and decompress depth or color data that is read from memory.
  • the compression logic can be lossless compression logic that makes use of one or more of multiple compression algorithms.
  • the type of compression that is performed by the ROP 226 can vary based on the statistical characteristics of the data to be compressed. For example, in one embodiment, delta color compression is performed on depth and color data on a per-tile basis.
  • the ROP 226 may be included within each processing cluster (e.g., cluster 214A-214N of FIG. 2A) instead of within the partition unit 220. In such embodiment, read and write requests for pixel data are transmitted over the memory crossbar 216 instead of pixel fragment data.
  • the processed graphics data may be displayed on a display device, such as one of the one or more display device(s) 110 of FIG. 1, routed for further processing by the processor(s) 102, or routed for further processing by one of the processing entities within the parallel processor 200 of FIG. 2A.
  • FIG. 2C is a block diagram of a processing cluster 214 within a parallel processing unit.
  • the processing cluster is an instance of one of the processing clusters 214A-214N of FIG. 2 A.
  • the processing cluster 214 can be configured to execute many threads in parallel, where the term “thread” refers to an instance of a particular program executing on a particular set of input data.
  • SIMD single-instruction, multiple-data
  • SIMT single-instruction, multiple-thread
  • the processing cluster 214 may generally implement any of the embodiments described herein, such as, for example the process 600 (FIGS. 6 A and 6B), method 670 (FIG. 6D), method 690 (FIG. 6E), the process 3300 (FIG. 6F) and/or be combined with the SIMD architecture 660 (FIG. 6C), already discussed.
  • Operation of the processing cluster 214 can be controlled via a pipeline manager 232 that distributes processing tasks to SIMT parallel processors.
  • the pipeline manager 232 receives instructions from the scheduler 210 of FIG. 2A and manages execution of those instructions via a graphics multiprocessor 234 and/or a texture unit 236.
  • the illustrated graphics multiprocessor 234 is an exemplary instance of a SIMT parallel processor. However, various types of SIMT parallel processors of differing architectures may be included within the processing cluster 214.
  • One or more instances of the graphics multiprocessor 234 can be included within a processing cluster 214.
  • the graphics multiprocessor 234 can process data and a data crossbar 240 can be used to distribute the processed data to one of multiple possible destinations, including other shader units.
  • the pipeline manager 232 can facilitate the distribution of processed data by specifying destinations for processed data to be distributed via the data crossbar 240.
  • Each graphics multiprocessor 234 within the processing cluster 214 can include an identical set of functional execution logic (e.g., arithmetic logic units, load-store units, etc.).
  • the functional execution logic can be configured in a pipelined manner in which new instructions can be issued before previous instructions are complete.
  • the functional execution logic supports a variety of operations including integer and floating-point arithmetic, comparison operations, Boolean operations, bit-shifting, and computation of various algebraic functions.
  • the same functional-unit hardware could be leveraged to perform different operations and any combination of functional units may be present.
  • the instructions transmitted to the processing cluster 214 constitutes a thread.
  • a set of threads executing across the set of parallel processing engines is a thread group.
  • a thread group executes the same program on different input data.
  • Each thread within a thread group can be assigned to a different processing engine within a graphics multiprocessor 234.
  • a thread group may include fewer threads than the number of processing engines within the graphics multiprocessor 234. When a thread group includes fewer threads than the number of processing engines, one or more of the processing engines may be idle during cycles in which that thread group is being processed.
  • a thread group may also include more threads than the number of processing engines within the graphics multiprocessor 234. When the thread group includes more threads than the number of processing engines within the graphics multiprocessor 234, processing can be performed over consecutive clock cycles.
  • multiple thread groups can be executed concurrently on the graphics multiprocessor 234.
  • the graphics multiprocessor 234 may include an internal cache memory to perform load and store operations.
  • the graphics multiprocessor 234 can forego an internal cache and use a cache memory (e.g., LI cache 248) within the processing cluster 214.
  • Each graphics multiprocessor 234 also has access to L2 caches within the partition units (e.g., partition units 220A-220N of FIG. 2A) that are shared among all processing clusters 214 and may be used to transfer data between threads.
  • the graphics multiprocessor 234 may also access off-chip global memory, which can include one or more of local parallel processor memory and/or system memory. Any memory external to the parallel processing unit 202 may be used as global memory.
  • the processing cluster 214 includes multiple instances of the graphics multiprocessor 234 can share common instructions and data, which may be stored in the LI cache 248.
  • Each processing cluster 214 may include an MMU 245 (memory management unit) that is configured to map virtual addresses into physical addresses.
  • MMU 245 memory management unit
  • the MMU 245 includes a set of page table entries (PTEs) used to map a virtual address to a physical address of a tile and optionally a cache line index.
  • PTEs page table entries
  • the MMU 245 may include address translation lookaside buffers (TLB) or caches that may reside within the graphics multiprocessor 234 or the LI cache or processing cluster 214.
  • TLB address translation lookaside buffers
  • the physical address is processed to distribute surface data access locality to allow efficient request interleaving among partition units.
  • the cache line index may be used to determine whether a request for a cache line is a hit or miss.
  • a processing cluster 214 may be configured such that each graphics multiprocessor 234 is coupled to a texture unit 236 for performing texture mapping operations, e.g., determining texture sample positions, reading texture data, and filtering the texture data.
  • Texture data is read from an internal texture LI cache (not shown) or in some embodiments from the LI cache within graphics multiprocessor 234 and is fetched from an L2 cache, local parallel processor memory, or system memory, as needed.
  • Each graphics multiprocessor 234 outputs processed tasks to the data crossbar 240 to provide the processed task to another processing cluster 214 for further processing or to store the processed task in an L2 cache, local parallel processor memory, or system memory via the memory crossbar 216.
  • a preROP 242 (pre-raster operations unit) is configured to receive data from graphics multiprocessor 234, direct data to ROP units, which may be located with partition units as described herein (e.g., partition units 220A-220N of FIG. 2A).
  • the preROP 242 unit can perform optimizations for color blending, organize pixel color data, and perform address translations.
  • processing units e.g., graphics multiprocessor 234, texture units 236, preROPs 242, etc.
  • graphics multiprocessor 234, texture units 236, preROPs 242, etc. may be included within a processing cluster 214.
  • texture units 236, preROPs 242, etc. may be included within a processing cluster 214.
  • a parallel processing unit as described herein may include any number of instances of the processing cluster 214.
  • each processing cluster 214 can be configured to operate independently of other processing clusters 214 using separate and distinct processing units, LI caches, etc.
  • FIG. 2D shows an example of the graphics multiprocessor 234 in which the graphics multiprocessor 234 couples with the pipeline manager 232 of the processing cluster 214.
  • the graphics multiprocessor 234 has an execution pipeline including but not limited to an instruction cache 252, an instruction unit 254, an address mapping unit 256, a register file 258, one or more general purpose graphics processing unit (GPGPU) cores 262, and one or more load/store units 266.
  • the GPGPU cores 262 and load/store units 266 are coupled with cache memory 272 and shared memory 270 via a memory and cache interconnect 268.
  • the graphics multiprocessor 234 may additionally include tensor and/or ray-tracing cores 263 that include hardware logic to accelerate matrix and/or ray-tracing operations.
  • the instruction cache 252 may receive a stream of instructions to execute from the pipeline manager 232.
  • the instructions are cached in the instruction cache 252 and dispatched for execution by the instruction unit 254.
  • the instruction unit 254 can dispatch instructions as thread groups (e.g., warps), with each thread of the thread group assigned to a different execution unit within GPGPU core 262.
  • An instruction can access any of a local, shared, or global address space by specifying an address within a unified address space.
  • the address mapping unit 256 can be used to translate addresses in the unified address space into a distinct memory address that can be accessed by the load/store units 266.
  • the register file 258 provides a set of registers for the functional units of the graphics multiprocessor 234.
  • the register file 258 provides temporary storage for operands connected to the data paths of the functional units (e.g., GPGPU cores 262, load/store units 266) of the graphics multiprocessor 234.
  • the register file 258 may be divided between each of the functional units such that each functional unit is allocated a dedicated portion of the register file 258. For example, the register file 258 may be divided between the different warps being executed by the graphics multiprocessor 234.
  • the GPGPU cores 262 can each include floating point units (FPUs) and/or integer arithmetic logic units (ALUs) that are used to execute instructions of the graphics multiprocessor 234.
  • the GPGPU cores 262 can include hardware logic that may otherwise reside within the tensor and/or ray-tracing cores 263.
  • the GPGPU cores 262 can be similar in architecture or can differ in architecture. For example and in one embodiment, a first portion of the GPGPU cores 262 include a single precision FPU and an integer ALU while a second portion of the GPGPU cores include a double precision FPU.
  • the FPUs can implement the IEEE 754-2008 standard for floating point arithmetic or enable variable precision floating point arithmetic.
  • the graphics multiprocessor 234 can additionally include one or more fixed function or special function units to perform specific functions such as copy rectangle or pixel blending operations.
  • One or more of the GPGPU cores can also include fixed or special function logic.
  • the GPGPU cores 262 may include SIMD logic capable of performing a single instruction on multiple sets of data.
  • GPGPU cores 262 can physically execute SIMD4, SIMD8, and SIMD16 instructions and logically execute SIMD1, SIMD2, and SIMD32 instructions.
  • the SIMD instructions for the GPGPU cores can be generated at compile time by a shader compiler or automatically generated when executing programs written and compiled for single program multiple data (SPMD) or SIMT architectures. Multiple threads of a program configured for the SIMT execution model can be executed via a single SIMD instruction. For example, and in one embodiment, eight SIMT threads that perform the same or similar operations can be executed in parallel via a single SIMD8 logic unit.
  • the memory and cache interconnect 268 is an interconnect network that connects each of the functional units of the graphics multiprocessor 234 to the register file 258 and to the shared memory 270.
  • the memory and cache interconnect 268 is a crossbar interconnect that allows the load/store unit 266 to implement load and store operations between the shared memory 270 and the register file 258.
  • the register file 258 can operate at the same frequency as the GPGPU cores 262, thus data transfer between the GPGPU cores 262 and the register file 258 is very low latency.
  • the shared memory 270 can be used to enable communication between threads that execute on the functional units within the graphics multiprocessor 234.
  • the cache memory 272 can be used as a data cache for example, to cache texture data communicated between the functional units and the texture unit 236.
  • the shared memory 270 can also be used as a program managed cached. Threads executing on the GPGPU cores 262 can programmatically store data within the shared memory in addition to the automatically cached data that is stored within the cache memory 272.
  • FIG. 3A-3C illustrate additional graphics multiprocessors, according to embodiments.
  • FIG. 3A-3B illustrate graphics multiprocessors 325, 350, which are related to the graphics multiprocessor 234 of FIG. 2C and may be used in place of one of those. Therefore, the disclosure of any features in combination with the graphics multiprocessor 234 herein also discloses a corresponding combination with the graphics multiprocessor(s) 325, 350, but is not limited to such.
  • FIG. 3C illustrates a graphics processing unit (GPU) 380 which includes dedicated sets of graphics processing resources arranged into multi-core groups 365A-365N, which correspond to the graphics multiprocessors 325, 350.
  • the illustrated graphics multiprocessors 325, 350 and the multi-core groups 365A-365N can be streaming multiprocessors (SM) capable of simultaneous execution of a large number of execution threads.
  • SM streaming multiprocessors
  • the graphics multiprocessor 325 of FIG. 3A includes multiple additional instances of execution resource units relative to the graphics multiprocessor 234 of FIG. 2D.
  • the graphics multiprocessor 325 can include multiple instances of the instruction unit 332A-332B, register file 334A-334B, and texture unit(s) 344A- 344B.
  • the graphics multiprocessor 325 also includes multiple sets of graphics or compute execution units (e.g., GPGPU core 336A-336B, tensor core 337A-337B, raytracing core 338A-338B) and multiple sets of load/store units 340A-340B.
  • the execution resource units have a common instruction cache 330, texture and/or data cache memory 342, and shared memory 346.
  • the various components can communicate via an interconnect fabric 327.
  • the interconnect fabric 327 may include one or more crossbar switches to enable communication between the various components of the graphics multiprocessor 325.
  • the interconnect fabric 327 may be a separate, high-speed network fabric layer upon which each component of the graphics multiprocessor 325 is stacked.
  • the components of the graphics multiprocessor 325 communicate with remote components via the interconnect fabric 327.
  • the GPGPU cores 336A-336B, 337A-337B, and 3378A-338B can each communicate with shared memory 346 via the interconnect fabric 327.
  • the interconnect fabric 327 can arbitrate communication within the graphics multiprocessor 325 to ensure a fair bandwidth allocation between components.
  • the graphics multiprocessor 350 of FIG. 3B includes multiple sets of execution resources 356A-356D, where each set of execution resource includes multiple instruction units, register files, GPGPU cores, and load store units, as illustrated in FIG. 2D and FIG. 3A.
  • the execution resources 356A-356D can work in concert with texture unit(s) 360A-360D for texture operations, while sharing an instruction cache 354, and shared memory 353.
  • the execution resources 356A-356D can share an instruction cache 354 and shared memory 353, as well as multiple instances of a texture and/or data cache memory 358A-358B.
  • the various components can communicate via an interconnect fabric 352 similar to the interconnect fabric 327 of FIG. 3 A.
  • FIG. 1, 2A-2D, and 3A-3B are descriptive and not limiting as to the scope of the present embodiments.
  • the techniques described herein may be implemented on any properly configured processing unit, including, without limitation, one or more mobile application processors, one or more desktop or server central processing units (CPUs) including multi-core CPUs, one or more parallel processing units, such as the parallel processing unit 202 of FIG. 2A, as well as one or more graphics processors or special purpose processing units, without departure from the scope of the embodiments described herein.
  • the parallel processor or GPGPU as described herein may be communicatively coupled to host/processor cores to accelerate graphics operations, machine-learning operations, pattern analysis operations, and various general-purpose GPU (GPGPU) functions.
  • the GPU may be communicatively coupled to the host processor/cores over a bus or other interconnect (e.g., a high-speed interconnect such as PCIe or NVLink).
  • the GPU may be integrated on the same package or chip as the cores and communicatively coupled to the cores over an internal processor bus/interconnect (i.e., internal to the package or chip).
  • the processor cores may allocate work to the GPU in the form of sequences of commands/instructions contained in a work descriptor.
  • the GPU then uses dedicated circuitry/logic for efficiently processing these commands/instructi ons .
  • FIG. 3C illustrates a graphics processing unit (GPU) 380 which includes dedicated sets of graphics processing resources arranged into multi-core groups 365A- 365N. While the details of only a single multi-core group 365A are provided, it will be appreciated that the other multi-core groups 365B-365N may be equipped with the same or similar sets of graphics processing resources. Details described with respect to the multi-core groups 365A-365N may also apply to any graphics multiprocessor 234, 325, 350 described herein.
  • GPU graphics processing unit
  • a multi-core group 365 A may include a set of graphics cores 370, a set of tensor cores 371, and a set of ray tracing cores 372.
  • a scheduler/dispatcher 368 schedules and dispatches the graphics threads for execution on the various cores 370, 371, 372.
  • a set of register files 369 store operand values used by the cores 370, 371, 372 when executing the graphics threads. These may include, for example, integer registers for storing integer values, floating point registers for storing floating point values, vector registers for storing packed data elements (integer and/or floating-point data elements) and tile registers for storing tensor/matrix values.
  • the tile registers may be implemented as combined sets of vector registers.
  • One or more combined level 1 (LI) caches and shared memory units 373 store graphics data such as texture data, vertex data, pixel data, ray data, bounding volume data, etc., locally within each multi-core group 365 A.
  • One or more texture units 374 can also be used to perform texturing operations, such as texture mapping and sampling.
  • a Level 2 (L2) cache 375 shared by all or a subset of the multi-core groups 365A-365N stores graphics data and/or instructions for multiple concurrent graphics threads. As illustrated, the L2 cache 375 may be shared across a plurality of multi-core groups 365A-365N.
  • One or more memory controllers 367 couple the GPU 380 to a memory 366 which may be a system memory (e.g., DRAM) and/or a dedicated graphics memory (e.g., GDDR6 memory).
  • I/O circuitry 363 couples the GPU 380 to one or more I/O devices 362 such as digital signal processors (DSPs), network controllers, or user input devices.
  • I/O devices 362 such as digital signal processors (DSPs), network controllers, or user input devices.
  • An on-chip interconnect may be used to couple the I/O devices 362 to the GPU 380 and memory 366.
  • I/O memory management units (IOMMUS) 364 of the I/O circuitry 363 couple the I/O devices 362 directly to the system memory 366.
  • the I0MMU 364 manages multiple sets of page tables to map virtual addresses to physical addresses in system memory 366.
  • the I/O devices 362, CPU(s) 361, and GPU(s) 380 may then share the same virtual address space.
  • the I0MMU 364 supports virtualization. In this case, it may manage a first set of page tables to map guest/graphics virtual addresses to guest/graphics physical addresses and a second set of page tables to map the guest/graphics physical addresses to system/host physical addresses (e.g., within system memory 366).
  • the base addresses of each of the first and second sets of page tables may be stored in control registers and swapped out on a context switch (e.g., so that the new context is provided with access to the relevant set of page tables). While not illustrated in FIG.
  • each of the cores 370, 371, 372 and/or multi-core groups 365A-365N may include translation lookaside buffers (TLBs) to cache guest virtual to guest physical translations, guest physical to host physical translations, and guest virtual to host physical translations.
  • TLBs translation lookaside buffers
  • the CPUs 361, GPUs 380, and I/O devices 362 may be integrated on a single semiconductor chip and/or chip package.
  • the illustrated memory 366 may be integrated on the same chip or may be coupled to the memory controllers 367 via an off-chip interface.
  • the memory 366 comprises GDDR6 memory which shares the same virtual address space as other physical system-level memories, although the underlying principles described herein are not limited to this specific implementation.
  • the tensor cores 371 may include a plurality of execution units specifically designed to perform matrix operations, which are the fundamental compute operation used to perform deep learning operations. For example, simultaneous matrix multiplication operations may be used for neural network training and inferencing.
  • the tensor cores 371 may perform matrix processing using a variety of operand precisions including single precision floating-point (e.g., 32 bits), half-precision floating point (e.g., 16 bits), integer words (16 bits), bytes (8 bits), and half-bytes (4 bits).
  • a neural network implementation extracts features of each rendered scene, potentially combining details from multiple frames, to construct a high-quality final image.
  • parallel matrix multiplication work may be scheduled for execution on the tensor cores 371.
  • the training of neural networks requires a significant number matrix dot product operations.
  • the tensor cores 371 may include at least N dot-product processing elements. Before the matrix multiply begins, one entire matrix is loaded into tile registers and at least one column of a second matrix is loaded each cycle for N cycles. Each cycle, there are N dot products that are processed.
  • Matrix elements may be stored at different precisions depending on the particular implementation, including 16-bit words, 8-bit bytes (e.g., INT8) and 4-bit half-bytes (e.g., INT4). Different precision modes may be specified for the tensor cores
  • the ray tracing cores 372 may accelerate ray tracing operations for both realtime ray tracing and non-real-time ray tracing implementations.
  • the ray tracing cores 372 may include ray traversal/intersection circuitry for performing ray traversal using bounding volume hierarchies (BVHs) and identifying intersections between rays and primitives enclosed within the BVH volumes.
  • BVHs bounding volume hierarchies
  • the ray tracing cores 372 may also include circuitry for performing depth testing and culling (e.g., using a Z buffer or similar arrangement).
  • the ray tracing cores 372 perform traversal and intersection operations in concert with the image denoising techniques described herein, at least a portion of which may be executed on the tensor cores 371.
  • the tensor cores 371 may implement a deep learning neural network to perform denoising of frames generated by the ray tracing cores 372.
  • the CPU(s) 361, graphics cores 370, and/or ray tracing cores 372 may also implement all or a portion of the denoising and/or deep learning algorithms.
  • a distributed approach to denoising may be employed in which the GPU 380 is in a computing device coupled to other computing devices over a network or high-speed interconnect.
  • the interconnected computing devices may share neural network leaming/training data to improve the speed with which the overall system learns to perform denoising for different types of image frames and/or different graphics applications.
  • the ray tracing cores 372 may process all BVH traversal and/or ray-primitive intersections, saving the graphics cores 370 from being overloaded with thousands of instructions per ray.
  • each ray tracing core 372 includes a first set of specialized circuitry for performing bounding box tests (e.g., for traversal operations) and/or a second set of specialized circuitry for performing the ray -triangle intersection tests (e.g., intersecting rays which have been traversed).
  • the multicore group 365A can simply launch a ray probe, and the ray tracing cores 372 independently perform ray traversal and intersection and return hit data (e.g., a hit, no hit, multiple hits, etc.) to the thread context.
  • the other cores 370, 371 are freed to perform other graphics or compute work while the ray tracing cores 372 perform the traversal and intersection operations.
  • each ray tracing core 372 may include a traversal unit to perform BVH testing operations and/or an intersection unit which performs ray-primitive intersection tests.
  • the intersection unit generates a “hit”, “no hit”, or “multiple hit” response, which it provides to the appropriate thread.
  • the execution resources of the other cores e.g., graphics cores 370 and tensor cores 371) are freed to perform other forms of graphics work.
  • a hybrid rasterization/ray tracing approach is used in which work is distributed between the graphics cores 370 and ray tracing cores 372.
  • the ray tracing cores 372 may include hardware support for a ray tracing instruction set such as Microsoft’s DirectX Ray Tracing (DXR) which includes a DispatchRays command, as well as ray-generation, closest-hit, any- hit, and miss shaders, which enable the assignment of unique sets of shaders and textures for each object.
  • DXR DirectX Ray Tracing
  • Another ray tracing platform which may be supported by the ray tracing cores 372, graphics cores 370 and tensor cores 371 is Vulkan 1.1.85. Note, however, that the underlying principles described herein are not limited to any particular ray tracing ISA.
  • the various cores 372, 371, 370 may support a ray tracing instruction set that includes instructions/functions for one or more of ray generation, closest hit, any hit, ray-primitive intersection, per-primitive and hierarchical bounding box construction, miss, visit, and exceptions. More specifically, a preferred embodiment includes ray tracing instructions to perform one or more of the following functions:
  • Ray Generation - Ray generation instructions may be executed for each pixel, sample, or other user-defined work assignment.
  • Closest Hit - A closest hit instruction may be executed to locate the closest intersection point of a ray with primitives within a scene. Any Hit - An any hit instruction identifies multiple intersections between a ray and primitives within a scene, potentially to identify a new closest intersection point.
  • Intersection - An intersection instruction performs a ray-primitive intersection test and outputs a result.
  • Per-primitive Bounding box Construction This instruction builds a bounding box around a given primitive or group of primitives (e.g., when building a new BVH or other acceleration data structure).
  • FIG. 4A illustrates an exemplary architecture in which a plurality of GPUs 410- 413, e.g., such as the parallel processors 200 shown in FIG. 2A, are communicatively coupled to a plurality of multi-core processors 405-406 over high-speed links 440A- 440D (e.g., buses, point-to-point interconnects, etc.).
  • the high-speed links 440A-440D may support a communication throughput of 4GB/s, 30GB/s, 80GB/s or higher, depending on the implementation.
  • Various interconnect protocols may be used including, but not limited to, PCIe 4.0 or 5.0 andNVLink 2.0. However, the underlying principles described herein are not limited to any particular communication protocol or throughput.
  • Two or more of the GPUs 410-413 may be interconnected over high-speed links 442A-442B, which may be implemented using the same or different protocols/links than those used for high-speed links 440A-440D.
  • two or more of the multicore processors 405-406 may be connected over high speed link 443 which may be symmetric multi-processor (SMP) buses operating at 20GB/s, 30GB/s, 120GB/s or higher.
  • SMP symmetric multi-processor
  • Each multi-core processor 405-406 may be communicatively coupled to a processor memory 401-402, via memory interconnects 430A-430B, respectively, and each GPU 410-413 is communicatively coupled to GPU memory 420-423 over GPU memory interconnects 450A-450D, respectively.
  • the memory interconnects 430A- 430B and 450A-450D may utilize the same or different memory access technologies.
  • the processor memories 401-402 and GPU memories 420-423 may be volatile memories such as dynamic random-access memories (DRAMs) (including stacked DRAMs), Graphics DDR SDRAM (GDDR) (e.g., GDDR5, GDDR6), or High Bandwidth Memory (HBM) and/or may be nonvolatile memories such as 3D XPoint/Optane or Nano-Ram.
  • DRAMs dynamic random-access memories
  • GDDR Graphics DDR SDRAM
  • HBM High Bandwidth Memory
  • some portion of the memories may be volatile memory and another portion may be non-volatile memory (e.g., using a two-level memory (2LM) hierarchy).
  • 2LM two-level memory
  • processors 405-406 and GPUs 410- 413 may be physically coupled to a particular memory 401-402, 420-423, respectively, a unified memory architecture may be implemented in which the same virtual system address space (also referred to as the “effective address” space) is distributed among all of the various physical memories.
  • processor memories 401-402 may each comprise 64GB of the system memory address space
  • GPU memories 420-423 may each comprise 32GB of the system memory address space (resulting in a total of 256GB addressable memory in this example).
  • FIG. 4B illustrates additional optional details for an interconnection between a multi-core processor 407 and a graphics acceleration module 446.
  • the multi-core processor 407 and a graphics acceleration module 446 may implement aspects of computing architecture 900 (FIG. 9A), architecture 960 (FIG. 9B), method 1010 (FIG. 9C), and method 1030 (FIG. 9D).
  • the graphics acceleration module 446 may include one or more GPU chips integrated on a line card which is coupled to the processor 407 via the high-speed link 440. Alternatively, the graphics acceleration module 446 may be integrated on the same package or chip as the processor 407.
  • the illustrated processor 407 includes a plurality of cores 460A-460D, each with a translation lookaside buffer 461A-461D and one or more caches 462A-462D.
  • the cores may include various other components for executing instructions and processing data which are not illustrated to avoid obscuring the underlying principles of the components described herein (e.g., instruction fetch units, branch prediction units, decoders, execution units, reorder buffers, etc.).
  • the caches 462A-462D may comprise level 1 (LI) and level 2 (L2) caches.
  • one or more shared caches 456 may be included in the caching hierarchy and shared by sets of the cores 460A- 460D.
  • processor 407 includes 24 cores, each with its own LI cache, twelve shared L2 caches, and twelve shared L3 caches. In this embodiment, one of the L2 and L3 caches are shared by two adjacent cores.
  • the processor 407 and the graphics accelerator integration module 446 connect with system memory 441, which may include processor memories 401-402.
  • Coherency is maintained for data and instructions stored in the various caches 462A-462D, 456 and system memory 441 via inter-core communication over a coherence bus 464.
  • each cache may have cache coherency logic/ circuitry associated therewith to communicate to over the coherence bus 464 in response to detected reads or writes to particular cache lines.
  • a cache snooping protocol is implemented over the coherence bus 464 to snoop cache accesses. Cache snooping/coherency techniques are well understood by those of skill in the art and will not be described in detail here to avoid obscuring the underlying principles described herein.
  • a proxy circuit 425 may be provided that communicatively couples the graphics acceleration module 446 to the coherence bus 464, allowing the graphics acceleration module 446 to participate in the cache coherence protocol as a peer of the cores.
  • an interface 435 provides connectivity to the proxy circuit 425 over highspeed link 440 (e.g., a PCIe bus, NVLink, etc.) and an interface 437 connects the graphics acceleration module 446 to the high-speed link 440.
  • highspeed link 440 e.g., a PCIe bus, NVLink, etc.
  • an accelerator integration circuit 436 provides cache management, memory access, context management, and interrupt management services on behalf of a plurality of graphics processing engines 431, 432, N of the graphics acceleration module 446.
  • the graphics processing engines 431, 432, N may each comprise a separate graphics processing unit (GPU).
  • the graphics processing engines 431, 432, N may comprise different types of graphics processing engines within a GPU such as graphics execution units, media processing engines (e.g., video encoders/decoders), samplers, and blit engines.
  • the graphics acceleration module may be a GPU with a plurality of graphics processing engines 431- 432, N or the graphics processing engines 431-432, N may be individual GPUs integrated on a common package, line card, or chip.
  • the accelerator integration circuit 436 may include a memory management unit (MMU) 439 for performing various memory management functions such as virtual -to- physical memory translations (also referred to as effective-to-real memory translations) and memory access protocols for accessing system memory 441.
  • MMU memory management unit
  • the MMU 439 may also include a translation lookaside buffer (TLB) (not shown) for caching the virtual/ effective to physical/real address translations.
  • a cache 438 stores commands and data for efficient access by the graphics processing engines 431-432, N.
  • the data stored in cache 438 and graphics memories 433-434, M may be kept coherent with the core caches 462A-462D, 456 and system memory 411.
  • proxy circuit 425 which takes part in the cache coherency mechanism on behalf of cache 438 and memories 433-434, M (e.g., sending updates to the cache 438 related to modifications/accesses of cache lines on processor caches 462A-462D, 456 and receiving updates from the cache 438).
  • a set of registers 445 store context data for threads executed by the graphics processing engines 431-432, N and a context management circuit 448 manages the thread contexts.
  • the context management circuit 448 may perform save and restore operations to save and restore contexts of the various threads during contexts switches (e.g., where a first thread is saved and a second thread is stored so that the second thread can be execute by a graphics processing engine).
  • the context management circuit 448 may store current register values to a designated region in memory (e.g., identified by a context pointer). It may then restore the register values when returning to the context.
  • An interrupt management circuit 447 may receive and processes interrupts received from system devices.
  • virtual/effective addresses from a graphics processing engine 431 are translated to real/physical addresses in system memory 411 by the MMU 439.
  • the accelerator integration circuit 436 supports multiple (e.g., 4, 8, 16) graphics accelerator modules 446 and/or other accelerator devices.
  • the graphics accelerator module 446 may be dedicated to a single application executed on the processor 407 or may be shared between multiple applications.
  • a virtualized graphics execution environment is provided in which the resources of the graphics processing engines 431-432, N are shared with multiple applications or virtual machines (VMs).
  • the resources may be subdivided into “slices” which are allocated to different VMs and/or applications based on the processing requirements and priorities associated with the VMs and/or applications.
  • the accelerator integration circuit 436 acts as a bridge to the system for the graphics acceleration module 446 and provides address translation and system memory cache services.
  • the accelerator integration circuit 436 may also include shared I/O 497 (e.g., PCIe, USB) and hardware to enable system control of voltage, clocking, performance, thermals, and security.
  • the shared I/O 497 may utilize separate physical connections or may traverse the high-speed link 440.
  • the accelerator integration circuit 436 may provide virtualization facilities for the host processor to manage virtualization of the graphics processing engines, interrupts, and memory management.
  • any host processor can address these resources directly using an effective address value.
  • One optional function of the accelerator integration circuit 436 is the physical separation of the graphics processing engines 431-432, N so that they appear to the system as independent units.
  • One or more graphics memories 433-434, M may be coupled to each of the graphics processing engines 431-432, N, respectively.
  • the graphics memories 433- 434, M store instructions and data being processed by each of the graphics processing engines 431-432, N.
  • the graphics memories 433-434, M may be volatile memories such as DRAMs (including stacked DRAMs), GDDR memory (e.g., GDDR5, GDDR6), or HBM, and/or may be non-volatile memories such as 3D XPoint/Optane or Nano-Ram.
  • biasing techniques may be used to ensure that the data stored in graphics memories 433-434, M is data which will be used most frequently by the graphics processing engines 431-432, N and preferably not used by the cores 460A-460D (at least not frequently).
  • the biasing mechanism attempts to keep data needed by the cores (and preferably not the graphics processing engines 431-432, N) within the caches 462A-462D, 456 of the cores and system memory 411.
  • the accelerator integration circuit 436 is integrated within the processor 407.
  • the graphics processing engines 431-432, N communicate directly over the high-speed link 440 to the accelerator integration circuit 436 via interface 437 and interface 435 (which, again, may be utilize any form of bus or interface protocol).
  • the accelerator integration circuit 436 may perform the same operations as those described with respect to FIG. 4B, but potentially at a higher throughput given its close proximity to the coherency bus 464 and caches 462A-462D, 456.
  • the embodiments described may support different programming models including a dedicated-process programming model (no graphics acceleration module virtualization) and shared programming models (with virtualization).
  • the latter may include programming models which are controlled by the accelerator integration circuit 436 and programming models which are controlled by the graphics acceleration module 446.
  • graphics processing engines 431-432, N may be dedicated to a single application or process under a single operating system.
  • the single application can funnel other application requests to the graphics engines 431-432, N, providing virtualization within a VM/partition.
  • the graphics processing engines 431-432, N may be shared by multiple VM/application partitions.
  • the shared models require a system hypervisor to virtualize the graphics processing engines 431-432, N to allow access by each operating system.
  • the graphics processing engines 431-432, N are owned by the operating system. In both cases, the operating system can virtualize the graphics processing engines 431-432, N to provide access to each process or application.
  • the graphics acceleration module 446 or an individual graphics processing engine 431-432, N selects a process element using a process handle.
  • the process elements may be stored in system memory 411 and be addressable using the effective address to real address translation techniques described herein.
  • the process handle may be an implementation-specific value provided to the host process when registering its context with the graphics processing engine 431-432, N (that is, calling system software to add the process element to the process element linked list).
  • the lower 16-bits of the process handle may be the offset of the process element within the process element linked list.
  • FIG. 4D illustrates an exemplary accelerator integration slice 490.
  • a “slice” comprises a specified portion of the processing resources of the accelerator integration circuit 436.
  • Application effective address space 482 within system memory 411 stores process elements 483.
  • the process elements 483 may be stored in response to GPU invocations 481 from applications 480 executed on the processor 407.
  • a process element 483 contains the process state for the corresponding application 480.
  • a work descriptor (WD) 484 contained in the process element 483 can be a single job requested by an application or may contain a pointer to a queue of jobs. In the latter case, the WD 484 is a pointer to the job request queue in the application’s address space 482.
  • the graphics acceleration module 446 and/or the individual graphics processing engines 431-432, N can be shared by all or a subset of the processes in the system.
  • the technologies described herein may include an infrastructure for setting up the process state and sending a WD 484 to a graphics acceleration module 446 to start a job in a virtualized environment.
  • the dedicated-process programming model is implementation-specific.
  • a single process owns the graphics acceleration module 446 or an individual graphics processing engine 431. Because the graphics acceleration module 446 is owned by a single process, the hypervisor initializes the accelerator integration circuit 436 for the owning partition and the operating system initializes the accelerator integration circuit 436 for the owning process at the time when the graphics acceleration module 446 is assigned.
  • a WD fetch unit 491 in the accelerator integration slice 490 fetches the next WD 484 which includes an indication of the work to be done by one of the graphics processing engines of the graphics acceleration module 446.
  • Data from the WD 484 may be stored in registers 445 and used by the MMU 439, interrupt management circuit 447 and/or context management circuit 448 as illustrated.
  • the MMU 439 may include segment/page walk circuitry for accessing segment/page tables 486 within the OS virtual address space 485.
  • the interrupt management circuit 447 may process interrupt events 492 received from the graphics acceleration module 446.
  • an effective address 493 generated by a graphics processing engine 431-432, N is translated to a real address by the MMU 439.
  • the same set of registers 445 may be duplicated for each graphics processing engine 431-432, N and/or graphics acceleration module 446 and may be initialized by the hypervisor or operating system. Each of these duplicated registers may be included in an accelerator integration slice 490. Exemplary registers that may be initialized by the hypervisor are shown in Table 1.
  • Exemplary registers that may be initialized by the operating system are shown in Table 2.
  • Each WD 484 may be specific to a particular graphics acceleration module 446 and/or graphics processing engine 431 -432, N. It contains all the information a graphics processing engine 431 -432, N requires to do its work or it can be a pointer to a memory location where the application has set up a command queue of work to be completed.
  • FIG. 4E illustrates additional optional details of a shared model. It includes a hypervisor real address space 498 in which a process element list 499 is stored. The hypervisor real address space 498 is accessible via a hypervisor 496 which virtualizes the graphics acceleration module engines for the operating system 495.
  • the shared programming models allow for all or a subset of processes from all or a subset of partitions in the system to use a graphics acceleration module 446. There are two programming models where the graphics acceleration module 446 is shared by multiple processes and partitions: time-sliced shared and graphics directed shared.
  • the system hypervisor 496 owns the graphics acceleration module 446 and makes its function available to all operating systems 495.
  • the graphics acceleration module 446 may adhere to the following requirements: 1) An application’s job request must be autonomous (that is, the state does not need to be maintained between jobs), or the graphics acceleration module 446 must provide a context save and restore mechanism. 2) An application’s job request is guaranteed by the graphics acceleration module 446 to complete in a specified amount of time, including any translation faults, or the graphics acceleration module 446 provides the ability to preempt the processing of the job. 3) The graphics acceleration module 446 must be guaranteed fairness between processes when operating in the directed shared programming model.
  • the application 480 may be required to make an operating system 495 system call with a graphics acceleration module 446 type, a work descriptor (WD), an authority mask register (AMR) value, and a context save/restore area pointer (CSRP).
  • the graphics acceleration module 446 type describes the targeted acceleration function for the system call.
  • the graphics acceleration module 446 type may be a system-specific value.
  • the WD is formatted specifically for the graphics acceleration module 446 and can be in the form of a graphics acceleration module 446 command, an effective address pointer to a user-defined structure, an effective address pointer to a queue of commands, or any other data structure to describe the work to be done by the graphics acceleration module 446.
  • the AMR value is the AMR state to use for the current process.
  • the value passed to the operating system is similar to an application setting the AMR. If the accelerator integration circuit 436 and graphics acceleration module 446 implementations do not support a User Authority Mask Override Register (UAMOR), the operating system may apply the current UAMOR value to the AMR value before passing the AMR in the hypervisor call.
  • the hypervisor 496 may optionally apply the current Authority Mask Override Register (AMOR) value before placing the AMR into the process element 483.
  • the CSRP may be one of the registers 445 containing the effective address of an area in the application’s address space 482 for the graphics acceleration module 446 to save and restore the context state.
  • the context save/restore area may be pinned system memory.
  • the operating system 495 may verify that the application 480 has registered and been given the authority to use the graphics acceleration module 446. The operating system 495 then calls the hypervisor 496 with the information shown in Table 3.
  • the hypervisor 496 Upon receiving the hypervisor call, the hypervisor 496 verifies that the operating system 495 has registered and been given the authority to use the graphics acceleration module 446. The hypervisor 496 then puts the process element 483 into the process element linked list for the corresponding graphics acceleration module 446 type.
  • the process element may include the information shown in Table 4.
  • the hypervisor may initialize a plurality of accelerator integration slice 490 registers 445.
  • a unified memory addressable via a common virtual memory address space used to access the physical processor memories 401-402 and GPU memories 420-423 is employed.
  • operations executed on the GPUs 410-413 utilize the same virtual/ effective memory address space to access the processors memories 401-402 and vice versa, thereby simplifying programmability.
  • a first portion of the virtual/ effective address space may be allocated to the processor memory 401, a second portion to the second processor memory 402, a third portion to the GPU memory 420, and so on.
  • the entire virtual/effective memory space (sometimes referred to as the effective address space) may thereby be distributed across each of the processor memories 401-402 and GPU memories 420-423, allowing any processor or GPU to access any physical memory with a virtual address mapped to that memory.
  • Bias/coherence management circuitry 494A-494E within one or more of the MMUs 439A-439E may be provided that ensures cache coherence between the caches of the host processors (e.g., 405) and the GPUs 410-413 and implements biasing techniques indicating the physical memories in which certain types of data should be stored. While multiple instances of bias/coherence management circuitry 494A-494E are illustrated in FIG. 4F, the bias/coherence circuitry may be implemented within the MMU of one or more host processors 405 and/or within the accelerator integration circuit 436.
  • the host processor 405 may encrypt data and pointers with a key and share the key with GPUs 410-413 as described in the embodiments of process 3100 (FIG. 7E), method 3000 (FIG. 7F), and process 3200 (FIG. 7G), cryptographic diffusion and confusion 2580 (FIG. 7H) and/or resources diagram 2584 (FIG. 71).
  • the GPU-attached memory 420-423 may be mapped as part of system memory, and accessed using shared virtual memory (SVM) technology, but without suffering the typical performance drawbacks associated with full system cache coherence.
  • SVM shared virtual memory
  • the ability to GPU-attached memory 420-423 to be accessed as system memory without onerous cache coherence overhead provides a beneficial operating environment for GPU offload.
  • This arrangement allows the host processor 405 software to setup operands and access computation results, without the overhead of tradition I/O DMA data copies. Such traditional copies involve driver calls, interrupts and memory mapped I/O (MMIO) accesses that are all inefficient relative to simple memory accesses.
  • MMIO memory mapped I/O
  • the ability to access GPU attached memory 420-423 without cache coherence overheads can be critical to the execution time of an offloaded computation.
  • cache coherence overhead can significantly reduce the effective write bandwidth seen by a GPU 410-413.
  • the efficiency of operand setup, the efficiency of results access, and the efficiency of GPU computation all play a role in determining the effectiveness of GPU offload.
  • a selection of between GPU bias and host processor bias may be driven by a bias tracker data structure.
  • a bias table may be used, for example, which may be a page-granular structure (i.e., controlled at the granularity of a memory page) that includes 1 or 2 bits per GPU-attached memory page.
  • the bias table may be implemented in a stolen memory range of one or more GPU-attached memories 420- 423, with or without a bias cache in the GPU 410-413 (e.g., to cache frequently /recently used entries of the bias table). Alternatively, the entire bias table may be maintained within the GPU.
  • the bias table entry associated with each access to the GPU-attached memory 420-423 is accessed prior the actual access to the GPU memory, causing the following operations.
  • First, local requests from the GPU 410-413 that find their page in GPU bias are forwarded directly to a corresponding GPU memory 420- 423.
  • Local requests from the GPU that find their page in host bias are forwarded to the processor 405 (e.g., over a high-speed link as discussed above).
  • requests from the processor 405 that find the requested page in host processor bias complete the request like a normal memory read.
  • requests directed to a GPU-biased page may be forwarded to the GPU 410-413. The GPU may then transition the page to a host processor bias if it is not currently using the page.
  • the bias state of a page can be changed either by a software-based mechanism, a hardware-assisted software-based mechanism, or, for a limited set of cases, a purely hardware-based mechanism.
  • One mechanism for changing the bias state employs an API call (e.g., OpenCL), which, in turn, calls the GPU’s device driver which, in turn, sends a message (or enqueues a command descriptor) to the GPU directing it to change the bias state and, for some transitions, perform a cache flushing operation in the host.
  • the cache flushing operation is required for a transition from host processor 405 bias to GPU bias, but is not required for the opposite transition.
  • Cache coherency may be maintained by temporarily rendering GPU-biased pages uncacheable by the host processor 405.
  • the processor 405 may request access from the GPU 410 which may or may not grant access right away, depending on the implementation.
  • the host processor 405 may request access from the GPU 410 which may or may not grant access right away, depending on the implementation.
  • GPU 410 may or may not grant access right away, depending on the implementation.
  • FIG. 5 illustrates a graphics processing pipeline 500.
  • a graphics multiprocessor such as graphics multiprocessor 234 as in FIG. 2D, graphics multiprocessor 325 of FIG. 3A, graphics multiprocessor 350 of FIG. 3B can implement the illustrated graphics processing pipeline 500.
  • the graphics multiprocessor can be included within the parallel processing subsystems as described herein, such as the parallel processor 200 of FIG. 2A, which may be related to the parallel processor(s) 112 of FIG. 1 and may be used in place of one of those.
  • the various parallel processing systems can implement the graphics processing pipeline 500 via one or more instances of the parallel processing unit (e.g., parallel processing unit 202 of FIG. 2A) as described herein.
  • a shader unit e.g., graphics multiprocessor 234 of FIG.
  • 2C may be configured to perform the functions of one or more of a vertex processing unit 504, a tessellation control processing unit 508, a tessellation evaluation processing unit 512, a geometry processing unit 516, and a fragment/pixel processing unit 524.
  • the functions of data assembler 502, primitive assemblers 506, 514, 518, tessellation unit 510, rasterizer 522, and raster operations unit 526 may also be performed by other processing engines within a processing cluster (e.g., processing cluster 214 of FIG. 2A) and a corresponding partition unit (e.g., partition unit 220A-220N of FIG. 2 A).
  • the graphics processing pipeline 500 may also be implemented using dedicated processing units for one or more functions.
  • one or more portions of the graphics processing pipeline 500 are performed by parallel processing logic within a general-purpose processor (e.g., CPU).
  • one or more portions of the graphics processing pipeline 500 can access on-chip memory (e.g., parallel processor memory 222 as in FIG. 2A) via a memory interface 528, which may be an instance of the memory interface 218 of FIG. 2A.
  • the graphics processor pipeline 500 may also be implemented via a multi-core group 365A as in FIG. 3C.
  • the data assembler 502 is a processing unit that may collect vertex data for surfaces and primitives. The data assembler 502 then outputs the vertex data, including the vertex attributes, to the vertex processing unit 504.
  • the vertex processing unit 504 is a programmable execution unit that executes vertex shader programs, lighting and transforming vertex data as specified by the vertex shader programs.
  • the vertex processing unit 504 reads data that is stored in cache, local or system memory for use in processing the vertex data and may be programmed to transform the vertex data from an object-based coordinate representation to a world space coordinate space or a normalized device coordinate space.
  • a first instance of a primitive assembler 506 receives vertex attributes from the vertex processing unit 504.
  • the primitive assembler 506 readings stored vertex attributes as needed and constructs graphics primitives for processing by tessellation control processing unit 508.
  • the graphics primitives include triangles, line segments, points, patches, and so forth, as supported by various graphics processing application programming interfaces (APIs).
  • the tessellation control processing unit 508 treats the input vertices as control points for a geometric patch.
  • the control points are transformed from an input representation from the patch (e.g., the patch’s bases) to a representation that is suitable for use in surface evaluation by the tessellation evaluation processing unit 512.
  • the tessellation control processing unit 508 can also compute tessellation factors for edges of geometric patches.
  • a tessellation factor applies to a single edge and quantifies a view-dependent level of detail associated with the edge.
  • a tessellation unit 510 is configured to receive the tessellation factors for edges of a patch and to tessellate the patch into multiple geometric primitives such as line, triangle, or quadrilateral primitives, which are transmitted to a tessellation evaluation processing unit 512.
  • the tessellation evaluation processing unit 512 operates on parameterized coordinates of the subdivided patch to generate a surface representation and vertex attributes for each vertex associated with the geometric primitives.
  • a second instance of a primitive assembler 514 receives vertex attributes from the tessellation evaluation processing unit 512, reading stored vertex attributes as needed, and constructs graphics primitives for processing by the geometry processing unit 516.
  • the geometry processing unit 516 is a programmable execution unit that executes geometry shader programs to transform graphics primitives received from primitive assembler 514 as specified by the geometry shader programs.
  • the geometry processing unit 516 may be programmed to subdivide the graphics primitives into one or more new graphics primitives and calculate parameters used to rasterize the new graphics primitives.
  • the geometry processing unit 516 may be able to add or delete elements in the geometry stream.
  • the geometry processing unit 516 outputs the parameters and vertices specifying new graphics primitives to primitive assembler 518.
  • the primitive assembler 518 receives the parameters and vertices from the geometry processing unit 516 and constructs graphics primitives for processing by a viewport scale, cull, and clip unit 520.
  • the geometry processing unit 516 reads data that is stored in parallel processor memory or system memory for use in processing the geometry data.
  • the viewport scale, cull, and clip unit 520 performs clipping, culling, and viewport scaling and outputs processed graphics primitives to a rasterizer 522.
  • the rasterizer 522 can perform depth culling and other depth-based optimizations.
  • the rasterizer 522 also performs scan conversion on the new graphics primitives to generate fragments and output those fragments and associated coverage data to the fragment/pixel processing unit 524.
  • the fragment/pixel processing unit 524 is a programmable execution unit that is configured to execute fragment shader programs or pixel shader programs.
  • the fragment/pixel processing unit 524 transforming fragments or pixels received from rasterizer 522, as specified by the fragment or pixel shader programs.
  • the fragment/pixel processing unit 524 may be programmed to perform operations included but not limited to texture mapping, shading, blending, texture correction and perspective correction to produce shaded fragments or pixels that are output to a raster operations unit 526.
  • the fragment/pixel processing unit 524 can read data that is stored in either the parallel processor memory or the system memory for use when processing the fragment data.
  • Fragment or pixel shader programs may be configured to shade at sample, pixel, tile, or other granularities depending on the sampling rate configured for the processing units.
  • the raster operations unit 526 is a processing unit that performs raster operations including, but not limited to stencil, z-test, blending, and the like, and outputs pixel data as processed graphics data to be stored in graphics memory (e.g., parallel processor memory 222 as in FIG. 2A, and/or system memory 104 as in FIG 1), to be displayed on the one or more display device(s) 110 or for further processing by one of the one or more processor(s) 102 or parallel processor(s) 112.
  • the raster operations unit 526 may be configured to compress z or color data that is written to memory and decompress z or color data that is read from memory.
  • some embodiments are drawn to low latency bit length-parameterizable ciphers to encrypt GPU thread data in a SIMD environment.
  • a different encryption key may be used per lane enabling a fine granular encryption scheme.
  • a granular, lane-specific encryption process 600 is illustrated.
  • a graphics processor core 602 includes a first lane 602a, a second lane 602b and a N lane 602c are illustrated.
  • Each of the first lane 602a, second lane 602b and N lane 602c may execute a SIMD and/or SIMT process.
  • each of the SIMD lanes may process a different GPU thread associated with different tenants.
  • Each of the first lane 602a, the second lane 602b and the N lane 602c may include hardware elements, such as vector register elements, thread processors, memory, etc.
  • each of the threads must present credentials for security and to identify appropriate encryption keys.
  • the first lane 602a may execute a first thread associated with a first tenant
  • the second lane 602b may execute a second thread associated with a second tenant
  • the N lane 602c may execute a N thread associated with an N tenant.
  • the first lane 602a, second lane 602b and N lane 602c may be associated with a same computing architecture (e.g., located on a same SoC and/or graphics processor), and in particular a same core of the graphics processor 602.
  • different threads may be encrypted differently.
  • multiple tenants may share resources.
  • Some conventional application may only enforce encryption enforcement at a context level so that data for each context is isolated into different portions of a graphics processor at a core level and encrypted accordingly.
  • each context may need a separate core to execute on and may not share the core with other contexts.
  • Such applications may not encrypt at a granular level that permits dispersed distribution of context data throughout the first-N lanes 602a-602c of the graphics processor core 602 (e.g., in a discontinuous fashion) and inefficiently uses the core (e.g., if a context cannot use all lanes).
  • Some embodiments efficiently enforce isolation boundaries at a lane level such that different contexts (e.g., tenants) may share a same core, such as graphics processor core 602.
  • a key manager 602j may provide a first key 602g, second key 602h and N key 602i to the first encryption engine 602d, second encryption engine 602e and N encryption engine 602f respectively based on workloads and the credentials. For example, the key manager 602j may identify a context and/or tenant, as well as credentials associated with threads being executed, identify a key associated with the context and/or tenant and provide the key to the appropriate first encryption engine 602d, second encryption engine 602e and N encryption engine 602f.
  • the first lane 602a may process a first thread associated with a first tenant (or first context), and generate data associated with the first thread (e.g., first thread is processed and generates data).
  • the key manager 602j may identify that the first lane 602a is executing on behalf of the first tenant and provide the first key 602g to the first encryption engine 602d based on the first key being assigned to the first tenant.
  • the first encryption engine 602d encrypts the data with the first key 602g.
  • the second lane 602b may process a second thread associated with a second tenant (or second context), and generates data associated with the second thread (e.g., second thread is processed and generates data).
  • the key manager 602j may identify that the second lane 602b is executing on behalf of the second tenant and provide the second key 602h to the second encryption engine 602e based on the second key being assigned to the first tenant. As the second lane 602b generates data associated with the second thread, the second encryption engine 602e encrypts the data with the second key 602h.
  • first encryption engine 602d, the second encryption engine 602e and N encryption engine 602f may concurrently encrypt data from the first lane 602a, second lane 602b and N lane 602c in synchronization of clock cycles.
  • the N lane 602c may process an N thread associated with an N tenant (or N context), and generate data associated with the N thread (e.g., N thread is processed and generates data).
  • the key manager 602j may identify that the N lane 602c is executing on behalf of the N tenant and provide the N key 602i to the N encryption engine 602f based on the N key being assigned to the N tenant. As the N lane 602c generates data associated with the N thread, the N encryption engine 602f encrypts the data with the N key 602i.
  • each of the first lane 602a, second lane 602b and N lane 602c may be coupled with to a dedicated encryption engine of the first encryption engine 602d, the second encryption engine 602e and the N encryption engine 602f to securely encrypt data.
  • each of the first lane 602a, second lane 602b and N lane 602c may have the flexibility to be encrypted differently than the other lanes of the first lane 602a, second lane 602b and N lane 602c, isolating threads at a granular lane level as opposed to a coarse core level.
  • the process 600 provides the encrypted data to device memory 604, 606.
  • the device memory 604 may store encrypted first data 604a generated by the first lane 602a, encrypted second data 604b generated by the second lane 602b and encrypted N data 604N generated by the N lane 602c.
  • the process 600 may then identify data requests 610.
  • each of the encrypted first data 604a, encrypted second data 604b and encrypted N data 604N may be stored in association with credentials for a thread that generated the respective data to facilitate retrieval (e.g., by a CPU and/or the GPU).
  • FIG. 6A illustrates a 1 to 1 association between an encrypted data, a lane such as first-n lanes 602a-602c, a graphics engine and an encryption/decryption engine such as the first encryption engine 602d, the second encryption engine 602e, and the N encryption engine 602f
  • a “lane” may include multiple graphics compute engines, and/or encryption engines.
  • some embodiments may include an encryption/decryption engine per graphics engine, with each lane include multiple encryption/decryption engines and graphics engines producing data that is encrypted differently from each other with the encryption/decryption engines.
  • SLA Service Level Agreement
  • QoS quality of service
  • process 600 may execute data specific decryption 612 based on the encrypted first data 604a, encrypted second data 604b and encrypted N data 604N retrieved from the device memory 604.
  • the key manager 602j may identify a marker or identification from the encrypted first data 604a, encrypted second data 604b and encrypted N data 604N to identify appropriate keys for decryption based on the corresponding encryption keys.
  • a method for provisioning a user and/or tenant key into the key manager 602j uses a (Process Address Space ID) PASID structure or similar structure that maintains a table of per-tenant context that allows the key manager 602j to relate various tenant-specific keys to a tenant ‘slice’.
  • the key manager 602j may use a handle, PASID value, a public key or a tenant identifier as the ‘marker’ that identifies the tenant security context.
  • the key manager 602j may identify that the encrypted first data 604a was encrypted by the first encryption engine 602d, and a time that the encryption occurred. Based on these identifications, the key manager 602j may determine that the first encryption engine 602d was utilizing the first key 602g during encryption of the encrypted first data 604a. Other implementations may be possible as well.
  • the encrypted first data 604a may include a value or field indicating that the first key 602g was used to encrypt the encrypted first data 604a.
  • credentials associated with a thread requesting the encrypted first data 604a may be verified and the first key 602g may be identified based on the credentials (e.g., the thread is associated with the first tenant).
  • the encrypted first data 604a is to be processed by the first lane 602a, so the key manager 602j provides the first key 602g to the first encryption engine 602d.
  • the key manager 602j may provide the second key 602h to the second encryption engine 602e based on an identification that the encrypted second data 604b is assigned to the second lane 602b.
  • the key manager 602j may provide the third key 602i to the N encryption engine 602f based on an identification that the encrypted N data 604N is assigned to the N lane 602c.
  • the first encryption engine 602d, the second encryption engine 602e and the N encryption engine 602f may decrypt the encrypted first data 604a, encrypted second data 604b and encrypted N data 604N to generate decrypted first data 614a, decrypted second data 614b and decrypted N data 614N.
  • the first lane 602a, second lane 602b and N lane 602c may begin further processing on the decrypted first data 614a, decrypted second data 614b and decrypted N data 614N.
  • the data may be distributed different.
  • the first lane 602a may generate data that is encrypted with the first encryption engine 602d. Later, the data may be retrieved, decrypted by the N encryption engine 602f and operated on by the N lane 602c. That is, data may be transferred between lanes assuming that security protocols are complied with.
  • the first encryption engine 602d, second encryption engine 602e and N encryption engine 602f may implement a specific parameterizable cipher to encrypt GPU thread data.
  • Each workload e.g., first thread, second thread, N thread
  • the request may be supported as part of a graphics processor core 602 instruction.
  • the request may also come to the graphics processor core 602 as part of an associated driver.
  • various keys may be generated and utilized for encryption and decryption in processes associated with the workload and/or tenant by the key manager 602j.
  • a graphics processor core 602 slice may belong to a single isolated thread or a group of isolated threads.
  • some embodiments may enable encryption at far more granular levels (e.g., 32 bits and/or 64 bits) corresponding to lane size.
  • multiple lanes may be encrypted according to different encryption keys to enable tenants to utilize a same graphics processor core 602 while respecting privacy, isolation and data compartmentalization between tenants.
  • Some applications may set scalars of a fused multiply-add (FMA), which are part of the same vector FMA, need to be associated with the same workload, up to some minimum acceptable size.
  • FMA fused multiply-add
  • Embodiments as described herein may use each parallel scalar FMA, which is part of a vector FMA, may be associated with a different isolated workload.
  • the encryptions and decryptions may occur inside the graphics processor core 602 to avoid transference of unencrypted data along busses or other mediums.
  • the graphics processor core 602 may be a tensor core that execute 3 clocks per operation (e.g., within circuits currently meet timings in frequencies up to 4 GHz) and in parallel across threads.
  • the encryptions and decryptions may occur inside in the graphics processor core 602.
  • lightweight encryption engines such as the first encryption engine 602d, second encryption engine 602e and N encryption engine 602f, may avoid some standards, such as the Advanced Encryption Standard (which may take up to 12 clock cycles to execute), and may be a drop-in replacement that provides performance enhancements.
  • Some embodiments may include the key manager 602j that flexibly provisions the same tenant key across multiple fine-grain threads to achieve wide word sizes seamlessly for workloads that require a greater percentage of resources of the graphics processor core 602.
  • the first encryption engine 602d, second encryption engine 602e and N encryption engine 602f may implement K-ciphers. Details are provided by Table I:
  • FIG. 6C illustrates a SIMD architecture 660.
  • the encryption architecture 660 includes GPU cores 662 that includes lanes that process threads as described herein.
  • the GPU cores 662 may be connected with encryption engines 664 to encrypt and decrypt data.
  • a local memory 666 and/or device memory may store the encrypted data.
  • the local memory 666, encryption engines 664 and GPU cores 662 may be part of a same graphics processor, while the device memory 668 may be separate from the graphics processor.
  • FIG. 6D illustrates a method 670.
  • FIG. 6D shows a method 670 that may provide enhanced and granular decryption and encryption.
  • the method 670 may generally be implemented in any of the embodiments described herein, and may implement aspects of the key manager 602j and the first encryption engine 602d, second encryption engine 602e and N encryption engine 602f (FIGS. 6A and 6B) and/or be combined with the SIMD architecture 660 (FIG. 6C).
  • the method 670 is implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as random access memory (RAM), read only memory (ROM), programmable ROM (PROM), firmware, flash memory, etc., in configurable logic such as, for example, programmable logic arrays (PLAs), field programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), in fixed-functionality logic hardware using circuit technology such as, for example, application specific integrated circuit (ASIC), complementary metal oxide semiconductor (CMOS) or transistor-transistor logic (TTL) technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as random access memory (RAM), read only memory (ROM), programmable ROM (PROM), firmware, flash memory, etc.
  • configurable logic such as, for example, programmable logic arrays (PLAs), field programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), in fixed-functionality logic hardware using circuit technology such as
  • computer program code to carry out operations shown in the method 670 may be written in any combination of one or more programming languages, including an object oriented programming language such as JAVA, SMALLTALK, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages.
  • logic instructions might include assembler instructions, instruction set architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, statesetting data, configuration data for integrated circuitry, state information that personalizes electronic circuitry and/or other structural components that are native to hardware (e.g., host processor, central processing unit/CPU, microcontroller, etc.).
  • Illustrated processing block 672 receives a write request.
  • Illustrated processing block 674 identifies a tenant associated with the write request.
  • Illustrated processing block 676 determines whether a tenant encryption key exists for the tenant. If not, illustrated processing block 678 generates a new encryption key for the tenant. The encryption key may be stored in association with credentials of the tenant for further referencing.
  • Illustrated processing block 680 encrypts the data according to the encryption key.
  • Illustrated processing block 682 stores the encrypted data. While not illustrated, the encrypted data may be decrypted based on the encryption key and based on a request associated with a thread of the tenant that has the credentials.
  • FIG. 6E illustrates a method 690 to process read requests.
  • the method 690 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the key manager 602j and the first encryption engine 602d, second encryption engine 602e and N encryption engine 602f (FIGS. 6A and 6B), method 670 (FIG. 6D), and/or be combined with the SIMD architecture 660 (FIG. 6C) already discussed.
  • the method 690 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc.
  • configurable logic such as, for example, PLAs, FPGAs, CPLDs
  • fixed-functionality logic hardware such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • Illustrated processing block 692 receives a read request. Illustrated processing block 694 identifies a key (e.g., a tenant specific key) associated with a tenant of the read request. In some embodiments, the key may be identified based on credentials associated with the key and/or a requesting thread. Illustrated processing block 696 decrypts data according to the key. Illustrated processing block 698 sends the decrypted data to a requesting device (e.g., a graphics processor and/or lane).
  • a requesting device e.g., a graphics processor and/or lane
  • FIG. 6F illustrates an encryption and storage process 3300.
  • the process 3300 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example process 600 (FIGS. 6A and 6B), method 670 (FIG. 6D), method 690 (FIG. 6E) and/or be combined with the SIMD architecture 660 (FIG. 6C) already discussed.
  • a plurality of execution cores 3302 of a GPU execute operations.
  • the execution units may execute workloads associated with different contexts.
  • a first core 3304, a second core 3306 and a third core 3310 may execute different workloads associated with different contexts.
  • the first core 3304 may include execution units 3304a that produce data for different contexts and/or tenants.
  • the data is encrypted by the lightweight cryptographic engines 3304b according to a first encryption (e.g., a first encryption key), a second encryption (e.g., a second encryption key), a third encryption (e.g., a third encryption key) and a fourth encryption (e.g., a fourth encryption key).
  • first encryption e.g., a first encryption key
  • second encryption e.g., a second encryption key
  • third encryption e.g., a third encryption key
  • fourth encryption e.g., a fourth encryption key
  • the first-fourth workloads may be distributed through the first core 3304, the second core 3306 and the third core 3308 resulting in the first-fourth encryptions being applied in each of the first core 3304, the second core 3306 and the third core 3308.
  • the lightweight cryptographic engines 3306b of the second core 3306 may encrypt data from the execution units 3306a according to the first-fourth encryptions
  • the lightweight cryptographic engines 3308b of the third core 3308 may encrypt data from the execution units 3308a according to the first-fourth encryptions.
  • encrypted data may be associated with a same tenant.
  • the data encrypted according to the first encryption from the first core 3304, the second core 3306 and the third core 3308 may be concatenated together (e.g., in the GPU) to form a larger sized block width (e.g., 32 bits) for storage.
  • the GPU may further concatenate together data that is encrypted according to the second encryption.
  • the GPU may further concatenate together data that is encrypted according to the third encryption.
  • the GPU may further concatenate together data that is encrypted according to the fourth encryption.
  • the GPU may thus store the concatenated encrypted data 3314 in the cache 3316.
  • some embodiment may permit flexible workload distribution with encryption on a lane-by-lane basis.
  • each workload may execute within a same lane of the first core 3304, second core 3306 and third core 3308 for the lifetime of operations of the workload.
  • operations of a workload may be distributed through multiple lanes which are each encrypted according to a same key.
  • the GPU may access a data structure indicating how the data was encrypted (e.g., according to one of the first-fourth encryptions).
  • An identifying element from the data may be used to identify the encryption scheme and with reference to the data structure.
  • embodiments support isolation and multitenancy and different levels of granularity (e.g., both vertically and horizontally isolated matrix multiplication).
  • some embodiments provide more flexibility to operate on code that multiplies matrices, while enforcing isolation.
  • FMAs fused multiply-adds
  • a set scalar of fused multiply-adds (FMAs) need to be associated with the same workload, up to some minimum acceptable size to justify utilization of an entire execution unit (e.g., a certain number of lanes of the execution unit must be occupied to justify execution while still enforcing isolation). That is, isolation principles may not permit other workloads to execute on the execution unit to use unoccupied lanes.
  • each parallel scalar FMA which is part of a vector FMA, may be associated with a different isolated workload executing on a same execution unit (multiple workloads execute on a same execution unit isolated in different lanes).
  • the same principle may apply to other types of scalar operations.
  • Embodiments may execute efficiently if the workloads that are isolated at a finer granularity execute the same code stream, which may be the case for machine learning (ML) workloads.
  • ML machine learning
  • ML workloads may be characterized by sequential matrix multiplications and fewer data dependent branches.
  • lightweight 32-bit and 64-bit encryption systems may acceptably secure data.
  • Simon and Speck ciphers support 32-bit and 64-bit lengths.
  • a PRINCE cipher performs encryption at 64-bit block granularity.
  • a key size in such ciphers may be much larger than the block size (e.g., a 32-bit block cipher approximates an ideal primitive, which is the 32-bit random permutation).
  • the space of all 32-bit random permutations may be (232)!
  • the lightweight cryptographic engines 3304b, 3306b, 3308b may implement lightweight ciphers (e.g., 32-bit or 64-bit) including Simon, Speck, PRINCE, K-cipher, etc. to provide a fine grain per SIMD lane isolation.
  • lightweight ciphers e.g., 32-bit or 64-bit
  • Simon, Speck, PRINCE, K-cipher, etc. to provide a fine grain per SIMD lane isolation.
  • an intra-domain adversary may attempt to form dictionaries and launch dictionary-based attacks (i.e., use known plaintext-ciphertext pairs) and it may take about 232 efforts for such attacks when using the 32-bit cipher for instance.
  • such considerations may be irrelevant because the intra-domain adversary may directly access or overwrite a victim’s data.
  • an inter-domain adversary only observes ciphertexts. Accordingly, the cryptographic challenge is more difficult, and an adversary cannot determine which permutation is used for concealing the victim’s data among the numerous choices.
  • Embodiments therefore provide flexibility in isolation granularity. For example, some embodiments involve per SIMD lane isolation and involve a lightweight cipher that may replaces the AES engine of conventional architectures for performance reasons.
  • Deep fakes e.g., synthetic media in which a person in an existing image or video is modified or replaced
  • machine learning (ML) algorithms may attempt to classify data as a deep fake or a genuine image. Doing so however may be problematic and prone to error. For example, consider a first false positive scenario that may include a claim. Suppose that an image A is genuine and not a deep fake.
  • a “defender” may successfully generate a similar image B (may be similar to image A) using an ML algorithm and a number of ML models for the description of the entities involved (e.g., faces, voices, people, buildings etc.)
  • the “defender” may thus successfully put forward a case that the content of A is a deep fake, whereas in reality the image A is genuine.
  • image A genuine and not a deep fake.
  • a defender successfully generates by means of artificial intelligence (Al) algorithm, an alleged “source” image B, which has content overlapping with A, but semantically conveys a different meaning (e.g., the same person X shakes hands with person Y as opposed to person Z).
  • image B is a deep fake.
  • Image B is created using an ML algorithm and a number of ML models for the description of the entities involved (e.g., faces, voices, people, buildings etc.).
  • the defender successfully makes a case that some of the content of A was copy-pasted from the alleged source B or inserted using a range of valid transformations. In this case A is shown to be synthetic (a deep fake), even though it is not.
  • an image A is a deep fake. Specifically, it is synthetically generated using simple transformations from a source image B.
  • a “defender” may present the true source image B from which some of the content was copy-pasted or extracted using a range of valid transformations.
  • An “offender”, however, may make a case that the true source B is also a deep fake by presenting an ML algorithm and a set of ML models that synthetically generate the content of true source image B, thus falsely indicating that the true source image B is a deep fake.
  • An image may be a deep fake.
  • a “defender” presents the true source image “B” from which some of the content was copy-pasted or extracted using a range of valid transformations.
  • An “offender” produces additional content (e.g., audio files, video files, etc.) all of which are synthetically generated, and which the offender claims as original, that are semantically linked with the deep fake image and indicates falsely that it is a valid image.
  • FIG. 6G a performance enhanced computing architecture 3400 is shown.
  • Some embodiments relate to a concept, schematics and functionality of a “Distributed Trustworthiness Record” (DTR) 3404, which is a data structure that may be used by rating agency 3408 to compute trustworthiness scores for content 3402.
  • the content 3402 may be any type of content, such as video, audio, etc.
  • a plurality of applications 3406 may enter claims into the DTR 3404.
  • a first application 3406a may enter a claim into entry 1 3404a
  • a second application 3406b may enter a claim into entry 2 3404b
  • a third application 3406c may enter a claim into entry 3 3404c
  • an N application 3406n may enter a claim into entry N 3404n.
  • the DTR 3404 may include a plurality of claims from various application 3406 (e.g., different sources of analysis).
  • the first application 3406a may enter a claim that states that the content 3402 is a deep fake
  • the third application 3406c may enter a claim that indicates that the content 3402 is genuine.
  • Each of the claims may include an indication of whether the content 3402 is fake or genuine, and how the indication was reached.
  • the rating agency 3408 may analyze the claims and output a trustworthiness score that corresponds to whether the content 3402 is genuine or fake.
  • the DTR 3404 allows the plurality of applications 3406 (e.g., defenders) to place suggestions for the true source of a content 3402 together with the list of suggested transformations (e.g., machine algorithms) that produced the content.
  • the plurality of applications 3406 e.g., defenders
  • the DTR 3404 may be completely distributed (e.g., a distributed ledger provided across a plurality of nodes) or a centralized data structure.
  • the term “distributed” in the name DTR 3404 refers to the notion that the DTR 3404 may be accessed by multiple parties for inputting claims and/or analyzing claims.
  • the DTR 3404 and/or the rating agency 3408 may implement access control functions and access control policies when accessing the DTR 3404.
  • DTR 3404 may be accessed by the rating agency 3408, or in some embodiments, a plurality of rating agencies.
  • the rating agency 3408 may be a ML algorithm and/or other evaluation algorithms.
  • the rating agency 3408 may inspect the entries 1-N 3404a-3404n of the DTR 3404 and compute a trustworthiness score for the content 3402.
  • the trustworthiness score may correspond to whether the content 3402 is real or a deep fake.
  • the one application when one application of the plurality of applications 3406 inserts a claim into the DTR 3404, the one application may also be required to provide a ML model that generated the analysis (e.g., real or deep fake), an algorithm that was used in the analysis of the content 3402, a code that implements aspects of the analysis of the content 3402, the analysis (e.g., whether real or deep fake) of the content 3402, and a date and duration of any related experiment (e.g., an experiment may include a set of transformations [legitimate or malicious] applied on an original image to convert it to the one that is being classified). Training data may also be provided in some embodiments as part of the claims.
  • a ML model that generated the analysis e.g., real or deep fake
  • an algorithm that was used in the analysis of the content 3402
  • a code that implements aspects of the analysis of the content 3402
  • the analysis e.g., whether real or deep fake
  • a date and duration of any related experiment e.
  • Algorithms involved in any experiment described in the claim and a corresponding entry of the DTR 3404 may include non- ML algorithms performed on image data such as translation operations, rotation operations, scaling operations, lighting operations, color correction operations, sharpening operations, blurring operations to determine whether the content 3402 is genuine or fake. Some embodiments may further include ML algorithms used to analyze the content 3402 such as synthetic generation based on deep neural networks (DNNs), generative adversarial networks (GANs) etc. to determine whether the content 3402 is genuine or fake.
  • DNNs deep neural networks
  • GANs generative adversarial networks
  • entry 1 3404a (e.g., first claim) is shown in more detail.
  • Claim 1 suggests that an image of the content 3402 is a fake (e.g., specifically “copy -pasted” from some source). There is a link to an original source with a valid list of non-ML transformations, indicating how the content extraction was executed.
  • entry 2 3404b (e.g., second claim) suggests that the image is original. Further entry 2 3404b may include a link to an ML algorithm (e.g., a reproductive algorithm) and model capable of reproducing the alleged “source” of entry 1 3404a (e.g., claim 1) synthetically.
  • ML algorithm e.g., a reproductive algorithm
  • Entry 3 3404c suggests that the image of the content 3402 is a deep fake. Entry 3 3404c includes a link to an ML algorithm and model, capable of reproducing the image of the content 3402 synthetically.
  • Entry N 3404n which is the last entry in the DTR 3404, suggests that the image is original.
  • Entry N 3404n includes is a link to an audio file independently recorded that semantically conveys the same information as the image.
  • All data in entry 1 3404a-entry N 3404n are evaluated by the rating agency 3408.
  • the rating agency 3408 is one of a heuristics-based on an ML algorithm, and returns the trustworthiness score for the content 3402.
  • the evaluation by the rating agency 3408 may include a human input (e.g., adjustment of an algorithm, etc.) as well.
  • the rating agency 3408 includes a GPU 3408a that may execute a neural network or deep learning process. In some embodiments, the rating agency 3408 evaluates all claims contained in the DTR 3404 to determine a trustworthiness score. In some embodiments, the rating agency 3408 is completely automated. In some embodiments, an action may automatically be executed based on the trustworthiness score. For example, if the content 3402 relates to a biometric authentication (e.g., voice, audio, fingerprint, facial recognition, etc.) of a user. If the trustworthiness corresponds to a deep fake, further authentications may be executed to confirm if the user is genuine, and/or blocking the user from accessing certain functions associated with a computing device.
  • a biometric authentication e.g., voice, audio, fingerprint, facial recognition, etc.
  • FIG. 6H illustrates an entry 3420 in a DTR.
  • the entry 3420 may correspond to any of the aforementioned entry 1 3404a-entry N 3404n (FIG. 6G) already discussed.
  • the entry 3420 may include a claim summary 3420a (e.g., whether content is a deep fake or genuine).
  • the claim summary 3420a may be encoded.
  • the entry 3420 may include an algorithmic information 3420b (e.g., an algorithm used in the analysis, for example reproducing the content or confirming the authenticity of the content, an ID of the algorithm, type of algorithm, and a link to the code of the algorithm).
  • the entry 3420 may include supporting data 3420c (e.g., image, audio, ML models), training data 3420d, a date 3420e that the analysis was conducted, a proof of work 3420f (e.g., provides a fair mechanism for accessing the ledger allowing all opinions to be inserted) and a cryptographic authentication 3420g.
  • supporting data 3420c e.g., image, audio, ML models
  • training data 3420d e.g., image, audio, ML models
  • a date 3420e that the analysis was conducted e.g., a proof of work 3420f (e.g., provides a fair mechanism for accessing the ledger allowing all opinions to be inserted)
  • a cryptographic authentication 3420g e.g., image, audio, ML models
  • the more original (e.g., unique) the supporting content 3420c the more computationally difficult it is to dispute the supporting content 3420c. For example, it may be difficult to show that the supporting content 3420c is the result of an expensive ML computation. In such cases, a rating agency may identify that the entry 3420 is associated with a correct analysis and weight the entry 3420 with an increased weight when computing the trustworthiness score.
  • the difficulty of a cryptographic puzzle may be a function of the ML computing capability indicated in the claims. If an entity is capable of making claims by producing synthetic images, the proof of work 3420f required for inserting content in the ledger at entry 3420 for this entity should be higher
  • FIG. 61 illustrates a method 3500 to enter data into a ledger.
  • the method 3500 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architecture 3400 (FIG. 6G) already discussed. More particularly, the method 3500 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc.
  • configurable logic such as, for example, PLAs, FPGAs, CPLDs
  • fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • Illustrated processing block 3502 receives a first claim from a third-party.
  • the claim may be associated with content.
  • Illustrated processing block 3504 determines if the third-party has already submitted a claim. If so, illustrated processing block 3506 determines if the requirements for re-entry have been met.
  • Illustrated processing block 3506 may prevent entities from dominating the ledger with claims biased toward one specific way of perceiving the content (e.g., fake or not). For example, the requirements may include a greater proof of work, whether a time difference between the submitted claim and the first claim meets a threshold, etc. If the requirements have been met, illustrated processing block 3510 enters the first claim into the DTE. Otherwise, processing block 3508 bypasses entry of the claim.
  • Method 3500 may be applicable for a centralized data repository (DB).
  • DB centralized data repository
  • some embodiments may accept repeating entries from the same entity.
  • a rating agency such as rating agency 3408 of FIG. 6G, may include logic that counts only the latest claim form every party in the event that the distribute leger is a centralized data repository.
  • a computing architecture 1150 illustrated in FIG. 7A may reduce computing resources, power usage and area size while enforcing trust domain boundaries.
  • the computing architecture 1150 may include accelerators 1152 that include first accelerator 1152a-fourth accelerator 1152d.
  • the accelerators 1152 may be specialized accelerators for different applications, such as deep learning, GPU accelerator, or may be general accelerators. Each of the accelerators 1152 may be specialized for a different purpose.
  • the accelerators 1152 may require cryptographic protection of data stored in memory 1174 for secure usages (e.g., multi-tenant situations, virtual machines operating concurrently, protected content such as digital rights management (DRM)).
  • DRM digital rights management
  • some embodiments include cryptographic support at a reduce hardware cost size and enhanced efficiency.
  • some embodiments include a centralized converged cryptographic engine (CCE) 1160 and a secure path between the accelerators 1152 and the CCE 1160.
  • CCE centralized converged cryptographic engine
  • a CPU 1162 and any other elements outside of a trust computing base (TCB) associated with the accelerators 1152 may not have access to the path between the CCE 1160 and the accelerators 1152 to enhance security.
  • unencrypted data between the accelerators 1152 and CCE 1160 may not be intercepted and read by compromised hardware such as the CPU 1162.
  • some embodiments may enhance security while reducing the size for executing cryptographic operations of the accelerators 1152.
  • the size e.g., number of gates
  • further security properties e.g., integrity and replay protection
  • some embodiments include a centralized CEE 1160.
  • some embodiments include a method and apparatus to unify the cryptographic support for the accelerators 1152 using the CCE 1160.
  • the CCE 1160 is interposed on the memory path between the memory 1174 and the accelerators 1152 to encrypt and decrypt data.
  • a trusted execution environment (TEE) 850 and/or any other secure element (e.g., Basic Input/Output System and/or Unified Extensible Firmware Interface) of the architecture 1150 may partition keys 852 (e.g., a KeylD partitioning scheme) to create a first key domain 1148a (e.g., encryption keys) and a second key domain 1148b (e.g., encryption keys).
  • the TEE 850 further assigns keys to the CPU 1162.
  • some embodiments may permit a centralized update to the CEE 1160 rather than requiring a plurality of distributed crypto engines to be updated.
  • the TEE 850 may implement a key partitioning scheme to partition the keys between different trust domains.
  • the TEE 850 may generate the first key domain 1148a for a first trust domain, and the second key domain 1148b for a second trust domain.
  • the first trust domain may include the first and second accelerators 1152a, 1152b, while the second trust domain may include the third and fourth accelerators 1152c, 1152d. While the first and second trust domains are shown as distinct from each other, in some embodiments the first and second trust domains may overlap.
  • the one or more of accelerators 1152 may each include a first plurality of intellectual property (IP) cores (e.g., reusable unit of logic or functionality or a cell or a layout design) that are in the first trust domain, and a second plurality of IP cores in the second trust domain.
  • IP intellectual property
  • a single IP core of the accelerators 1152 may be in both the first and second trust domains to process data for both the first and second trust domains.
  • the CCE 1160 may process data from the single IP core based on an indication of whether the data is associated with the first or second trust domain. The indication may be inserted by the IP core and/or implicit in the data itself based on associated address ranges or other identifiers. While IP core is referenced above, it is to be understood that execution units and/or other cores are similarly included.
  • the CCE 1160 may isolate key usage between the first and second trust domains, and the CPU 1162. For example, keys of the first key domain 1148a may not be used to encrypt data of the second domain or the CPU 1162, and keys of the second key domain 1148b may not be used to encrypt data from the first trust domain or the CPU 1162. Thus, data of a respective trust domain may only be encrypted according to keys assigned to the respective trust domain. In this example, data of the first trust domain may only be encrypted according to keys in the first key domain 1148a, while data of the second trust domain may only be encrypted according to keys in the second trust domain.
  • the CCE 1160 and/or TEE 850 may actively block other hardware elements from accessing and/or using keys associated with different trust domains that the hardware does not belong within.
  • the TEE 850 may block access to one or more keys in the first or second key domains 1148a, 1148b, by the CPU 1162 through allocation of the keys to the first and second trust domains, and to bypass allocating the keys to the CPU 1162.
  • the CPU 1162 is effectively blocked from decrypting data associated with the first and second trust domains in the memory 1174 and may only see ciphertext since the CPU 1162 does not have access to the keys.
  • the CCE 1160 and/or the TEE 850 may include an access control scheme that is implemented by embodiments to prevent the CPU 1162 from using keys that are dedicated to the first and second trust domains, such as the first key domain 1148a and the second key domain 1148b respectively.
  • Access control may be supported by two access control mechanisms preventing the CPU 1162 from programming a first key domain 1148 (e.g., GFx KeylD) and controlling certain commands from the CPU 1162 (e.g., key programming instruction, PCONFIG, fails if software attempts programming a graphics key).
  • a hardware element may check that the Key ID of a request from the CPU 1162 does not fall in the first key domain 1148 range or second key domain 1148b range to block the CPU 1162 from accessing unauthorized keys.
  • the first and second accelerators 1152a-1152b are part of the first trust domain (e.g., a first power constrained part such as a PC, etc.), and the third and fourth accelerators 1152c, 1152d belong to a second trust domain (e.g., a power constrained part such as a PC, etc.).
  • the CPU 1162 may be part of a third trust domain (e.g., a host operating system, a third virtual machine, etc.) that is allocated a key domain (not illustrated) as well for encryption by the CEE 1160.
  • the CCE 1160 may receive data from the first and second trust domains, encrypt the data and provide the encrypted data to the memory controller 1174a in order to isolate the first and second trust domains from each other and the CPU 1162.
  • the first accelerator 1152a may send a first memory write operation and data request operation 1164 to the CCE 1160.
  • the second accelerator 1152b may send a second memory write operation 1166 to the CCE 1160.
  • the third accelerator 1152c may send a third memory write operation 1168 to the CCE 1160.
  • the fourth accelerator 1152d may send a fourth memory write operation 1170 to the CCE 1160.
  • the CCE 1160 may receive the requests from the accelerators 1152.
  • the CCE 1160 may identify whether the data originates from the first or second trust domain, and encrypt the data accordingly. For example, the CCE 1160 may identify that the first memory write operation originates from the first accelerator 1152a and identify that the first accelerator 1152a is part of the first trust domain. Since the first trust domain is permitted to use keys from the first key domain 1148a, the CCE 1160 may select one of the keys from the first key domain 1148a to encrypt data associated with the first memory write operation. Thus, the CCE 1160 may encrypt data from the first accelerator 1152a with keys from the first key domain 1148a.
  • the CCE 1160 may identify that the second memory write operation originates from the second accelerator 1152b and identify that the second accelerator 1152b is part of the first trust domain. Since the first trust domain is permitted to use keys from the first key domain 1148a, the CCE 1160 may select one of the keys (e.g., the same key or a different key used to encrypt the data associated with the first memory write operation) from the first key domain 1148a to encrypt data associated with second memory write operation. Thus, the CCE 1160 may encrypt data from the second accelerator 1152b with keys from the first key domain 1148a.
  • the keys e.g., the same key or a different key used to encrypt the data associated with the first memory write operation
  • the CCE 1160 may identify that the third memory write operation originates from the third accelerator 1152c and identify that the third accelerator 1152c is part of the second trust domain. Since the second trust domain is permitted to use keys from the second key domain 1148b and not the first key domain 1148a, the CCE 1160 may select one of the keys from the second key domain 1148b to encrypt data associated with third memory write operation. Thus, the CCE 1160 may encrypt data from the third accelerator 1152c with keys from the second key domain 1148b.
  • the CCE 1160 may identify that the fourth memory write operation originates from the fourth accelerator 1152d and identify that the fourth accelerator 1152d part of the second trust domain. Since the second trust domain is permitted to use keys from the second key domain 1148b, the CCE 1160 may select one (the same key or different key used to encrypt the data associated with the third memory write operation) of the keys from the second key domain 1148b to encrypt data associated with fourth memory write operation. Thus, the CCE 1160 may encrypt data from the fourth accelerator 1152d with keys from the second key domain 1148b.
  • the CCE 1160 may then send first and second memory writes encrypted (e.g., the encrypted data of the first and second memory writes) according to one or more encryption keys of the first key domain 1148a, 1176 to the memory controller 1174a.
  • the memory controller 1174a may store the encrypted data of the encrypted first and second memory writes in the memory 1174.
  • the CCE 1160 may then send the third and fourth memory writes encrypted (e.g., the encrypted data of the third and fourth memory writes) according to one or more encryption keys of the second key domain 1148b, 1178 to the memory controller 1174a.
  • the memory controller 1174a may store the encrypted third and fourth memory writes in the memory 1174.
  • the first accelerator 1152a may also issue a data request to the CCE 1160 during operation 1164.
  • the CCE 1160 may serve as an intermediary between the accelerators and the memory 1174, and as such request the data 1182 from the memory controller 1174a on behalf of the first accelerator 1152a and in response to the data request from the first accelerator 1152a .
  • the memory controller 1174a may retrieve the data from the memory 1174 and send the encrypted data in response to the data request 1184.
  • the CCE 1160 may identify that the data is associated with the first trust domain, since the first accelerator 1152a originated the data request and is part of the first trust domain, and decrypt the data based on an encryption key from the first key domain 1148a.
  • the CCE 1160 may include a data structure identifying a key used to encrypt data associated with the write requests.
  • the data structure may be referenced when data is retrieved from the memory 1174 to identify an encryption key that was used to encrypt the data, and decrypt the data based on the encryption key.
  • the CCE 1160 may decrypt the data retrieved from the memory 1174 and send the decrypted data 1186 to the first accelerator 1152a.
  • the architecture 1150 may include a bypass path to prevent penalizing other memory traffic when a CCE 1160 (e.g., TME/MKTME) is not enabled.
  • the CCE 1160 may further decrypt encrypted data from the memory 1174 for the accelerators 1152 based on the lookup table, and an encryption key used to encrypt the data. While the above has been described with respect to accelerators 1152, it is to be noted that the CCE 1160 and/or TEE 850 may operate similarly with other hardware elements, such as CPU 1162, to process encryption of data between different trust domains.
  • the CCE 1160 may be a hardware element that is part of a same system- on-chip (SoC) as the accelerators 1152.
  • SoC system- on-chip
  • the location of the CCE 1160 may be flexible.
  • the CCE 1160 is separate from the accelerators 1152.
  • the CCE 1160 may be a part of one of the accelerators 1152 and the other accelerators of the accelerators 1152 may communicate with the CCE 1160 through secured channels.
  • FIG. 7B illustrates a method 1190 to encrypt data and decrypt data according to various trust domains.
  • the method 1190 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architecture 1150 (FIG. 7A) already discussed. More particularly, the method 1190 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc.
  • configurable logic such as, for example, PLAs, FPGAs, CPLDs
  • fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or
  • Illustrated processing block 1192 partitions keys between trust domains. Illustrated processing block 1194 isolates key accesses between trust domains. Illustrated processing block 1196 receives a data write from a first trust domain of the trust domains. Illustrated processing block 1198 encrypts data associated with the data write with a key that is assigned to the first key domain. For example, the first key domain may be assigned to the first trust domain. Thus, method 1190 may select a key from the first key domain for the data that originates from the first trust domain. Illustrated processing block 800 writes encrypted data to memory. Illustrated processing block 802 receives a data read request from a second trust domain of the trust domains.
  • Illustrated processing block 804 retrieves encrypted data identified by the read request and decrypts the encrypted data according to a key assigned to the second trust domain (different from the key assigned to the first trust domain) and that was used to encrypt the encrypted data.
  • Illustrated processing block 806 sends the decrypted data to the second trust domain.
  • FIG. 7C illustrates a method 810 of a granular encryption scheme that encrypts data from different cores of an accelerator and/or CPU with different keys based on trust domains.
  • the method 810 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architecture 1150 (FIG. 7 A), method 1190 (FIG. 7B) already discussed.
  • the method 810 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc.
  • configurable logic such as, for example, PLAs, FPGAs, CPLDs
  • fixed-functionality logic hardware such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • Illustrated processing block 812 receives a first data access from a first IP from an accelerator.
  • the first data access may be a write operation for first data.
  • Illustrated processing block 814 identifies that the first IP is in the first trust domain.
  • Illustrated processing block 816 encrypts the first data with a key for the first trust domain and stores the encrypted first data.
  • Illustrated processing block 818 receives a second data access from a second IP of the accelerator.
  • the second data access may be a write operation for second data.
  • the first and second IP are on the same accelerator (e.g., a GPU, etc.).
  • Illustrated processing block 820 identifies that the second IP is in a second trust domain.
  • the second trust domain is different from the first trust domain.
  • Illustrated processing block 822 encrypts the second data with second key from the second trust domain and stores the encrypted second data.
  • the above method 810 may be implemented in one or more of the CCE 1160 or TEE 850 (FIG. 7A) to operate in conjunction with a plurality of accelerators each including IP assigned to different trust domains.
  • FIG. 7D illustrates a method 840 of encrypting data from a same accelerator and/or CPU with different keys based on trust domains.
  • the method 840 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architecture 1150 (FIG. 7A), method 1190 (FIG. 7B), method 810 (FIG. 7C) already discussed.
  • the method 840 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • Illustrated processing block 842 identifies data accesses from an accelerator.
  • Illustrated processing block 844 identifies that the accelerator is in a plurality of trust domains.
  • Illustrated processing block 846 identifies a tag associated with the data identifying a first trust domain of the plurality of trust domains.
  • Illustrated processing block 848 encrypts data associated with the data with a key for the first trust domain.
  • the above method 840 may be implemented in one or more of the CCE 1160 or TEE 850 (FIG. 7A) to operate in conjunction with a plurality of accelerators each operating within different trust domains.
  • Some embodiments may relate to a GPU and a CPU sharing data objects, such as HEAP data objects (e.g., a malloc associated object), and cryptographically defining bounds and security enforcement through cryptographic processes. Some embodiments further prevent use after freeing data objects, by binding encoded cryptographic address (e.g., pointer related data) with data encryption at a core and/or execution unit execution pipeline.
  • HEAP data objects e.g., a malloc associated object
  • Some embodiments further prevent use after freeing data objects, by binding encoded cryptographic address (e.g., pointer related data) with data encryption at a core and/or execution unit execution pipeline.
  • Some other implementations may rely on coarse grain security to encrypt just memory (e.g., address space separation such as in processes and/or virtual Machines, TEE) and may not granularly vary encryption based on a per object basis.
  • Other implementations that operate at a finer granularity may be inefficient and introduce excessive metadata.
  • a metadata “wall” may include additional overhead for every granular memory access.
  • a granular encryption process 3100 may mitigate software and/or hardware based vulnerabilities with an encryption scheme that may vary per object while avoiding excessive metadata.
  • some embodiments may employ a two part encryption process to firstly encrypt a virtual address, and then further encrypt data associated with the virtual address based on the encrypted virtual address (e.g., a shared virtual address scheme which permits sharing of objects between CPU and GPU). Doing so may enhance security at a relatively low cost by requiring an actor to have access to the encrypted virtual pointer and the encrypted data in order to successfully access decoded data.
  • the CPU may encrypt data and virtual addresses in a process specific manner.
  • a first process may have data and virtual address encrypted according to a first key
  • a second process may be encrypted according to a second key, etc.
  • the tweaks however may vary as indicated below.
  • a first encrypted virtual address 3138 is provided.
  • a CPU may encrypt a virtual address (e.g., a pointer) according to a key and a tweak based on the virtual address (e.g., fields such as address bits, object characteristics such as size, type, location, ownership, access control, permissions, stack location, data binding, etc.) to generate the first encrypted virtual address 3138.
  • the CPU may share with an authorized actor 3120 (e.g., a GPU) the key and the tweak used to encrypt the virtual address to generate the first encrypted virtual address 3138 or generate an encrypted portion of virtual address 3138.
  • the first encrypted virtual address 3138 may be a ciphertext of the virtual address.
  • the authorized actor 3120 e.g., the GPU
  • the authorized actor 3120 may access the first encrypted virtual address 3138.
  • the authorized actor 3120 may decrypt the address 3116 with a first key so that the first encrypted virtual address 3138 is decrypted into the first address 3102 (e.g., a virtual address).
  • the first address 3102 may point to the first encrypted data 3124.
  • the first encrypted data 3124 may still be encrypted.
  • the authorized actor 3120 may correctly decrypt the first encrypted data 3124 based at least on the first encrypted virtual address 3138, 3110 to generate decrypted data 3108 (e.g., a data object).
  • the first encrypted virtual address 3138 may be used as a tweak and/or a decryption key in the decryption of the first encrypted data 3124.
  • the first encrypted data 3124 may also be decrypted based on the first key and/or the tweak described above to encrypt the first encrypted virtual address 3138.
  • the key used to encrypt the first encrypted data 3124 may be different from the key used to encrypt the first encrypted virtual address 3138.
  • a decryption engine may implement a decryption process based on the key and one or more values of the first encrypted virtual address 3138.
  • a first unauthorized actor 3118 may also decrypt address 3114 into the second address 3104 (e.g., a virtual address). That is, the first unauthorized actor 3118 may incorrectly decrypt the first encrypted virtual address 3138 to the second address 3104 since the first unauthorized actor 3118 is unaware of the key and/or tweak used to encrypt the first encrypted virtual address 3138. That is, the first unauthorized actor 3118 may not have access to the first key to properly decrypt the first encrypted virtual address 3138 to the proper address, which in this example is the first address 3102. Thus, the first unauthorized actor 3118 may decrypt the first virtual address 3138 improperly to the second address 3104, which points to the second encrypted data 3122.
  • the second address 3104 e.g., a virtual address
  • the second address 3104 may point to the second encrypted data 3122.
  • the first unauthorized actor 3118 may incorrectly decrypt the second encrypted data 3122, 3112.
  • the first unauthorized actor 3118 may not have access to the key that was used to encrypt the second encrypted data 3122 and/or a second encrypted virtual address that corresponds to (e.g., points to) the second address 3104.
  • the CPU may have encrypted the second address 3104 to the second encrypted virtual address.
  • One or more values of the second encrypted virtual address may have been used to encrypt the second encrypted data 3122, and may be necessary for proper decryption of the second encrypted data 3122.
  • the first unauthorized actor 3118 may have identified the second address 3104 based on the first encrypted virtual address 3138 and not the second encrypted virtual address, and thus be unable to decrypt the second encrypted data 3122. As such, the first unauthorized actor 3118 may incorrectly decrypt the second encrypted data 3112 to generate inaccurate data 3106, thereby being blocked from identifying useful data through the two-part decryption described above.
  • a second unauthorized actor 3126 may conduct an attack (e.g., a buffer overflow attack) based on the third address 3128, 3130. For example, the second unauthorized actor 3126 may access a third address 3128 and increment the third address 3128 to reach the first address 3102. As discussed, the first address 3102 corresponds to the first encrypted virtual address 3138. The first address 3102 further points to the first encrypted data 3124. Notably, since the second unauthorized actor 3126 is unaware of the first encrypted virtual address 3138, and particularly the relationship between the first encrypted virtual address 3138 and the first address 3102, the second unauthorized actor 3126 may be unable to properly decrypt the first encrypted data 3124.
  • an attack e.g., a buffer overflow attack
  • the first encrypted data 3124 is encrypted according to the one or more values of the first encrypted virtual address 3138. Since the second unauthorized actor 3126 is unaware of the first encrypted virtual address 3138, the second unauthorized actor 3126 conducts a decryption process without the first encrypted virtual address 3138, 3132 and/or the key used to encrypt the first encrypted data 3124. Thus, the second unauthorized actor 3126 may generate inaccurate data 3134. Thus, process 3100 may permit accesses by authorized actor 3120. The first unauthorized actor 3118 and the second unauthorized actor 3126 may be blocked. Notably, process 3100 may execute for each object in a HEAP. Further, while it is described that the CPU encrypts data, some embodiments may include the GPU encrypting data and sharing key with the CPU. Some embodiments may also relate to cryptographic computing (e.g., cryptographic capabilities).
  • cryptographic computing e.g., cryptographic capabilities
  • Some embodiments share cryptographic pointers/data across resources.
  • the illustrated approach uses shared virtual memory (SVM) to have a common addressing model.
  • Pointers linear addresses
  • pointers e.g., virtual addresses
  • pointers are cryptographically encoded and a tweak key is used to decrypt encrypted data.
  • Pointers encode power of two bounds and a version used to encrypt every object uniquely from every other spatially and temporally.
  • Keys may be associated with page tables or contexts for shared virtual memory, such that switching page tables or contexts will also switch the corresponding keys used to encrypt the pointers and data for different contexts or page table mappings.
  • FIG. 7F illustrates a method 3000 of decrypting data with a GPU.
  • the method 3000 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the process 3100 (FIG. 7E) already discussed. More particularly, the method 3000 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc.
  • configurable logic such as, for example, PLAs, FPGAs, CPLDs
  • fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • Illustrated processing block 3002 decrypts an encrypted memory address (e.g., virtual address). The decryption may execute with a tweak of the memory address, and an encryption key.
  • the encrypted memory address may be a pointer, and cryptographically encodes an obj ect size and/or location.
  • a CPU which encrypted the memory address may provide the tweak and the key to the GPU.
  • Illustrated processing block 3004 loads ciphertext from the decrypted memory address.
  • Illustrated processing block 3006 deciphers the ciphertext based on the encrypted memory address.
  • illustrated processing block 3006 further deciphers the ciphertext based on an encryption key with the encrypted memory address service as a tweak (e.g., encrypt the address-based tweak with the key to generate a keystream that is XORed with the ciphertext data for that address to reveal the plaintext data).
  • Illustrated processing block 3008 executes an operation based on the decrypted data.
  • Method 3000 may execute without additional registers and/or cache, additional memory overhead (e.g., tables), and without added additional loads/stores. Method 3000 may further flexibly mitigate evolving threats with little to no performance impact and minimal recoding recompilation. It is worthwhile to note that as more attributes of the virtual address are used as a tweak to encrypt the virtual address (e.g., address bits, object data such as size, type and location, ownership, access control, permissions, etc.), strength of the encryption may increase.
  • FIG. 7G illustrates an encryption and decryption process 3200 that may be implemented with a GPU.
  • Process 3200 may implement aspects of and/or be incorporated into any of the embodiments described herein, including process 3100 (FIG. 7E), and method 3000 (FIG. 7F).
  • a cryptographic address (CA) 3202 is illustrated.
  • the size information 3202a may identify a size of a number of tweak bits that are to be used for decryption.
  • the size information 3202a may indicate the number of bits from the first address bit 3202c and onward (e.g., unshown address bits), that are to be used for the tweak 3214.
  • the tweak 3214 does not include the bits used for pointer arithmetic, which is the N addressing bit 3202n in this example.
  • pointer arithmetic may traverse through the first address bit 3202c-N addressing bit 3202n.
  • the process 3200 may provide a key 3206 (e.g., from a CPU), that was used to encrypt the cryptographic address 3202, to the decryption engine 3210 (e.g., a k-cipher).
  • the process 3200 may also provide the CA 3202, 3208 to the decryption engine 3210.
  • Decryption engine 3210 may output the decryption 3212 as the decrypted linear address 3216.
  • the decrypted linear address 3216 corresponds (e.g., points to) to HEAP object 3218 which is stored in the 128B slot.
  • the process 3200 retrieves the ciphertext 3220 of the HEAP object 3218 and provides the ciphertext to the cryptographic engine 3222.
  • the cryptographic engine 3222 (e.g., Gimli) may receive a tweak 3204, for example a different tweak provided to the decryption engine 3210, to execute decryption of the ciphertext.
  • the tweak may be the entire CA 3202.
  • the cryptographic engine 3222 may also receive a key 3224, for example the same or a different key provided to the decryption engine 3210.
  • the cryptographic engine 3222 may decrypt the ciphertext to generate plaintext data 3226.
  • the GPU may then execute operations with the plaintext data.
  • process 3200 may be executed by a GPU.
  • the GPU may generate the decryption engine (e.g., set up) and the cryptographic engine 3222 in parallel.
  • the cryptographic engine 3222 may be initiated when the CA 3202 is identified to thereby reduce loading and initiation (e.g., configure configurable hardware logic).
  • FIG. 7H illustrates a cryptographic cache with a cryptographic diffusion and confusion 2580 with a comparison to adversary types.
  • Embodiments of FIG. 7H may implement aspects of process 3100 (FIG. 7E), method 3000 (FIG. 7F), and process 3200 (FIG. 7G).
  • FIG. 71 illustrates a sharing cryptographic pointer data and/or across resources diagram 2584.
  • Diagram 2584 may implement aspects of process 3100 (FIG. 7E), method 3000 (FIG. 7F), and process 3200 (FIG. 7G) and cryptographic diffusion and confusion 2580 (FIG. 7H).
  • SVM shared virtual memory
  • Some embodiments also include pointers (e.g., linear addresses) that are then shared between various units such as the CPU, GPU, VPU, etc.
  • Some embodiments further include pointers that are cryptographically encoded and used a tweak key to decrypt encrypted data.
  • some embodiments include pointers that encode power of two bounds and version used to encrypt every object uniquely from every other object both spatially and temporally.
  • a root-of-trust (RoT) in a graphics processing unit (GPU) may include reliable hardware, firmware, and/or software components that execute security functions.
  • the RoT may be inherently trusted, and thus must be secure by design. Therefore, some RoTs are implemented in hardware so that malware cannot tamper with the functions they provide. Thus, RoTs may reliably affirm security boundaries between different tenants. For example, each tenant may verify the security status of a GPU to verily that the GPU is not compromised prior to executing a workload by another tenant and/or a malware.
  • FIG. 8A may illustrate a tenant-based processing environment 700 in which a GPU 736 may execute operations on behalf of a tenant 714. While one tenant 714 is illustrated, it will be understood that the GPU 736 may support multiple tenants concurrently, with each tenant verifying the security of the GPU 736 as outlined below to verify that the GPU 736 is not compromised (e.g., physically modified and/or compromised by another tenant).
  • the GPU 736 may include a plurality of GPU compute engines 702 that include first compute engine-N compute engine 702a-702n. The first compute engine-N compute engine 702a-702n may become attack engines if compromised.
  • the first compute engine-N compute engine 702a-702n, GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 may be designed with a “RoT” hardware for generating attestable identity and boot integrity information (e.g., claims).
  • each of the first compute engine-N compute engine 702a-702n, GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 may have a RoT in hardware or has an isolated execution environment where the environment resources (e.g., compute, memory, storage, I/O, etc.) are partitioned by a RoT such as Trust Domain Extensions, Software Guard Extensions, a hypervisor, a resource manager (e.g., Resource Director Technology (RDT)).
  • a RoT such as Trust Domain Extensions, Software Guard Extensions, a hypervisor, a resource manager (e.g., Resource Director Technology (RDT)).
  • RDT Resource Director Technology
  • Each isolated execution such as the first compute engine-N compute engine 702a-702n, GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 (e.g., various engines), may have firmware that is loaded and may have keys or seeds for generating keys provisioned and where the loading / provisioning of these values may be derived from a primitive hardware RoT.
  • the intermediate layering of first compute engine-N compute engine 702a-702n, GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 may follow the conventions outlined by the DICE layering specification (e.g., a Trusted Computing Group (TCG)).
  • TCG Trusted Computing Group
  • the first compute engine-N compute engine 702a-702n may both attest and verify integrity state of peer engines 748 and other engines of the first compute engine- N compute engine 702a-702n before performing pipelined operations.
  • some embodiments may be augmented with the peer engines 748 that are peer compute engines.
  • the GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 may further attest and verify integrity of each other as will be explained below prior to executing pipelined operations as well.
  • Some embodiments further include peer engines 478.
  • the peer engines 278 may be separated from the GPU 736, but be in communication with the GPU 736 (e.g., on a same SoC or computing device).
  • One such example of the peer engines 748 may include a Smart network interface card (NIC) that is a NIC that offloads processing tasks (e.g., encryption/decryption, firewall, etc.) that the system a central processing unit may normally handle.
  • NIC Smart network interface card
  • Other examples of the peer engines 748 include central processing units, remote nodes, microprocessors, trust domain extensions, and/or Software Guard Extensions.
  • the peer engines 748 may further participate towards both verifying and attesting RoT context for a better confidential and secure computing capability.
  • the GPU 736 may be partitioned into finer granularity “lanes” (e.g., including memory, core/core slice, cache and storage resources).
  • Per slice attestation and identity keys may be derived and/or rolled-back according to an elastic compute paradigm.
  • DICE Device Identifier Composition Engine
  • layering may include fan-out for seeding key derivation functions.
  • attestation and identity key may aid in identifying devices that may be trusted (e.g., uncompromised by physical attacks or otherwise).
  • a GPU RoT 704 may include a RoT attestation environment 704a.
  • the GPU RoT 704 may be resistant to physical attacks. Thus, security may be premised on the GPU RoT 704 having the ability to attest and verify a first target environment 706.
  • the RoT attestation environment 704a may collect claims 716 from the first target environment 706.
  • the RoT attestation environment 704a may measure software and/or physical characteristics of the first target environment 706.
  • the claims of the first target environment 706 may be attestable identity information, such as hardware and/or software measurements of the first target environment 706.
  • the GPU RoT 704 may identify, measure and/or receive hardware and software status of the first target environment 706 and report the measurements as first evidence (e.g., a hash function of the measurements that is signed with a private key and/or a certificate). Doing so may enable remote attestation of supported system events, (e.g., a software chain of trust), but may also support the management of platform-specific configuration and status events such as, for example, platform capabilities, execution modes, and platform security policies.
  • the GPU RoT 704 may further send a key seed and first evidence 718 (e.g., collected claims and/or a signed certificate) of the first target environment 706 to the first target environment 706.
  • the first evidence may include a certificate that is signed by the GPU RoT 704 with a RoT identity key (e.g., private encryption key) to attest to the security of the first target environment 706. That is, the RoT attestation environment 704a may attest to the hardware and/or software for first target environment 706.
  • the key seed may be based on various values associated with the first target environment 706 (e.g., hash values of software and/or hardware measurements) and an input entropy (e.g., unique device secret). For example, the input entropy may be modified based on the hash values. In some embodiments, the key seed may be randomized based on various inputs.
  • the RoT attestation environment 704a further determines the RoT identity key for the RoT attestation environment 704a based on the input entropy but not the various values of the first target environment 706 to ensure that the RoT identity key of the RoT attestation environment 704a is not duplicated on the first target environment 706.
  • the input entropy may be implemented by a physically unclonable fuse that is physically tamper resistant such that if a third-party probes or attempts to read the value in the physically unclonable fuse, the value of the physically unclonable fuse is erased.
  • the GPU RoT 704 would then cease to operate correctly (e.g., fail to properly authenticate and generate keys for signing) to alert tenants that the GPU RoT 704 is compromised.
  • the first target environment 706 may further include a first attestation environment 706a (e.g., a RoT hardware).
  • the first attestation environment 706a may generate a key (e.g., a first identity key that is an encryption key) based on the key seed received from the GPU RoT 704, and collect claims 720 of the second target environment 708 (e.g., a GPU resource manager).
  • the first attestation environment 706a may read a memory of the second target environment 708 to collect the claims 720.
  • the claims may be hardware and/or software measurements of the second target environment 708.
  • the first attestation environment 706a may identify (e.g., read a memory) the claims of the second target environment 708, verify the claims and generate a key seed.
  • the first attestation environment 706a may generate a certificate attesting to the claims of the second target environment 708 that is signed with the first identity key.
  • the first attestation environment 706a may generate second evidence (e.g., a hash function of the measurements that is signed with first identity key and/or a certificate).
  • Second evidence may include the certificate generated by the first attestation environment 706a and/or a hash of the claims of the second target environment 708.
  • the first attestation environment 706a may send the key seed and the first and second evidence 722 to the second target environment 708.
  • the second evidence may include a hash of the measurements associated with the second target environment 708 and/or a certificate that is signed by the first attestation environment 704a with the first identity key to attest to the security of the second target environment 708.
  • the first attestation environment 706a may generate the key seed based on an entropy source (e.g., a composite device identifier (CDI) function that corresponds to a set of data used to identify the software running on a system that was used to generate this data) and various values associated with the second target environment 708 (e.g., hash values of software and/or hardware measurements) to randomize the key seed.
  • an entropy source e.g., a composite device identifier (CDI) function that corresponds to a set of data used to identify the software running on a system that was used to generate this data
  • various values associated with the second target environment 708 e.g., hash values of software and/or hardware measurements
  • a cryptographic digest of the associated software/ firmware may be used as a class identifier (e.g., CDI) of the targeted environment.
  • the composite device identifier function may generate a value based on the key seed from the RoT attestation environment 704a, and the value may be used to generate the key seed for the second target environment 708 along with the various values associated with the second target environment 708.
  • the key seed may be the output of a one-way function (e.g., hash) that combines a digest of the firmware, firmware initialization values, an entropy source (e.g., CDI), and key disambiguation values.
  • the seed may be used to generate asymmetric or symmetric keys.
  • the key seed from the RoT attestation environment 704a may be used to generate the first identity key for the first attestation environment 706a and the key seed for a second attestation environment 708a.
  • the key seed generated by the first attestation environment 706a may be unique and different from the key seed generated by the RoT attestation environment 704a to ensure that RoT and first identity keys are unclonable.
  • the second target environment 708 may include the second attestation environment 708b (e.g., a RoT hardware).
  • the second attestation environment 708a may collect claims (e.g., hardware and/or software measurements) of a third target environment 712 (e.g., a GPU compute engine manager).
  • the second attestation environment 708b may generate a key (e.g., a second identity key that is an encryption key) based on the key seed received from the first attestation environment 706a.
  • the second attestation environment 708a may read a memory of the third target environment 712.
  • the claims may be hardware and/or software measurements of the third target environment 712.
  • the second attestation environment 708a may receive (e.g., read a memory) the claims of the third target environment 712, verify the claims and generate a key seed.
  • the second atestation environment 708a may generate a certificate attesting to the claims of the third target environment that is signed with the second identity key.
  • the second atestation environment 708a may generate third evidence (e.g., a hash function of the measurements that is signed with the second identity key and/or a certificate).
  • the third evidence may include the certificate generated by the second attestation environment 708a and/or a hash of the claims of the third target environment 712.
  • the second atestation environment 708a may send the key seed and the first, second and third evidence 726 to the third target environment 708.
  • the third evidence may include a hash of the measurements associated with the third target environment 712 and/or a certificate that is signed by second atestation environment 708a with second identity key to atest to the security of the third target environment 712.
  • the second atestation environment 708a may generate the key seed based on an entropy source (e.g., a composite device identifier function that corresponds to a set of data used to identify the software running on a system that was used to generate this data) and various values associated with the third target environment 712 (e.g., hash values of software and/or hardware measurements) to randomize the key seed.
  • an entropy source e.g., a composite device identifier function that corresponds to a set of data used to identify the software running on a system that was used to generate this data
  • various values associated with the third target environment 712 e.g., hash values of software and/or hardware measurements
  • the composite device identifier function may generate a value (also known as the CDI) based on the key seed from the first attestation environment 706a, and the value may be used to generate the key seed for the third target environment 712 in conjunction with the various values of the third target environment 712.
  • the key seed from the first attestation environment 706a may be used to generate the second identity key for the second atestation environment 708a, and the key seed for a third attestation environment 712b.
  • the key seed generated by the second attestation environment 708a may be unique and different from the key seed generated by the RoT attestation environment 704a and the first atestation environment 706a to ensure that the RoT, first and second identity keys are unclonable.
  • the first target environment 706 creates the CDI for the 2nd target environment 708 and so forth - in a layering model.
  • the first target environment 706 creates CDI values for a number of different environment (e.g., the 2nd through n-th environments).
  • the first target environment 706 may add disambiguation values to the CDI for each different environment, such as hashing the position (2
  • the first target environment 706 may manage multiple UDS (unique device secret) values for each composited environment for added security.
  • the third target environment 712 may further include the third attestation environment 712b (e.g., a RoT hardware).
  • the third attestation environment 712b may generate a key (e.g., a third identity key that is an encryption key) based on the key seed received from the second attestation environment 708a.
  • the third attestation environment 712b may accumulate the first, second and third evidence, and evidence generated for the first-N compute engines 702a-702n.
  • the third attestation environment 712b may provide the accumulated certificates to requesting parties, such as the tenant 714, to verify the security of the GPU 736.
  • the third target environment 712 may include an attestation and key manager 712a that sends different key seeds to the first-N compute engines 702a-702n.
  • the attestation and key manager 712a may send a first key seed 728 to the first compute engine 702a.
  • the first compute engine 702a may generate a unique key (e.g., identity key) for communication with the tenant 714 based on the first key seed.
  • the attestation and key manager 712a may collect first compute engine 702a claims 734 (e.g., software and/or hardware measurements) as already described to generate evidence for the first compute engine 702a.
  • the attestation and key manager 712a may read memory of the first compute engine 702a to collect the claims.
  • the evidence for the first compute engine 702a may be a hash function of the measurements that is signed with the third identity key and/or a certificate generated by the attestation and key manager 712a.
  • the evidence may include the certificate generated by the attestation and key manager 712a and/or a hash of the claims of the first compute engine 702a.
  • the evidence may include a hash of the measurements associated with the first compute engine 702a and/or a certificate that is signed by the attestation and key manager 712a with the third identity key to attest to the security of the first compute engine 702a.
  • the attestation and key manager 712a may send a second key seed 730 to the second compute engine 702b.
  • the second compute engine 702b may generate a unique key (e.g., an identity key) for communication with the tenant 714 based on the second key seed.
  • the attestation and key manager 712a may collect second compute engine 702b claims 736 (e.g., software and/or hardware measurements) to generate evidence and similarly to as described herein.
  • the attestation and key manager 712a may continue similar to the above with each compute engine 702a-702n until the N compute engine is reached.
  • the attestation and key manager 712a may send an N key seed 732 to the N compute engine 702n.
  • the N compute engine 702n may generate a unique key for communication with the tenant 714 based on the N key seed.
  • the attestation and key manager 712a may collect N compute engine 702n claims 738 (e.g., software and/or hardware measurements) to generate evidence and similarly to as described herein.
  • Each of the first-N key seeds is unique (having been augmented with a disambiguation value for each tenant environment instance), establishing unique identity keys for the environment. Additional keys may be derived from the specific environment of the GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 (e.g., to support communication).
  • each of the first-N compute engines 702a-702n may have generated a different encryption key (e.g., a key used for encryption and for identity verification) for communication with the tenant 714.
  • the tenant 714 may bypass interactions with the compromised compute engine.
  • the compromised compute engine may be unable to spoof of mimic other compute engines of the first-N compute engines 702a-702n since the compromised compute engine cannot recreate the unique encryption keys used by the other compute engines. That is, the compromised compute engine cannot encrypt and/or sign messages according to another compute engines unique encryption key to prevent the one compute engine from mimicking messages from the another encryption engine without also knowing the unique device secret (UDS) and other disambiguation values. Furthermore, the one compute engine cannot decrypt messages intended for another compute engine since the unique encryption key (which is used for decryption) is unknown to the one compute engine)
  • the attestation and key manager 712a may generate evidence (e.g., hashes of the software and hardware measurements) and sign the evidence with a certificate.
  • the attestation and key manager 712a may send the evidence 724 to the third attestation environment 712b (e.g., a RoT hardware).
  • the tenant 714 may verily security of the GPU 736 by reviewing the signed certificates and evidence. If a compute engine of the first-N compute engine 702N is identified as being compromised the compute engine may be locked out of workloads by the tenant 714 by avoiding using an encryption key associated with the compromised compute engine. The tenant 714 may then execute a workload on the secure GPU 736.
  • some embodiments implement the plurality of compute engines 706 bootstrap with attestable identities and key generation seeds at a tenant-specific granularity (e.g., each tenant can specific different key seeds).
  • Each compute engine of the compute engines 706 may derive additional keys (e.g., per-tenant slice if a resource manager requires finer grained resource partitioning).
  • additional keys e.g., per-tenant slice if a resource manager requires finer grained resource partitioning.
  • different slice/engine contexts may elastically disappear or reappear. Attestation and key seed contexts may be re-created as needed to support elasticity.
  • the GPU 736 including the compute engines 702, may conduct an attestation process as described above for each tenant that begins to execute on the GPU 736.
  • an example device architecture 758 e.g., GPU
  • GPU e.g., GPU
  • OPF one-way function
  • RoT 750 has a first function 750b (e.g., a OWF) that accepts as input entropy a UDS 750c (unique device secret) and one or more values from zero layer 752 (e.g., a GPU firmware boot).
  • the values may be identified by the first Trusted Component Identity (TCI) 750a and may be context information.
  • TCI Trusted Component Identity
  • the values may be hashed.
  • the output of the first function 750b may be a key seed for the zero layer 752.
  • the output of the first function 750b may be provided to a first composite device identifier 752c that receives the output (e.g., a key seed), and may modify the output
  • a first TCI 752a may identify values of a first layer 754 (e.g., GPU resource manager) and may be context information. The values may be hashed.
  • a first function 752b may receive the outputs of the first CDI 752c and the first TCI 752a and provide a key seed to the first layer 754.
  • the first layer 754-N layer 756 e.g., GPU compute engines/lanes
  • each of RoT 750 and the zero-N layers 752-756 may persist rather than being tom down or deactivated during various boot processes, power ups or context switches. Additionally, the RoT 750 and the zero-N layers 752-756 may be isolated from each other to the point where data (e.g., encryption keys and seeds) are securely maintained and not comprised by unauthorized elements of the RoT 750 and the zero-N layers 752-756.
  • data e.g., encryption keys and seeds
  • process 760 illustrates securing trust through interactions between a tenant 762 and a compute engine El 764.
  • compute engines and/or lanes such as the compute engine El 764, attest to hosting environment security 766 properties and may also supply an engine-specific or lanespecific key wrapping key.
  • the wrapping may be generated based on an encryption seed derived from a Unique Device Secret (UDS) or a Compound Device Identifier (CDI) that contains entropy derived from a UDS value and data from another layer.
  • the wrapping key may be an identity encryption key as described herein.
  • the compute engine El 764 and any other compute engine in the lane associated with the tenant T1 762 may provision a tenant-specific key-encryption-key (KEK) 768.
  • the compute engine El 764 may also verily attestation of tenant T1 762 to ensure that the compute engine El 764 to enforce security and reduce tampering of the compute engine El 764 by malicious actors.
  • Tenant T1 762 generates content keys, context encryption keys, encrypted content and/or context, then wraps at least the content encryption key with the KEK for use by the compute engine El 764.
  • the compute engine El 764 may provision the tenant T1 data and context 772. In some embodiments, the compute engine El 764 may decrypt the encrypted content encryption key with the KEK to decipher the data provided by the tenant T1 762.
  • some computer engine environments are elastically formed from a hardware RoT (e.g., UDS/PUFs) where each CE may be specialized according to hosting requirements, Al model provisioning, etc., or may be clones (but distinguishable by instance).
  • a hardware RoT e.g., UDS/PUFs
  • each CE may be specialized according to hosting requirements, Al model provisioning, etc., or may be clones (but distinguishable by instance).
  • Compute engines including the compute engine El 764, may have compute engine-specific identities and keys that attest to security properties and other capabilities to tenants, such as tenant T1 762, or other peers interacting with GPU. In such a case, the peer verifies that the compute engine El 764 and/or lane environment is suitable for the tenant T1 762 workload/application.
  • the compute engine El 764 may request tenant T1 762 to attest to ensure tenant identity and context meet minimum security requirements and to establish tenant endpoint context.
  • the compute engine El 764 provisions the KEK (e.g., RSA public key) for the tenant T1 762 to wrap its context and/or content.
  • the KEK may be provisioned (e.g., transmitted to) the compute engine El 764 after the tenant T1 762 verifies the evidence that the compute engine El 764 is secure (e.g., reviews attestation data).
  • the tenant T1 762 provisions tenant data, Al models and workload execution code/context securely using tenant-specific encryption key(s).
  • the compute engine El 764 unwraps the key and decrypts the context/content to perform the application/ workload.
  • FIG. 8D illustrates a method 780 to securely attest to elements of a graphics processor (e.g., GPU).
  • the method 780 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the environment 700 (FIG. 8A), example device 752 (FIG. 8B) and process 760 (FIG. 8C) already discussed.
  • the method 1010 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc.
  • configurable logic such as, for example, PLAs, FPGAs, CPLDs
  • fixed-functionality logic hardware such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • Illustrated processing block 782 transmits, with a first target environment of a plurality of target environments, first key seeds to compute engines of a graphics processor.
  • Illustrated processing block 784 collects claims, with the first target environment, from the compute engines to generate evidence.
  • Illustrated processing block 786 generates, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.
  • the plurality of target environments may be part of the graphics processor.
  • method 780 further includes transmitting, with the plurality of target environments, second key seeds to each other. In some embodiments, method 780 further includes generating, with the plurality of target environments, unique identity keys based on the second key seeds. In some embodiments, method 780 further includes collect, with the plurality of target environments, claims of the plurality of target environments, and generating evidence for attestation based on the claims of the plurality of target environments. In some embodiments, method 780 generates, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments. In some embodiments, method 780 further collects claims, with the RoT hardware, from the second target environment, and generating, with the RoT hardware, evidence based on the claims collected from the second target environment.
  • Embodiments as described herein relate to isolation and preservation of confidential data between different systems on a security enhanced computing architecture 900.
  • the computing architecture 900 includes a trusted execution environment 932, a virtual machine manager (VMM) 1008 (e.g., a hypervisor), a host operating system (OS) 926 and confidential guest OS 902.
  • VMM virtual machine manager
  • OS host operating system
  • SIM confidential guest OS
  • the VMM 1008 has the ability to create domains, such as the confidential guest OS 902 or other virtual machines, that are sufficiently isolated, permitting computations that are confidential with respect to all other domains on the architecture.
  • data of the confidential guest OS 902 e.g., a virtual machine
  • the host OS 926 e.g., an ‘open’ domain in client platforms.
  • Such data isolation may be readily enforced as long as the data remains under the control of the confidential guest OS 902. In some cases, however, the data may need to be transferred to the host OS 926 to be under the control of the host OS 926.
  • the host OS 926 may control an underlying hardware of the computing architecture 900, such as display 948 and/or a GPU (e.g., graphics processor).
  • the host OS 926 may include software that interacts with underlying hardware of the architecture 900.
  • the host OS 926 may operate as a medium between the confidential guest OS 902 and the hardware to execute actions (e.g., input/output actions) on behalf of the confidential guest OS 902. In doing so, malicious actors on the host OS 926 may attempt to access the data of the confidential guest OS 902. In order to mitigate such unauthorized accesses, some embodiments as described herein encrypt the data of the confidential guest OS 902 to prevent software of the host OS 926 from accessing and decrypting the data.
  • Secured, hardware elements e.g., a GPU
  • Secured, hardware elements may be able to decrypt and manipulate the data, while preventing malicious software from accessing the data.
  • some embodiments may preserve data confidentiality of the confidential guest OS 902 across software boundaries by only permitting a limited number of hardwarebased elements to access and decrypt the data.
  • the confidential guest OS 902 and the host OS 926 may communicate through a proxy application 928 in order to present visual information (e.g., output, dialog boxes, etc.) to a user of the architecture.
  • the output from the confidential guest OS 902 may traverse through the host OS 926. Doing so may include sharing output buffers with the host OS 926. While some implementations may attempt to make data un-scrapable to prevent other processes in the Host OS 926 from copying the contents, such security measures detrimentally may rely on an uncompromised software execution on the host OS 926 and/or the VMM 1008.
  • some embodiments may augment security through an enhanced communication and encryption process that leverages secure hardware-based elements to handle unencrypted data and encrypt the data.
  • some embodiments may leverage graphics hardware to implement a robust and well-developed mechanism for the handling and display of digital video content while preventing interception and/or inspection of data of the content software of the host OS 926 and/or other malicious software.
  • the host OS 926 may include a Protected Audio/Visual Path (PAVP) session 930 that may securely protect encrypted content while in-rest in buffers.
  • the PAVP session 930 may employ inline encryption engines to ensure that protected data is encrypted whenever it is at rest in system memory and/or in transit within the system busses.
  • Data may be encrypted with a first encryption key (e.g., “session” key), passed through various portions of the host OS 926, decrypted and then encrypted again with a second encryption key (e.g., a display key) different from the first encryption key.
  • a first encryption key e.g., “session” key
  • a second encryption key e.g., a display key
  • the confidential guest OS 902 may be a producer of confidential information to be output.
  • Architecture 900 may include a software-based security implementation in which the confidential guest OS 902 may bypass leveraging a GPU (e.g., graphics hardware) to encrypt data (e.g., may not have direct access to a GPU).
  • a hardwarebased composition engine 934 e.g., GPU
  • GPU may however be able to at least decrypt and composite the data as will be explained below.
  • the confidential guest OS 902 may be considered isolated from other VMs (not illustrated) and the Host OS 926.
  • the other VMs may interact with the VMM 1008 and/or host OS 926.
  • the confidential guest OS 902 may seek to enforce data isolation principles (e.g., prevent software access) from the other VMs, host OS 926 and/or VMM 1008.
  • a guest certificate 922 may be pre-provisioned, for example when the architecture 900 is manufactured, installed and/or initialized, into the confidential guest OS 902 and the Trusted Execution Environment (TEE) 932 (e.g., a secure area of a main processor, hardware security module (HSM), secure execution environment, Dynamic Application Loader (DAL), trust domain extensions (TDX), etc.).
  • TEE Trusted Execution Environment
  • the confidential guest OS 902 and the TEE 932 establish a secure session 938 by proving authenticity to each other using the guest certificate 922.
  • the design of the system is agnostic of the choice of secure session protocol.
  • the confidential guest OS 902 and TEE 932 generates a session key (e.g., an encryption key such as a symmetric session key) and TEE 932 transmits the key to a hardware element, such as a GPU.
  • a session key e.g., an encryption key such as a symmetric session key
  • TEE 932 transmits the key to a hardware element, such as a GPU.
  • the session key is used in the encryption engine 910.
  • the session key will be used for encryption as explained below.
  • the confidential guest OS 902 may thus utilize a content encryption key (e.g., the session key) provided by a confidential application and/or vendor.
  • the confidential application 904 of the confidential guest OS 902 may generate data 1040.
  • a render engine 906 may generate render data 918 (e.g., image data, and/or related to software rendering and/or rasterization) based on the generated data of the confidential application 904.
  • the confidential buffer 908 may not be encrypted at this point so that the render data is unencrypted.
  • the confidential application 904 may issue an instruction for encryption according to the session key 914 to the encryption engine 910.
  • the session key is stored in the encryption engine 910.
  • the encryption engine 910 encrypts confidential buffer 908, 920, and more particularly encrypts the render data stored in the confidential buffer 908 according to the session key (i.e., with a Widevine encryption scheme as one possible embodiment), and stores the data in the encrypted confidential buffer 912.
  • the confidential buffer 908 and the encrypted confidential buffer 912 may be the same buffer in some embodiments, with the distinction being that the encrypted confidential buffer 912 stores the encrypted render data while the confidential buffer 908 stores the unencrypted render data.
  • the confidential guest operating system 902 may then pass the message 924 to the proxy application 928.
  • the message may include the encrypted confidential buffer 912 (or a pointer thereto) and a request to render the encrypted render data.
  • the proxy application 928 passes the message 916 to the PAVP session 930.
  • the PAVP session 930 passes the message 936 to the hardware-based composition engine 934.
  • the hardware-based composition engine 934 may be a hardware element (e.g., host processor, GPU, accelerator, vision processing unit, etc.) to enhance security. It is to be noted that prior to this point, the confidential guest OS 902 has only provided encrypted render data to the host OS 926 to reduce malicious actors from accessing the data.
  • the hardware-based composition engine 934 may be under the control/receive commands from the host OS 926, but software of the host OS 926 does not have direct access to the data locations of the hardware-based composition engine 934, thus making tampering and/or reading attacks of the render data more difficult. Thus, the hardwarebased composition engine 934 may be less prone to malicious attacks due to the hardware-based composition engine 934 being implemented in a hardware structure.
  • the composition engine 934 may be a GPU.
  • An application 940 of the host OS 926 may pass application data 942 to be rendered to the hardware-based composition engine 934.
  • the application data may be displayed in conjunction (e.g., simultaneously) with the confidential data.
  • the hardware-based composition engine 934 may have received a copy of the session key (or another decryption key) from the TEE 932 to decrypt the encrypted render data into clear text.
  • the composition engine 934 may composite the unencrypted render data and the unencrypted application data together to generate composited render and application data.
  • the hardware-based composition engine 934 may encrypt the composited render data and the application data together according to a display key (e.g., a second key), that is different from the session key (e.g., a first key), to generate encrypted composited data.
  • the hardware-based composition engine 934 may then store the encrypted composited data in an encrypted display buffer 944, which may be external to the hardware-based composition engine 934.
  • the hardware-based composition engine 934 may store only encrypted data (e.g., encrypted versions of the render data) outside the hardware-based composition engine 934, while all unencrypted data operations execute internally within the hardware-based composition engine 934.
  • the hardware-based composition engine 934 may decrypt and display data 944.
  • the hardware-based composition engine decrypt the encrypted composited data and may present the decrypted composited data on display 948.
  • Display 948 may show application graphical user interface (GUI), which is based on the application data of the host operating system 926, and the guest GUI, which is based on the render data generated by the confidential guest operating system 902.
  • GUI application graphical user interface
  • the plaintext of the render data is not directly accessible outside of the GPU hardware pipeline to remain in a protected state from malicious software that may be on the host OS 926.
  • some embodiments may facilitate a security enhanced communication process. Further, some embodiments may leverage hardware elements to enhance security.
  • TEE 932 maintains confidentiality of data.
  • the plaintext of the render data will only be available to the confidential guest OS 902 and while protected in the GPU hardware pipeline.
  • Some embodiments may be modified to apply to encrypted content that may be streamed across network connections from a remote source.
  • the remote source may execute a process similar to the confidential guest OS 902 while a display device may execute a process similar to the host OS 926.
  • the Host OS 926 may be able to handle confidential VM output (e.g., the render data) in a flexible manner to display the render data in context of other visual output from the host OS 926 while robustly protecting the integrity of the data from potential hostile code in the Host OS 926.
  • confidential VM output e.g., the render data
  • the content of Guest OS 902 (e.g., a virtual machine) is isolated in output buffers from the host OS 926 visibility (e.g., prevent screen scraping of content).
  • the confidential guest OS 902 may utilize software and/or hardware rendering (i.e., through Peripheral Component Interconnect (PCI) device assignment, single root input/output virtualization (SR-IOV), or CPU-based render such as Windows Advanced Rasterization Platform (WARP)) and subsequently encrypt the buffers to prevent the Host OS 926 from having access to the screen or render data itself.
  • PCI Peripheral Component Interconnect
  • SR-IOV single root input/output virtualization
  • WARP Windows Advanced Rasterization Platform
  • the VMM 1008 may operate similarly to the host OS 926 to interact with hardware on behalf of the confidential guest OS 902.
  • the confidential guest OS 902 may encrypt and transfer data to the VMM 1008 similarly to as described herein, and a GPU associated with the VMM 1008 may decrypt, composite, encrypt the composited data, and decrypt the composited data for display.
  • FIG. 9B illustrates a hardware accelerated confidential display computing architecture 960.
  • a confidential guest OS 962 may have access to hardware element (e.g., a GPU such as a graphics processor, and/or a processing unit) to encrypt data, rather than relying on software mechanisms to do so.
  • the confidential guest OS 962 has access to the services of the GPU (e.g., via SR-IOV). As such, the confidential guest OS 962 may employ the services of the GPU to render and/or rasterize and execute encryptions.
  • a confidential application 964 may generate data 966.
  • a hardware render engine 968 (e.g., a component of the GPU) may generate render data 970 based on the received data, and store the render data into confidential buffer 972.
  • the confidential guest OS 962 causes (e.g., passes an instruction to command an encryption operation) the GPU encryption engine 974 (e.g., a hardware element of the GPU) to encrypt the confidential buffer 972, 976 (e.g., execute a PAVP encryption process) to generate the encrypted confidential buffer 978.
  • the encrypted confidential buffer 978 may contain the render data in an encrypted form.
  • the GPU may encrypt the render data according to a first encryption key.
  • the GPU may be responsible for decryption of the render data at a later time, and thus maintain the first encryption key in a secure storage location on the GPU (e.g., a register) to bypass storage of the first encryption key outside the GPU.
  • the confidential buffer 972 and encrypted confidential buffer 978 may be the same buffer, but the confidential buffer 972 may store unencrypted render data while the encrypted confidential buffer 978 may store encrypted render data.
  • the confidential guest OS 962 may access the GPU via a PAVP session to encrypt confidential buffer 972 and generate encrypted confidential buffer 978. In doing so, the render data is encrypted and stored in the encrypted confidential buffer 978 to protect the render data before sharing the render data with the Host OS 982.
  • the confidential guest operating system 962 may use a privileged application programming interface (API) to communicate directly with the GPU.
  • the API may not route through the Host OS 982 or VMM 1006 to be contained and controlled by the confidential guest OS 962, and to allocate encrypted buffer space not controlled by any other guest or VM.
  • the confidential guest OS 962 may pass message 980 to the proxy application 984.
  • the message may include the encrypted confidential buffer 978 and/or a location of the encrypted confidential buffer 978 (e.g., a pointer).
  • the message may further include an instruction to display the render data.
  • the proxy application 984 passes the message 986 to a PAVP session 990.
  • the PAVP session 990 passes the message 988 to composition engine 996.
  • An application 992 of the host OS 982 may pass application data 994 (e.g., data to be displayed) to a hardware-based composition engine 996.
  • the application data may be displayed in conjunction (e.g., simultaneously) with the non-confidential data.
  • the hardware-based composition engine 996 may decrypt the encrypted render data into clear text.
  • the hardware-based composition engine 996 may be part of the GPU, and thus already have access to the first encryption key to execute decryption as discussed above.
  • the hardware-based composition engine 996 may composite the unencrypted render data and the unencrypted application data together.
  • the hardware-based composition engine 996 may encrypt the composited render data and the application data together according to a second encryption key, that is different from the first encryption key, to generate encrypted data.
  • the composition engine 996 may then store the encrypted data 998 (e.g., a ciphertext of the render and application data) in an encrypted display buffer 1000.
  • the hardware-based composition engine 996 may decrypt the data and display the data 1002 on display 1004.
  • Display 1004 may show application graphical user interface (GUI), which is based on the application data of the host operating system 982, and the guest GUI, which is based on the render data generated by the confidential guest OS 962.
  • GUI application graphical user interface
  • the plaintext of the render data is not directly accessible outside of the graphics processor hardware pipeline to remain in a protected state from malicious software that may be on the host OS 982.
  • some embodiments may facilitate a security enhanced communication process. Further, some embodiments may leverage hardware elements to enhance security.
  • the plaintext of the render data will only be available to the confidential guest OS 962 and while protected in the graphics processor hardware pipeline.
  • Some embodiments may be modified to apply to encrypted content that may be streamed across network connections from a remote source.
  • the remote source may execute a process similar to the confidential guest OS 962 while a display device may execute a process similar to the host OS 982.
  • the VMM 1006 may operate similarly to the host OS 962 to interact with hardware on behalf of the confidential guest OS 962.
  • the confidential guest OS 962 may encrypt and transfer data to the VMM 1006 similarly to as described herein, and a graphics processor associated with the VMM 1006 may decrypt, composite, encrypt the composited data, and decrypt the composited data for display.
  • FIG. 9C illustrates a method 1010 to securely transfer data from a guest OS (e.g., a virtual machine) that is to be rendered to a host OS for display.
  • the method 690 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architectures 900 and 960 (FIGS. 9 A and 9B) already discussed.
  • the method 1010 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc.
  • configurable logic such as, for example, PLAs, FPGAs, CPLDs
  • fixed-functionality logic hardware such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • Illustrated processing block 1012 generates guest data by a guest OS (e.g., a virtual machine).
  • Illustrated processing block 1014 encrypts the guest data on the guest OS side with a first encryption key (e.g., either on a GPU or with a session key from a TTE described above).
  • Illustrated processing block 1016 transfers encrypted data via a PAVP of a host OS side.
  • Illustrated processing block 1018 decrypts, with a GPU, the guest data with the first encryption key to generate clear text that may be interleaved and/or composite with other data.
  • Illustrated processing block 1020 combines (e.g., combines and/or interleaves), with the GPU, the guest data with host data (e.g., application data) generated on the host side.
  • host data e.g., application data
  • Illustrated processing block 1022 encrypts the combined guest and host data with a second encryption key.
  • the second encryption key may be different from the first encryption key.
  • Illustrated processing block 1024 stores the encrypted combined guest and host data to a display buffer.
  • illustrated processing block 1026 decrypts the encrypted combined guest and host data with the second key to generate clear text that may be in a display able format.
  • Illustrated processing block 1028 displays the decrypted combined guest and host data.
  • some embodiments may permit only the guest OS side and the GPU to view clear test data. Doing so may enhance security and prevent access (e.g., scraping) by malicious actors.
  • FIG. 9D illustrates a method 1030 to securely handle data.
  • the method 1030 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architectures 900 and 960 (FIGS. 9 A and 9B) and the method 1010 already discussed. More particularly, the method 1010 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.
  • a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc.
  • configurable logic such as, for example, PLAs, FPGAs, CPLDs
  • fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology,
  • Illustrated processing block 1032 generates, with a virtual machine, confidential data to be rendered.
  • Illustrated processing block 1034 encrypts, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data.
  • Illustrated processing block 1036 stores the encrypted confidential data in a first buffer.
  • Illustrated processing block 1038 decrypts, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.
  • the method 1030 conducts a verification process with a trusted execution environment to prove an identity of the virtual machine, and receives, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receive, with the graphics processor, the session key from the trusted execution environment.
  • the session key is to be a private symmetric digital rights management (DRM) session key.
  • DRM digital rights management
  • the graphics processor generates the first key.
  • the method 1030 includes compositing the decrypted confidential data with application data to generate composited confidential and application data.
  • the application data is associated with one or more application executing on a host operating system.
  • the method 1030 encrypts the composited confidential and application data according to a second key to generate encrypted composited confidential and application data, wherein the second key is to be different from the first key, and stores the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer.
  • method 1030 in response to an identification that the encrypted composited confidential and application data will be displayed, decrypts the encrypted composited confidential and application data according to the second key.
  • a memory manager may page out data from a low latency storage (e.g., memory) to a high latency storage (e.g., mass storage device).
  • a virtual table may maintain a list of the virtual addresses and corresponding locations in the physical memory (e.g., map of virtual addresses to physical locations) to enable the paging operations.
  • an encryption mode may be an Advanced Encryption Standard (AES) cipher (e.g., XEX-based tweaked-codebook mode with ciphertext stealing (XTS)) based on hostphysical address (HP A).
  • AES Advanced Encryption Standard
  • XTS XEX-based tweaked-codebook mode with ciphertext stealing
  • HP A hostphysical address
  • the AES-XTS -HPA domain encryption may be able to enhance some operations by providing a layer of security.
  • the pages that are encrypted according to the AES-XTS -HPA may need to be “pinned” for a lifetime of the pages so that the pages cannot be paged out.
  • AES-XTS-HPA is reliant on the physical address associated with data for encryption and decryption, and thus data must remain in the same physical address after encryption otherwise the data may not be decrypted properly.
  • Operating systems lack the ability to guarantee that data, which is paged out from a first physical address, will be assuredly paged back into the first physical address, thus resulting in changes to memory locations, particularly when a CPU is not within the TCB (e.g., software running on the CPU such as OS/VMM may not be secure; the CPU hardware is in the TCB and a trusted application offloading computation to GPU running on the CPU is also in the TCB).
  • memory may be consumed by AES-XTS -HPA pages that are unable to be paged out resulting in inefficient memory usage, higher latency operations, particularly with memory intensive operations, and resulting in fairness inequities among different applications.
  • some GPU allocated buffers store data that is in an encrypted form using the HPA for a tweak in local memory and/or system memory to address potential threats.
  • a central processing unit CPU
  • the GPU may encrypt the buffers for security and to reduce unauthorized accesses by other elements, such as the CPU.
  • Such encrypted buffers may have to be pinned for a lifetime with the AES-XTS-HPA encryption. As noted, doing so, results in paging operations on these buffers being unsupported. For example, if the encrypted data is paged out from a first memory location and then paged in again into a second memory location, the GPU may be unable to decrypt the data since the data has been moved.
  • the data is encrypted according to a tweak based on the first memory location.
  • the data is decrypted with a tweak based on the second memory location, which results in an unusable output since the data was not encrypted according to the second memory location.
  • some embodiments use a GPU direct memory access (DMA) engine to perform the paging operation using a specific paging key and convert the buffer from a first encryption scheme that is based on HPA tweaks (e.g., AES-XTS-HPA) based domain to an HPA-agnostic encryption domain (e.g., authenticated encryption with associated data (AEAD) mode of encry ption/ integrity and/or GCM, CCM, Chacha-Poly).
  • HPA tweaks e.g., AES-XTS-HPA
  • HPA-agnostic encryption domain e.g., authenticated encryption with associated data (AEAD) mode of encry ption/ integrity and/or GCM, CCM, Chacha-Poly.
  • An AEAD may be based on an authenticated encryption that allows a recipient to check the integrity of both the encrypted and unencrypted information in a message.
  • an AEAD scheme may bind associated data (AD) to the ciphertext and to the context. Doing so, may detect manipulation of data into different contexts.
  • AD associated data
  • the first buffer 1058 may be a local storage of the GPU.
  • the GPU may then map the first encrypted data 1052 to an HPA agnostic scheme, and generate identification data 1078, 1060.
  • the HPA agnostic scheme may be an AEAD encryption scheme.
  • the data may be converted from the host physical address based encryption domain 1054 to the host physical address agnostic encryption domain 1062 to generate second encrypted data 1064 and the identification data 1078.
  • identification data 1078 may be generated.
  • the identification data 1078 may be a page (e.g., a message authentication code (MAC) page) in protected memory 1056 that includes specific data (e.g., a checksum, and/or MAC value) associated with the second encrypted data 1064 to verily the second encrypted data 1064.
  • the identification data 1078 may be stored in a protected memory 1056 (e.g., a stolen memory) that is inaccessible by other components, such as the CPU or host processor so that the other elements cannot read the identification data 1078 from the protected memory 1056.
  • a value of a global counter may be stored in association with the root MAC page in the protected memory 1056.
  • the global counter may be incremented every time a paging operation (e.g., page out) is invoked.
  • the value of the global counter may be used for encryption and to identify the values associated with the second encrypted data 1064. Thus, the value may be referenced to identify MAC values associated with the second encrypted data 1064.
  • the global counter survives all power states of the GPU where sessions continue to remain alive. Additionally, the GPU stores the global counter (e.g., 64 Bits) as part of the identification data 1078. The global counter may be reset when the GPU gets reset in entirety.
  • the global counter may be used as a reference to identify appropriate MAC pages.
  • the MAC page in the protected memory 1056 includes the value of the global counter, 254 128 bit MAC values associated with the second encrypted data 1064 (e.g., a hash value), 128 bit MAC values of a previous MAC page in the protected memory 1056, and a 64 bit counter global counter lock value of the previous MAC page (e.g., 64 bits storing the counter value of the previous MAC page). It is worthwhile to note that the MAC page may be agnostic to the physical address in the second buffer 1080 that the second encrypted data 1064 is stored within.
  • the physical memory address may be bypassed from being stored in association with the MAC page since the physical memory address may be common to numerous pagein and page-out operations.
  • a root counter value (e.g., a value of the global counter) for the MAC page may be stored in an internal register of the GPU and in association with an identifier of the second encrypted data 1064.
  • the second encrypted data 1064 is later retrieved, it is required for the corresponding MAC page to be loaded into protected memory using the GPU.
  • the protected memory may only hold a single MAC page.
  • some embodiments may traverse through MAC pages that are linked together by identifying data (e.g., one MAC page contains the identification data to another MAC page).
  • the second encrypted data 1064 may be paged out to memory 1082. It is worthwhile to note that the storage location of the second encrypted data 1064 may be flexible to be stored in any memory and/or storage device. For example, in some embodiments, a long-term storage may be substituted for the memory 1082. In some embodiments, the identification data 1078 may be maintained in the protected memory 1056.
  • the process 1050 may page in the second encrypted data 1064, 1070.
  • the process 1050 may ensure the relevant MAC entries (e.g., 256 MAC entries) associated with a main surface page (e.g., the page being paged in) is loaded in the MAC page prior to the actual paging operation for loading of data.
  • the GPU may reference the register to identify the appropriate root counter value, retrieve (or cause to be retrieved by software), the identification data 1078 from the protected memory 1056 and identify the MAC values.
  • the process 1050 may verily during decryption 1074 that the correct page is provided and generate the decrypted data 1084.
  • the GPU DMA engine may compare the MAC generated based on the retrieved data identified during the decryption operation to the expected value from the MAC page stored in associated with the identification data 1078. If the generated MAC does not match the MAC values associated with the second encrypted data 1064 retrieved from the MAC page, further operations based on the second encrypted data 1064 may be bypassed and remedied. As illustrated, the second encrypted data 1064 is decrypted to the first encrypted data 1052 in the host physical address based encryption domain.
  • a GPU may decrypt the first encrypted data 1052 in some embodiments to obtain clear text data.
  • some embodiments provide enhanced memory usage while still maintaining security boundaries.
  • the GPU may still enforce security even while data is paged out of memory.
  • FIG. 9F illustrates a method 1090 to handle paging operations securely.
  • the method 1090 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the process 1050 (FIG. 9E) already discussed. More particularly, the method 1090 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof. In some embodiments, aspects of method 1090 are implemented in a GPU.
  • Illustrated processing block 1092 identifies that encrypted data is in a first format (e.g., AES-XTS-HPA) that does not permit paging operations.
  • Illustrated processing block 1106 determines that the CPU is not within a TCB. For example, an operation (e.g., digital-rights media operations) associated with the encrypted data may not include the CPU within the TCB. Thus, illustrated processing block 1106 identifies that operations associated with the encrypted data do not permit the CPU to access and decrypt the encrypted data. In some embodiments, if the CPU is within the TCB the method 1090 may cease without converting the encrypted data to a format compatible with paging.
  • a first format e.g., AES-XTS-HPA
  • Illustrated processing block 1106 determines that the CPU is not within a TCB. For example, an operation (e.g., digital-rights media operations) associated with the encrypted data may not include the CPU within the TCB. Thus, illustrated processing block 1106 identifie
  • Illustrated processing block 1096 identifies that a page-out operation will be executed.
  • Illustrated processing block 1094 converts encrypted data to a second format (e.g., AEAD) that permits paging and generates a MAC page (e.g., based on the AEAD format) and stores the MAC page, and increments a global counter.
  • Illustrated processing block 1108 identifies that the encrypted data will be paged-in with a main page.
  • Illustrated processing block 1102 retrieves the MAC page corresponding to the main page (that includes the paged out encrypted data). Illustrated processing block 1130 pages in the main page. Illustrated processing block 1112 determines if a stored MAC value of the encrypted data (e.g., as stored in the MAC page) matches (e.g., is the same as) a MAC value calculated based on the paged-in data from the main page. If so, illustrated processing block 1116 executes operations with the paged-in data. Otherwise, the retrieved data is not the same as the encrypted data that was paged-out. Thus, illustrated processing block 1114 bypasses operations with the paged-in data to enforce security protocols.
  • a stored MAC value of the encrypted data e.g., as stored in the MAC page
  • a MAC value calculated based on the paged-in data from the main page e.g., is the same as
  • illustrated processing block 1116 executes operations with the paged-in data. Otherwise, the retrieved data is not
  • method 1090 may execute for each of a plurality of different data associated with different operations and may execute concurrently for each data that is to be paged-out.
  • the global counter may be incremented numerous times based on data that is to be paged-out.
  • FIG. 9G illustrates a method 1120 of paging data.
  • the method 1120 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the process 1050 (FIG. 9E) and/or the method 1090 (FIG. 9F) already discussed. More particularly, the method 1120 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof. In some embodiments, aspects of method 1120 are implemented in a GPU.
  • Illustrated processing block 1122 identifies that first data is in a first format, where the first format is in a physical address based encryption format.
  • Illustrated processing block 1124 converts, with the graphics processor, the first data from the first format to a second format, where the second format is in a physical address agnostic encryption format.
  • Illustrated processing block 1126 pages-out the first data, that is in the second format, from the memory to the non-volatile storage.
  • method 1120 increments a global counter in response to an identification that the first data will be paged-out.
  • method 1120 generates a message authentication code (MAC) value based on the first data that is in the second format.
  • method 1120 stores the MAC value and a value of the global counter in a protected memory.
  • MAC message authentication code
  • method 1120 pages-in second data from a storage, calculates a message authentication code (MAC) value based on the second data, and compares the MAC value of the second data to a MAC value t stored in the protected memory to determine whether the second data corresponds to the first data. Further, in some embodiments, method 1120 executes one or more operations based on the second data when the MAC value of the second data is the same as the MAC value of the first data, and/or bypasses one or more operations based on the second data when the MAC value of the second data is dissimilar from the MAC value of the first data.
  • MAC message authentication code
  • FIG. 10 is a block diagram of a processing system 1400, according to an embodiment.
  • System 1400 may be used in a single processor desktop system, a multiprocessor workstation system, or a server system having a large number of processors 102 or processor cores 107.
  • the system 1400 is a processing platform incorporated within a system-on-a-chip (SoC) integrated circuit for use in mobile, handheld, or embedded devices such as within Intemet-of-things (loT) devices with wired or wireless connectivity to a local or wide area network.
  • SoC system-on-a-chip
  • system 1400 can include, couple with, or be integrated within: a server-based gaming platform; a game console, including a game and media console; a mobile gaming console, a handheld game console, or an online game console.
  • the system 1400 is part of a mobile phone, smart phone, tablet computing device or mobile Internet-connected device such as a laptop with low internal storage capacity.
  • Processing system 1400 can also include, couple with, or be integrated within: a wearable device, such as a smart watch wearable device; smart eyewear or clothing enhanced with augmented reality (AR) or virtual reality (VR) features to provide visual, audio or tactile outputs to supplement real world visual, audio or tactile experiences or otherwise provide text, audio, graphics, video, holographic images or video, or tactile feedback; other augmented reality (AR) device; or other virtual reality (VR) device.
  • the processing system 1400 includes or is part of a television or set top box device.
  • system 1400 can include, couple with, or be integrated within a self-driving vehicle such as a bus, tractor trailer, car, motor or electric power cycle, plane or glider (or any combination thereof). The self-driving vehicle may use system 1400 to process the environment sensed around the vehicle.
  • the one or more processors 1402 each include one or more processor cores 1407 to process instructions which, when executed, perform operations for system or user software.
  • at least one of the one or more processor cores 1407 is configured to process a specific instruction set 1409.
  • instruction set 1409 may facilitate Complex Instruction Set Computing (CISC), Reduced Instruction Set Computing (RISC), or computing via a Very Long Instruction Word (VLIW).
  • CISC Complex Instruction Set Computing
  • RISC Reduced Instruction Set Computing
  • VLIW Very Long Instruction Word
  • processor cores 1407 may process a different instruction set 1409, which may include instructions to facilitate the emulation of other instruction sets.
  • Processor core 1407 may also include other processing devices, such as a Digital Signal Processor (DSP).
  • DSP Digital Signal Processor
  • the processor 1402 includes cache memory 1404. Depending on the architecture, the processor 1402 can have a single internal cache or multiple levels of internal cache. In some embodiments, the cache memory is shared among various components of the processor 1402. In some embodiments, the processor 1402 also uses an external cache (e.g., a Level-3 (L3) cache or Last Level Cache (LLC)) (not shown), which may be shared among processor cores 1407 using known cache coherency techniques.
  • L3 cache Level-3
  • LLC Last Level Cache
  • a register file 1406 can be additionally included in processor 1402 and may include different types of registers for storing different types of data (e.g., integer registers, floating point registers, status registers, and an instruction pointer register). Some registers may be general-purpose registers, while other registers may be specific to the design of the processor 1402.
  • one or more processor(s) 1402 are coupled with one or more interface bus(es) 1410 to transmit communication signals such as address, data, or control signals between processor 1402 and other components in the system 1400.
  • the interface bus 1410 can be a processor bus, such as a version of the Direct Media Interface (DMI) bus.
  • processor busses are not limited to the DMI bus, and may include one or more Peripheral Component Interconnect buses (e.g., PCI, PCI express), memory busses, or other types of interface busses.
  • the processor(s) 1402 include an integrated memory controller 1416 and a platform controller hub 1430.
  • the memory controller 1416 facilitates communication between a memory device and other components of the system 1400, while the platform controller hub (PCH) 1430 provides connections to I/O devices via a local I/O bus.
  • PCH platform controller hub
  • the memory device 1420 can be a dynamic random-access memory (DRAM) device, a static random-access memory (SRAM) device, flash memory device, phasechange memory device, or some other memory device having suitable performance to serve as process memory.
  • the memory device 1420 can operate as system memory for the system 1400, to store data 1422 and instructions 1421 for use when the one or more processors 1402 executes an application or process.
  • Memory controller 1416 also couples with an optional external graphics processor 1418, which may communicate with the one or more graphics processors 1408 in processors 1402 to perform graphics and media operations.
  • graphics, media, and or compute operations may be assisted by an accelerator 1412 which is a coprocessor that can be configured to perform a specialized set of graphics, media, or compute operations.
  • the accelerator 1412 is a matrix multiplication accelerator used to optimize machine learning or compute operations.
  • the accelerator 1412 is a ray-tracing accelerator that can be used to perform ray-tracing operations in concert with the graphics processor 1408.
  • an external accelerator 1419 may be used in place of or in concert with the accelerator 1412.
  • a display device 1411 can connect to the processor(s) 1402.
  • the display device 1411 can be one or more of an internal display device, as in a mobile electronic device or a laptop device or an external display device attached via a display interface (e.g., DisplayPort, etc.).
  • the display device 1411 can be a head mounted display (HMD) such as a stereoscopic display device for use in virtual reality (VR) applications or augmented reality (AR) applications.
  • HMD head mounted display
  • VR virtual reality
  • AR augmented reality
  • the platform controller hub 130 enables peripherals to connect to memory device 1420 and processor 1402 via a high-speed I/O bus.
  • the I/O peripherals include, but are not limited to, an audio controller 1446, a network controller 1434, a firmware interface 1428, a wireless transceiver 1426, touch sensors 1425, a data storage device 1424 (e.g., non-volatile memory, volatile memory, hard disk drive, flash memory, NAND, 3D NAND, 3D XPoint, etc.).
  • the data storage device 1424 can connect via a storage interface (e.g., SATA) or via a peripheral bus, such as a Peripheral Component Interconnect bus (e.g., PCI, PCI express).
  • PCI Peripheral Component Interconnect bus
  • the touch sensors 1425 can include touch screen sensors, pressure sensors, or fingerprint sensors.
  • the wireless transceiver 1426 can be a Wi-Fi transceiver, a Bluetooth transceiver, or a mobile network transceiver such as a 3G, 4G, 5G, or Long-Term Evolution (LTE) transceiver.
  • the firmware interface 1428 enables communication with system firmware, and can be, for example, a unified extensible firmware interface (UEFI).
  • the network controller 1434 can enable a network connection to a wired network.
  • a high-performance network controller (not shown) couples with the interface bus 1410.
  • the audio controller 1446 in one embodiment, is a multi-channel high definition audio controller.
  • the system 1400 includes an optional legacy I/O controller 1440 for coupling legacy (e.g., Personal System 2 (PS/2)) devices to the system.
  • the platform controller hub 1430 can also connect to one or more Universal Serial Bus (USB) controllers 1442 connect input devices, such as keyboard and mouse 1443 combinations, a camera 1444, or other USB input devices.
  • USB Universal Serial Bus
  • system 1400 shown is exemplary and not limiting, as other types of data processing systems that are differently configured may also be used.
  • an instance of the memory controller 1416 and platform controller hub 1430 may be integrated into a discreet external graphics processor, such as the external graphics processor 1418.
  • the platform controller hub 1430 and/or memory controller 1416 may be external to the one or more processor(s) 1402.
  • the system 1400 can include an external memory controller 1416 and platform controller hub 1430, which may be configured as a memory controller hub and peripheral controller hub within a system chipset that is in communication with the processor(s) 1402.
  • circuit boards (“sleds”) can be used on which components such as CPUs, memory, and other components are placed are designed for increased thermal performance.
  • processing components such as the processors are located on a top side of a sled while near memory, such as DIMMs, are located on a bottom side of the sled.
  • near memory such as DIMMs
  • the components may operate at higher frequencies and power levels than in typical systems, thereby increasing performance.
  • the sleds are configured to blindly mate with power and data communication cables in a rack, thereby enhancing their ability to be quickly removed, upgraded, reinstalled, and/or replaced.
  • individual components located on the sleds such as processors, accelerators, memory, and data storage drives, are configured to be easily upgraded due to their increased spacing from each other.
  • the components additionally include hardware attestation features to prove their authenticity.
  • a data center can utilize a single network architecture (“fabric”) that supports multiple other network architectures including Ethernet and Omni-Path.
  • the sleds can be coupled to switches via optical fibers, which provide higher bandwidth and lower latency than typical twisted pair cabling (e.g., Category 5, Category 5e, Category 6, etc.).
  • the data center may, in use, pool resources, such as memory, accelerators (e.g., GPUs, graphics accelerators, FPGAs, ASICs, neural network and/or artificial intelligence accelerators, etc.), and data storage drives that are physically disaggregated, and provide them to compute resources (e.g., processors) on an as needed basis, enabling the compute resources to access the pooled resources as if they were local.
  • accelerators e.g., GPUs, graphics accelerators, FPGAs, ASICs, neural network and/or artificial intelligence accelerators, etc.
  • compute resources e.g., processors
  • a power supply or source can provide voltage and/or current to system 1400 or any component or system described herein.
  • the power supply includes an AC to DC (alternating current to direct current) adapter to plug into a wall outlet.
  • AC power can be renewable energy (e.g., solar power) power source.
  • power source includes a DC power source, such as an external AC to DC converter.
  • power source or power supply includes wireless charging hardware to charge via proximity to a charging field.
  • power source can include an internal battery, alternating current supply, motion-based power supply, solar power supply, or fuel cell source.
  • FIGs. 11A-11D illustrate computing systems and graphics processors provided by embodiments described herein. The elements of FIGs. 11A-11D having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.
  • FIG. 11A is a block diagram of an embodiment of a processor 1500 having one or more processor cores 1502A-1502N, an integrated memory controller 1514, and an integrated graphics processor 1508.
  • Processor 1500 can include additional cores up to and including additional core 1502N represented by the dashed lined boxes.
  • processor cores 1502A-1502N includes one or more internal cache units 1504A-1504N.
  • each processor core also has access to one or more shared cache units 1506.
  • the internal cache units 1504A-1504N and shared cache units 1506 represent a cache memory hierarchy within the processor 1500.
  • the cache memory hierarchy may include at least one level of instruction and data cache within each processor core and one or more levels of shared mid-level cache, such as a Level 2 (L2), Level 3 (L3), Level 4 (L4), or other levels of cache, where the highest level of cache before external memory is classified as the LLC.
  • cache coherency logic maintains coherency between the various cache units 1506 and 1504A- 1504N.
  • processor 1500 may also include a set of one or more bus controller units 1516 and a system agent core 1510.
  • the one or more bus controller units 1516 manage a set of peripheral buses, such as one or more PCI or PCI express busses.
  • System agent core 1510 provides management functionality for the various processor components.
  • system agent core 1510 includes one or more integrated memory controllers 1514 to manage access to various external memory devices (not shown).
  • one or more of the processor cores 1502A-1502N include support for simultaneous multi -threading.
  • the system agent core 1510 includes components for coordinating and operating cores 1502A- 1502N during multi -threaded processing.
  • System agent core 1510 may additionally include a power control unit (PCU), which includes logic and components to regulate the power state of processor cores 1502A-1502N and graphics processor 1508.
  • PCU power control unit
  • processor 1500 additionally includes graphics processor 1508 to execute graphics processing operations.
  • the graphics processor 1508 couples with the set of shared cache units 1506, and the system agent core 1510, including the one or more integrated memory controllers 1514.
  • the system agent core 1510 also includes a display controller 1511 to drive graphics processor output to one or more coupled displays.
  • display controller 1511 may also be a separate module coupled with the graphics processor via at least one interconnect, or may be integrated within the graphics processor 1508.
  • a ring-based interconnect unit 1512 is used to couple the internal components of the processor 1500.
  • an alternative interconnect unit may be used, such as a point-to-point interconnect, a switched interconnect, or other techniques, including techniques well known in the art.
  • graphics processor 1508 couples with the ring interconnect 1512 via an I/O link 1513.
  • the exemplary I/O link 1513 represents at least one of multiple varieties of I/O interconnects, including an on package I/O interconnect which facilitates communication between various processor components and a high-performance embedded memory module 1518, such as an eDRAM module.
  • a high-performance embedded memory module 1518 such as an eDRAM module.
  • each of the processor cores 1502A-1502N and graphics processor 1508 can use embedded memory modules 1518 as a shared Last Level Cache.
  • processor cores 1502A-1502N are homogenous cores executing the same instruction set architecture.
  • processor cores 1502A-1502N are heterogeneous in terms of instruction set architecture (ISA), where one or more of processor cores 1502A-1502N execute a first instruction set, while at least one of the other cores executes a subset of the first instruction set or a different instruction set.
  • processor cores 1502A-1502N are heterogeneous in terms of microarchitecture, where one or more cores having a relatively higher power consumption couple with one or more power cores having a lower power consumption.
  • processor cores 1502A-1502N are heterogeneous in terms of computational capability.
  • processor 1500 can be implemented on one or more chips or as an SoC integrated circuit having the illustrated components, in addition to other components.
  • FIG. 1 IB is a block diagram of hardware logic of a graphics processor core 1519, according to some embodiments described herein. Elements of FIG. 1 IB having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.
  • the graphics processor core 1519 sometimes referred to as a core slice, can be one or multiple graphics cores within a modular graphics processor.
  • the graphics processor core 1519 is exemplary of one graphics core slice, and a graphics processor as described herein may include multiple graphics core slices based on target power and performance envelopes.
  • Each graphics processor core 1519 can include a fixed function block 1530 coupled with multiple sub-cores 1521A-1521F, also referred to as sub-slices, that include modular blocks of general-purpose and fixed function logic.
  • the fixed function block 1530 includes a geometry/fixed function pipeline 1531 that can be shared by all sub-cores in the graphics processor core 1519, for example, in lower performance and/or lower power graphics processor implementations.
  • the geometry/fixed function pipeline 1531 includes a 3D fixed function pipeline (e.g., 3D pipeline 1612 as in FIG. 13, described below) a video front-end unit, a thread spawner and thread dispatcher, and a unified return buffer manager, which manages unified return buffers (e.g., unified return buffer 1718 in FIG. 13, as described below).
  • the fixed function block 1530 also includes a graphics SoC interface 1532, a graphics microcontroller 1533, and a media pipeline 1534.
  • the graphics SoC interface 1532 provides an interface between the graphics processor core 1519 and other processor cores within a system on a chip integrated circuit.
  • the graphics microcontroller 1533 is a programmable sub-processor that is configurable to manage various functions of the graphics processor core 1519, including thread dispatch, scheduling, and pre-emption.
  • the media pipeline 1534 (e.g., media pipeline 1616 of FIG. 12A) includes logic to facilitate the decoding, encoding, pre-processing, and/or post-processing of multimedia data, including image and video data.
  • the media pipeline 1534 implement media operations via requests to compute or sampling logic within the sub-cores 1521-1521F.
  • the SoC interface 1532 enables the graphics processor core 1519 to communicate with general-purpose application processor cores (e.g., CPUs) and/or other components within an SoC, including memory hierarchy elements such as a shared last level cache memory, the system RAM, and/or embedded on-chip or on- package DRAM.
  • the SoC interface 1532 can also enable communication with fixed function devices within the SoC, such as camera imaging pipelines, and enables the use of and/or implements global memory atomics that may be shared between the graphics processor core 1519 and CPUs within the SoC.
  • the SoC interface 1532 can also implement power management controls for the graphics processor core 1519 and enable an interface between a clock domain of the graphic core 1519 and other clock domains within the SoC.
  • the SoC interface 1532 enables receipt of command buffers from a command streamer and global thread dispatcher that are configured to provide commands and instructions to each of one or more graphics cores within a graphics processor.
  • the commands and instructions can be dispatched to the media pipeline 1534, when media operations are to be performed, or a geometry and fixed function pipeline (e.g., geometry and fixed function pipeline 1531, geometry and fixed function pipeline 1537) when graphics processing operations are to be performed.
  • the graphics microcontroller 1533 can be configured to perform various scheduling and management tasks for the graphics processor core 1519.
  • the graphics microcontroller 1533 can perform graphics and/or compute workload scheduling on the various graphics parallel engines within execution unit (EU) arrays 1522A-1522F, 1524A-1524F within the sub-cores 1521A-1521F.
  • EU execution unit
  • host software executing on a CPU core of an SoC including the graphics processor core 1519 can submit workloads one of multiple graphic processor doorbells, which invokes a scheduling operation on the appropriate graphics engine. Scheduling operations include determining which workload to run next, submitting a workload to a command streamer, pre-empting existing workloads running on an engine, monitoring progress of a workload, and notifying host software when a workload is complete.
  • the graphics microcontroller 1533 can also facilitate low-power or idle states for the graphics processor core 1519, providing the graphics processor core 1519 with the ability to save and restore registers within the graphics processor core 1519 across low-power state transitions independently from the operating system and/or graphics driver software on the system.
  • the graphics processor core 1519 may have greater than or fewer than the illustrated sub-cores 1521A-1521F, up to N modular sub-cores.
  • the graphics processor core 1519 can also include shared function logic 1535, shared and/or cache memory 1536, a geometry /fixed function pipeline 1537, as well as additional fixed function logic (not shown) to accelerate various graphics and compute processing operations.
  • the shared function logic 1535 can include logic units associated with the shared function logic 1720 of FIG. 13 (e.g., sampler, math, and/or inter-thread communication logic) that can be shared by each N sub-cores within the graphics processor core 1519.
  • the shared and/or cache memory 1536 can be a lastlevel cache for the set of N sub-cores 1521 A-1521F within the graphics processor core 1519, and can also serve as shared memory that is accessible by multiple sub-cores.
  • the geometry /fixed function pipeline 1537 can be included instead of the geometry /fixed function pipeline 1531 within the fixed function block 1530 and can include the same or similar logic units.
  • the graphics processor core 1519 includes additional fixed function logic that can include various fixed function acceleration logic for use by the graphics processor core 1519.
  • the additional fixed function logic includes an additional geometry pipeline for use in position only shading. In position- only shading, two geometry pipelines exist, the full geometry pipeline within the geometry /fixed function pipeline 238, 1531, and a cull pipeline, which is an additional geometry pipeline which may be included within the additional fixed function logic 238.
  • the cull pipeline is a trimmed down version of the full geometry pipeline. The full pipeline and the cull pipeline can execute different instances of the same application, each instance having a separate context. Position only shading can hide long cull runs of discarded triangles, enabling shading to be completed earlier in some instances.
  • the cull pipeline logic within the additional fixed function logic can execute position shaders in parallel with the main application and generally generates critical results faster than the full pipeline, as the cull pipeline fetches and shades only the position attribute of the vertices, without performing rasterization and rendering of the pixels to the frame buffer.
  • the cull pipeline can use the generated critical results to compute visibility information for all the triangles without regard to whether those triangles are culled.
  • the full pipeline (which in this instance may be referred to as a replay pipeline) can consume the visibility information to skip the culled triangles to shade only the visible triangles that are finally passed to the rasterization phase.
  • the additional fixed function logic can also include machinelearning acceleration logic, such as fixed function matrix multiplication logic, for implementations including optimizations for machine learning training or inferencing.
  • machinelearning acceleration logic such as fixed function matrix multiplication logic
  • each graphics sub-core 1521A-1521F includes a set of execution resources that may be used to perform graphics, media, and compute operations in response to requests by graphics pipeline, media pipeline, or shader programs.
  • the graphics sub-cores 1521A-1521F include multiple EU arrays 1522A-1522F, 1524A- 1524F, thread dispatch and inter-thread communication (TD/IC) logic 1523A-1523F, a 3D (e.g., texture) sampler 1525A-1525F, a media sampler 1507A-1507F, a shader processor 1527A-1527F, and shared local memory (SLM) 1528A-1528F.
  • TD/IC thread dispatch and inter-thread communication
  • the EU arrays 1522A-1522F, 1524A-1524F each include multiple execution units, which are general-purpose graphics processing units capable of performing floating-point and integer/fixed-point logic operations in service of a graphics, media, or compute operation, including graphics, media, or compute shader programs.
  • the TD/IC logic 1523A-1523F performs local thread dispatch and thread control operations for the execution units within a sub-core and facilitate communication between threads executing on the execution units of the sub-core.
  • the 3D sampler 1525A-1525F can read texture or other 3D graphics related data into memory. The 3D sampler can read texture data differently based on a configured sample state and the texture format associated with a given texture.
  • the media sampler 1507A-1507F can perform similar read operations based on the type and format associated with media data.
  • each graphics sub-core 1521A-1521F can alternately include a unified 3D and media sampler. Threads executing on the execution units within each of the subcores 1521A-1521F can make use of shared local memory 1528A-1528F within each sub-core, to enable threads executing within a thread group to execute using a common pool of on-chip memory.
  • FIG. 11C illustrates a graphics processing unit (GPU) 1539 that includes dedicated sets of graphics processing resources arranged into multi-core groups 1540A- 1540N. While the details of only a single multi-core group 1540A are provided, it will be appreciated that the other multi-core groups 1540B-1540N may be equipped with the same or similar sets of graphics processing resources.
  • GPU graphics processing unit
  • a multi-core group 1540A may include a set of graphics cores 1543, a set of tensor cores 1544, and a set of ray tracing cores 1545.
  • a scheduler/dispatcher 1541 schedules and dispatches the graphics threads for execution on the various cores 1543, 1544, 1545.
  • a set of register files 1542 store operand values used by the cores 1543, 1544, 1545 when executing the graphics threads. These may include, for example, integer registers for storing integer values, floating point registers for storing floating point values, vector registers for storing packed data elements (integer and/or floating point data elements) and tile registers for storing tensor/matrix values.
  • the tile registers are implemented as combined sets of vector registers. too
  • One or more combined level 1 (LI) caches and shared memory units 1547 store graphics data such as texture data, vertex data, pixel data, ray data, bounding volume data, etc., locally within each multi-core group 1540A.
  • One or more texture units 1547 can also be used to perform texturing operations, such as texture mapping and sampling.
  • a Level 2 (L2) cache 1553 shared by all or a subset of the multi-core groups 1540A- 1540N stores graphics data and/or instructions for multiple concurrent graphics threads. As illustrated, the L2 cache 1553 may be shared across a plurality of multi-core groups 1540A-1540N.
  • One or more memory controllers 1548 couple the GPU 1539 to a memory 1549 which may be a system memory (e.g., DRAM) and/or a dedicated graphics memory (e.g., GDDR6 memory).
  • I/O circuitry 1550 couples the GPU 1539 to one or more I/O devices 1552 such as digital signal processors (DSPs), network controllers, or user input devices.
  • I/O devices 1552 such as digital signal processors (DSPs), network controllers, or user input devices.
  • An on-chip interconnect may be used to couple the I/O devices 1552 to the GPU 1539 and memory 1549.
  • I/O memory management units (IOMMUS) 1551 of the I/O circuitry 1550 couple the I/O devices 1552 directly to the system memory 1549.
  • the I0MMU 1551 manages multiple sets of page tables to map virtual addresses to physical addresses in system memory 1549.
  • the I/O devices 1552, CPU(s) 1546, and GPU(s) 1539 may share the same virtual address space.
  • the I0MMU 1551 supports virtualization. In this case, it may manage a first set of page tables to map guest/graphics virtual addresses to guest/graphics physical addresses and a second set of page tables to map the guest/graphics physical addresses to system/host physical addresses (e.g., within system memory 1549).
  • the base addresses of each of the first and second sets of page tables may be stored in control registers and swapped out on a context switch (e.g., so that the new context is provided with access to the relevant set of page tables). While not illustrated in FIG.
  • each of the cores 1543, 1544, 1545 and/or multi-core groups 1540A-1540N may include translation lookaside buffers (TLBs) to cache guest virtual to guest physical translations, guest physical to host physical translations, and guest virtual to host physical translations.
  • TLBs translation lookaside buffers
  • the CPUs 1546, GPUs 1539, and I/O devices 1552 are integrated on a single semiconductor chip and/or chip package.
  • the illustrated memory 1549 may be integrated on the same chip or may be coupled to the memory controllers 1548 via an off-chip interface.
  • the memory 1549 comprises GDDR6 memory which shares the same virtual address space as other physical systemlevel memories, although the underlying principles of the embodiment are not limited to this specific implementation.
  • the tensor cores 1544 include a plurality of execution units specifically designed to perform matrix operations, which are the fundamental compute operation used to perform deep learning operations. For example, simultaneous matrix multiplication operations may be used for neural network training and inferencing.
  • the tensor cores 1544 may perform matrix processing using a variety of operand precisions including single precision floating-point (e.g., 32 bits), half-precision floating point (e.g., 16 bits), integer words (16 bits), bytes (8 bits), and half-bytes (4 bits).
  • a neural network implementation extracts features of each rendered scene, potentially combining details from multiple frames, to construct a high-quality final image.
  • parallel matrix multiplication work may be scheduled for execution on the tensor cores 1544.
  • the training of neural networks requires a significant number matrix dot product operations.
  • the tensor cores 1544 may include at least N dot-product processing elements. Before the matrix multiply begins, one entire matrix is loaded into tile registers and at least one column of a second matrix is loaded each cycle for N cycles. Each cycle, there are N dot products that are processed.
  • Matrix elements may be stored at different precisions depending on the particular implementation, including 16-bit words, 8-bit bytes (e.g., INT8) and 4-bit half-bytes (e.g., INT4). Different precision modes may be specified for the tensor cores 1544 to ensure that the most efficient precision is used for different workloads (e.g., such as inferencing workloads which can tolerate quantization to bytes and half-bytes).
  • the ray tracing cores 1545 accelerate ray tracing operations for both real-time ray tracing and non-real-time ray tracing implementations.
  • the ray tracing cores 1545 include ray traversal/intersection circuitry for performing ray traversal using bounding volume hierarchies (BVHs) and identifying intersections between rays and primitives enclosed within the BVH volumes.
  • the ray tracing cores 1545 may also include circuitry for performing depth testing and culling (e.g., using a Z buffer or similar arrangement).
  • the ray tracing cores 1545 perform traversal and intersection operations in concert with the image denoising techniques described herein, at least a portion of which may be executed on the tensor cores 1544.
  • the tensor cores 1544 implement a deep learning neural network to perform denoising of frames generated by the ray tracing cores 1545.
  • the CPU(s) 1546, graphics cores 1543, and/or ray tracing cores 1545 may also implement all or a portion of the denoising and/or deep learning algorithms.
  • a distributed approach to denoising may be employed in which the GPU 1539 is in a computing device coupled to other computing devices over a network or high speed interconnect.
  • the interconnected computing devices share neural network leaming/training data to improve the speed with which the overall system learns to perform denoising for different types of image frames and/or different graphics applications.
  • each ray tracing core 1545 process all BVH traversal and ray -primitive intersections, saving the graphics cores 1543 from being overloaded with thousands of instructions per ray.
  • each ray tracing core 1545 includes a first set of specialized circuitry for performing bounding box tests (e.g., for traversal operations) and a second set of specialized circuitry for performing the raytriangle intersection tests (e.g., intersecting rays which have been traversed).
  • the multi-core group 1540A can simply launch a ray probe, and the ray tracing cores 1545 independently perform ray traversal and intersection and return hit data (e.g., a hit, no hit, multiple hits, etc.) to the thread context.
  • the other cores 1543, 1544 are freed to perform other graphics or compute work while the ray tracing cores 1545 perform the traversal and intersection operations.
  • each ray tracing core 1545 includes a traversal unit to perform BVH testing operations and an intersection unit which performs ray-primitive intersection tests.
  • the intersection unit generates a “hit”, “no hit”, or “multiple hit” response, which it provides to the appropriate thread.
  • the execution resources of the other cores e.g., graphics cores 1543 and tensor cores 1544
  • a hybrid rasterization/ray tracing approach is used in which work is distributed between the graphics cores 1543 and ray tracing cores 1545.
  • the ray tracing cores 1545 include hardware support for a ray tracing instruction set such as Microsoft’s DirectX Ray Tracing (DXR) which includes a DispatchRays command, as well as raygeneration, closest-hit, any-hit, and miss shaders, which enable the assignment of unique sets of shaders and textures for each object.
  • a ray tracing instruction set such as Microsoft’s DirectX Ray Tracing (DXR) which includes a DispatchRays command, as well as raygeneration, closest-hit, any-hit, and miss shaders, which enable the assignment of unique sets of shaders and textures for each object.
  • DXR DirectX Ray Tracing
  • Another ray tracing platform which may be supported by the ray tracing cores 1545, graphics cores 1543 and tensor cores 1544 is Vulkan 1.1.85. Note, however, that the underlying principles of the embodiments are not limited to any particular ray tracing ISA.
  • the various cores 1545, 1544, 1543 may support a ray tracing instruction set that includes instructions/functions for ray generation, closest hit, any hit, ray-primitive intersection, per-primitive and hierarchical bounding box construction, miss, visit, and exceptions. More specifically, one embodiment includes ray tracing instructions to perform the following functions:
  • Ray Generation - Ray generation instructions may be executed for each pixel, sample, or other user-defined work assignment.
  • a closest hit instruction may be executed to locate the closest intersection point of a ray with primitives within a scene.
  • Any Hit - An any hit instruction identifies multiple intersections between a ray and primitives within a scene, potentially to identify a new closest intersection point.
  • Intersection - An intersection instruction performs a ray-primitive intersection test and outputs a result.
  • Per-primitive Bounding box Construction This instruction builds a bounding box around a given primitive or group of primitives (e.g., when building a new BVH or other acceleration data structure).
  • FIG. 1 ID is a block diagram of general purpose graphics processing unit (GPGPU) 1570 that can be configured as a graphics processor and/or compute accelerator, according to embodiments described herein.
  • the GPGPU 1570 can interconnect with host processors (e.g., one or more CPU(s) 1546) and memory 1571, 1572 via one or more system and/or memory busses.
  • the memory 1571 is system memory that may be shared with the one or more CPU(s) 1546, while memory 1572 is device memory that is dedicated to the GPGPU 1570.
  • components within the GPGPU 1570 and device memory 1572 may be mapped into memory addresses that are accessible to the one or more CPU(s) 1546. Access to memory 1571 and 1572 may be facilitated via a memory controller 1568.
  • the memory controller 1568 includes an internal direct memory access (DMA) controller 1569 or can include logic to perform operations that would otherwise be performed by a DMA controller.
  • DMA direct memory access
  • the GPGPU 1570 includes multiple cache memories, including an L2 cache 1553, LI cache 1554, an instruction cache 1555, and shared memory 1556, at least a portion of which may also be partitioned as a cache memory.
  • the GPGPU 1570 also includes multiple compute units 1560A-1560N.
  • Each compute unit 1560A-1560N includes a set of vector registers 1561, scalar registers 1562, vector logic units 1563, and scalar logic units 1564.
  • the compute units 1560A-1560N can also include local shared memory 1565 and a program counter 1566.
  • the compute units 1560A-1560N can couple with a constant cache 1567, which can be used to store constant data, which is data that will not change during the run of kernel or shader program that executes on the GPGPU 1570.
  • the constant cache 1567 is a scalar data cache and cached data can be fetched directly into the scalar registers 1562.
  • the one or more CPU(s) 1546 can write commands into registers or memory in the GPGPU 1570 that has been mapped into an accessible address space.
  • the command processors 1557 can read the commands from registers or memory and determine how those commands will be processed within the GPGPU 1570.
  • a thread dispatcher 1558 can then be used to dispatch threads to the compute units 1560A-1560N to perform those commands.
  • Each compute unit 1560A-1560N can execute threads independently of the other compute units. Additionally each compute unit 1560A-1560N can be independently configured for conditional computation and can conditionally output the results of computation to memory.
  • the command processors 1557 can interrupt the one or more CPU(s) 1546 when the submitted commands are complete.
  • FIGs. 12A-12B illustrate block diagrams of additional graphics processor and compute accelerator architectures provided by embodiments described herein.
  • the elements of FIGs. 12A-12B having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.
  • FIG. 12A is a block diagram of a graphics processor 1600, which may be a discrete graphics processing unit, or may be a graphics processor integrated with a plurality of processing cores, or other semiconductor devices such as, but not limited to, memory devices or network interfaces.
  • the graphics processor communicates via a memory mapped I/O interface to registers on the graphics processor and with commands placed into the processor memory.
  • graphics processor 1600 includes a memory interface 1614 to access memory.
  • Memory interface 1614 can be an interface to local memory, one or more internal caches, one or more shared external caches, and/or to system memory.
  • graphics processor 1600 also includes a display controller 1602 to drive display output data to a display device 1618.
  • Display controller 1602 includes hardware for one or more overlay planes for the display and composition of multiple layers of video or user interface elements.
  • the display device 1618 can be an internal or external display device.
  • the display device 1618 is a head mounted display device, such as a virtual reality (VR) display device or an augmented reality (AR) display device.
  • VR virtual reality
  • AR augmented reality
  • graphics processor 1600 includes a video codec engine 1606 to encode, decode, or transcode media to, from, or between one or more media encoding formats, including, but not limited to Moving Picture Experts Group (MPEG) formats such as MPEG-2, Advanced Video Coding (AVC) formats such as H.264/MPEG-4 AVC, H.265/HEVC, Alliance for Open Media (AOMedia) VP8, VP9, as well as the Society of Motion Picture & Television Engineers (SMPTE) 421M/VC-1, and Joint Photographic Experts Group (JPEG) formats such as JPEG, and Motion JPEG (MJPEG) formats.
  • MPEG Moving Picture Experts Group
  • AVC Advanced Video Coding
  • AOMedia Alliance for Open Media
  • SMPTE Society of Motion Picture & Television Engineers
  • JPEG Joint Photographic Experts Group
  • JPEG Joint Photographic Experts Group
  • graphics processor 1600 includes a block image transfer (BLIT) engine 1604 to perform two-dimensional (2D) rasterizer operations including, for example, bit-boundary block transfers.
  • 2D graphics operations are performed using one or more components of graphics processing engine (GPE) 1610.
  • GPE 1610 is a compute engine for performing graphics operations, including three-dimensional (3D) graphics operations and media operations.
  • GPE 1610 includes a 3D pipeline 1612 for performing 3D operations, such as rendering three-dimensional images and scenes using processing functions that act upon 3D primitive shapes (e.g., rectangle, triangle, etc.).
  • the 3D pipeline 1612 includes programmable and fixed function elements that perform various tasks within the element and/or spawn execution threads to a 3D/Media sub-system 1615. While 3D pipeline 1612 can be used to perform media operations, an embodiment of GPE 1610 also includes a media pipeline 1616 that is specifically used to perform media operations, such as video post-processing and image enhancement.
  • media pipeline 1616 includes fixed function or programmable logic units to perform one or more specialized media operations, such as video decode acceleration, video de-interlacing, and video encode acceleration in place of, or on behalf of video codec engine 1606.
  • media pipeline 1616 additionally includes a thread spawning unit to spawn threads for execution on 3D/Media sub-system 1615. The spawned threads perform computations for the media operations on one or more graphics execution units included in 3D/Media sub-system 1615.
  • 3D/Media subsystem 1615 includes logic for executing threads spawned by 3D pipeline 1612 and media pipeline 1616.
  • the pipelines send thread execution requests to 3D/Media subsystem 1615, which includes thread dispatch logic for arbitrating and dispatching the various requests to available thread execution resources.
  • the execution resources include an array of graphics execution units to process the 3D and media threads.
  • 3D/Media subsystem 1615 includes one or more internal caches for thread instructions and data.
  • the subsystem also includes shared memory, including registers and addressable memory, to share data between threads and to store output data.
  • FIG. 12B illustrates a graphics processor 1620 having a tiled architecture, according to embodiments described herein.
  • the graphics processor 1620 includes a graphics processing engine cluster 1622 having multiple instances of the graphics processing engine 1610 of FIG. 12A within a graphics engine tile 1610A- 1610D.
  • Each graphics engine tile 1610A-1610D can be interconnected via a set of tile interconnects 1623A-1623F.
  • Each graphics engine tile 1610A-1610D can also be connected to a memory module or memory device 1626A-1626D via memory interconnects 1625A-1625D.
  • the memory devices 1626A-1626D can use any graphics memory technology.
  • the memory devices 1626A-1626D may be graphics double data rate (GDDR) memory.
  • GDDR graphics double data rate
  • the memory devices 1626A-1626D are high-bandwidth memory (HBM) modules that can be on-die with their respective graphics engine tile 1610A-1610D.
  • HBM high-bandwidth memory
  • the memory devices 1626A-1626D are stacked memory devices that can be stacked on top of their respective graphics engine tile 1610A-1610D.
  • each graphics engine tile 1610A-1610D and associated memory 1626A-1626D reside on separate chiplets, which are bonded to a base die or base substrate, as described on further detail in FIGs. 20B- 20D.
  • the graphics processing engine cluster 1622 can connect with an on-chip or on- package fabric interconnect 1624.
  • the fabric interconnect 1624 can enable communication between graphics engine tiles 1610A-1610D and components such as the video codec 1606 and one or more copy engines 1604.
  • the copy engines 1604 can be used to move data out of, into, and between the memory devices 1626A-1626D and memory that is external to the graphics processor 1620 (e.g., system memory).
  • the fabric interconnect 1624 can also be used to interconnect the graphics engine tiles 1610A-1610D.
  • the graphics processor 1620 may optionally include a display controller 1602 to enable a connection with an external display device 1618.
  • the graphics processor may also be configured as a graphics or compute accelerator. In the accelerator configuration, the display controller 1602 and display device 1618 may be omitted.
  • the graphics processor 1620 can connect to a host system via a host interface 1628.
  • the host interface 1628 can enable communication between the graphics processor 1620, system memory, and/or other system components.
  • the host interface 1628 can be, for example a PCI express bus or another type of host system interface.
  • FIG. 12C illustrates a compute accelerator 1630, according to embodiments described herein.
  • the compute accelerator 1630 can include architectural similarities with the graphics processor 1620 of FIG. 12B and is optimized for compute acceleration.
  • a compute engine cluster 1632 can include a set of compute engine tiles 1640A-1640D that include execution logic that is optimized for parallel or vector-based general-purpose compute operations.
  • the compute engine tiles 1640A-1640D do not include fixed function graphics processing logic, although in one embodiment one or more of the compute engine tiles 1640A-1640D can include logic to perform media acceleration.
  • the compute engine tiles 1640A-1640D can connect to memory 1626A-1626D via memory interconnects 1625A-1625D.
  • the memory 1626A-1626D and memory interconnects 1625A-1625D may be similar technology as in graphics processor 1620, or can be different.
  • the graphics compute engine tiles 1640A-1640D can also be interconnected via a set of tile interconnects 1623A-1623F and may be connected with and/or interconnected by a fabric interconnect 1624.
  • the compute accelerator 1630 includes a large L3 cache 1636 that can be configured as a device-wide cache.
  • the compute accelerator 1630 may encrypt data in a format that permits paging prior to storing data outside the compute engine cluster 1632 as described encryption conversion scheme with a paging process 1050 (FIG. 9E), the method 1090 (FIG. 9F) and method 1120 (FIG. 9G).
  • the compute accelerator 1630 can also connect to a host processor and memory via a host interface 1628 in a similar manner as the graphics processor 1620 of FIG. 12B.
  • FIG. 13 is a block diagram of a graphics processing engine 1710 of a graphics processor in accordance with some embodiments.
  • the graphics processing engine (GPE) 1710 is a version of the GPE 310 shown in FIG. 12A, and may also represent a graphics engine tile 310A-310D of FIG. 12B.
  • Elements of FIG. 13 having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.
  • the 3D pipeline 312 and media pipeline 316 of FIG. 12A are illustrated.
  • the media pipeline 316 is optional in some embodiments of the GPE 1710 and may not be explicitly included within the GPE 1710.
  • a separate media and/or image processor is coupled to the GPE 1710.
  • GPE 1710 couples with or includes a command streamer 1703, which provides a command stream to the 3D pipeline 312 and/or media pipelines 316.
  • command streamer 1703 is coupled with memory, which can be system memory, or one or more of internal cache memory and shared cache memory.
  • command streamer 1703 receives commands from the memory and sends the commands to 3D pipeline 312 and/or media pipeline 316.
  • the commands are directives fetched from a ring buffer, which stores commands for the 3D pipeline 312 and media pipeline 316.
  • the ring buffer can additionally include batch command buffers storing batches of multiple commands.
  • the commands for the 3D pipeline 312 can also include references to data stored in memory, such as but not limited to vertex and geometry data for the 3D pipeline 312 and/or image data and memory objects for the media pipeline 316.
  • the 3D pipeline 312 and media pipeline 316 process the commands and data by performing operations via logic within the respective pipelines or by dispatching one or more execution threads to a graphics core array 1714.
  • the graphics core array 1714 include one or more blocks of graphics cores (e.g., graphics core(s) 1715A, graphics core(s) 1715B), each block including one or more graphics cores.
  • Each graphics core includes a set of graphics execution resources that includes general-purpose and graphics specific execution logic to perform graphics and compute operations, as well as fixed function texture processing and/or machine learning and artificial intelligence acceleration logic.
  • the 3D pipeline 312 can include fixed function and programmable logic to process one or more shader programs, such as vertex shaders, geometry shaders, pixel shaders, fragment shaders, compute shaders, or other shader programs, by processing the instructions and dispatching execution threads to the graphics core array 1714.
  • the graphics core array 1714 provides a unified block of execution resources for use in processing these shader programs.
  • Multi-purpose execution logic e.g., execution units
  • within the graphics core(s) 1715A-1714B of the graphic core array 1714 includes support for various 3D API shader languages and can execute multiple simultaneous execution threads associated with multiple shaders.
  • the graphics core array 1714 includes execution logic to perform media functions, such as video and/or image processing.
  • the execution units include general-purpose logic that is programmable to perform parallel general-purpose computational operations, in addition to graphics processing operations.
  • the general-purpose logic can perform processing operations in parallel or in conjunction with general -purpose logic within the processor core(s) 1407 of FIG. 10 or core 1502A-1502N as in FIG. 11 A.
  • Output data generated by threads executing on the graphics core array 1714 can output data to memory in a unified return buffer (URB) 1718.
  • the URB 1718 can store data for multiple threads.
  • the URB 1718 may be used to send data between different threads executing on the graphics core array 1714.
  • the URB 1718 may additionally be used for synchronization between threads on the graphics core array and fixed function logic within the shared function logic 1720.
  • graphics core array 1714 is scalable, such that the array includes a variable number of graphics cores, each having a variable number of execution units based on the target power and performance level of GPE 1710.
  • the execution resources are dynamically scalable, such that execution resources may be enabled or disabled as needed.
  • the graphics core array 1714 couples with shared function logic 1720 that includes multiple resources that are shared between the graphics cores in the graphics core array.
  • the shared functions within the shared function logic 1720 are hardware logic units that provide specialized supplemental functionality to the graphics core array 1714.
  • shared function logic 1720 includes but is not limited to sampler 1721, math 1722, and inter-thread communication (ITC) 1723 logic. Additionally, some embodiments implement one or more cache(s) 1725 within the shared function logic 1720.
  • a shared function is implemented at least in a case where the demand for a given specialized function is insufficient for inclusion within the graphics core array 1714. Instead a single instantiation of that specialized function is implemented as a standalone entity in the shared function logic 1720 and shared among the execution resources within the graphics core array 1714.
  • the precise set of functions that are shared between the graphics core array 1714 and included within the graphics core array 1714 varies across embodiments.
  • specific shared functions within the shared function logic 1720 that are used extensively by the graphics core array 1714 may be included within shared function logic 1716 within the graphics core array 1714.
  • the shared function logic 1716 within the graphics core array 1714 can include some or all logic within the shared function logic 1720. In one embodiment, all logic elements within the shared function logic 1720 may be duplicated within the shared function logic 1716 of the graphics core array 1714. In one embodiment the shared function logic 1720 is excluded in favor of the shared function logic 1716 within the graphics core array 1714.
  • FIGs. 14A-14B illustrate thread execution logic 1800 including an array of processing elements employed in a graphics processor core according to embodiments described herein. Elements of FIGs. 14A-14B having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.
  • FIG. 14A-14B illustrates an overview of thread execution logic 1800, which may be representative of hardware logic illustrated with each sub-core 221A-221F of FIG. 11B.
  • FIG. 14A is representative of an execution unit within a general-purpose graphics processor
  • FIG. 14B is representative of an execution unit that may be used within a compute accelerator.
  • thread execution logic 1800 includes a shader processor 1802, a thread dispatcher 1804, instruction cache 1806, a scalable execution unit array including a plurality of execution units 1808A-1808N, a sampler 1810, shared local memory 1811, a data cache 1812, and a data port 1814.
  • the scalable execution unit array can dynamically scale by enabling or disabling one or more execution units (e.g., any of execution units 1808A, 1808B, 1808C, 1808D, through 1808N-1 and 1808N) based on the computational requirements of a workload.
  • the included components are interconnected via an interconnect fabric that links to each of the components.
  • thread execution logic 1800 includes one or more connections to memory, such as system memory or cache memory, through one or more of instruction cache 1806, data port 1814, sampler 1810, and execution units 1808A-1808N.
  • each execution unit e.g., 1808A
  • the array of execution units 1808A-1808N is scalable to include any number individual execution units.
  • the execution units 1808A-1808N are primarily used to execute shader programs.
  • a shader processor 1802 can process the various shader programs and dispatch execution threads associated with the shader programs via a thread dispatcher 1804.
  • the thread dispatcher includes logic to arbitrate thread initiation requests from the graphics and media pipelines and instantiate the requested threads on one or more execution unit in the execution units 1808A- 1808N.
  • a geometry pipeline can dispatch vertex, tessellation, or geometry shaders to the thread execution logic for processing.
  • thread dispatcher 1804 can also process runtime thread spawning requests from the executing shader programs.
  • the execution units 1808A-1808N support an instruction set that includes native support for many standard 3D graphics shader instructions, such that shader programs from graphics libraries (e.g., Direct 3D and OpenGL) are executed with a minimal translation.
  • the execution units support vertex and geometry processing (e.g., vertex programs, geometry programs, vertex shaders), pixel processing (e.g., pixel shaders, fragment shaders) and general-purpose processing (e.g., compute and media shaders).
  • Each of the execution units 1808A-1808N is capable of multi-issue single instruction multiple data (SIMD) execution and multi-threaded operation enables an efficient execution environment in the face of higher latency memory accesses.
  • SIMD single instruction multiple data
  • Each hardware thread within each execution unit has a dedicated high-bandwidth register file and associated independent thread-state. Execution is multi-issue per clock to pipelines capable of integer, single and double precision floating point operations, SIMD branch capability, logical operations, transcendental operations, and other miscellaneous operations.
  • dependency logic within the execution units 1808A- 1808N causes a waiting thread to sleep until the requested data has been returned. While the waiting thread is sleeping, hardware resources may be devoted to processing other threads. For example, during a delay associated with a vertex shader operation, an execution unit can perform operations for a pixel shader, fragment shader, or another type of shader program, including a different vertex shader.
  • SIMD Single Instruction Multiple Thread
  • Reference to a SIMD core or operation can apply also to SIMT or apply to SIMD in combination with SIMT.
  • Each execution unit in execution units 1808A-1808N operates on arrays of data elements.
  • the number of data elements is the “execution size,” or the number of channels for the instruction.
  • An execution channel is a logical unit of execution for data element access, masking, and flow control within instructions.
  • the number of channels may be independent of the number of physical Arithmetic Logic Units (ALUs) or Floating Point Units (FPUs) for a particular graphics processor.
  • ALUs Arithmetic Logic Units
  • FPUs Floating Point Units
  • execution units 1808A-1808N support integer and floating-point data types.
  • the execution unit instruction set includes SIMD instructions.
  • the various data elements can be stored as a packed data type in a register and the execution unit will process the various elements based on the data size of the elements. For example, when operating on a 256-bit wide vector, the 256 bits of the vector are stored in a register and the execution unit operates on the vector as four separate 54-bit packed data elements (Quad-Word (QW) size data elements), eight separate 32-bit packed data elements (Double Word (DW) size data elements), sixteen separate 16-bit packed data elements (Word (W) size data elements), or thirty -two separate 8 -bit data elements (byte (B) size data elements).
  • QW Quality-Word
  • DW Double Word
  • W 16-bit packed data elements
  • B thirty -two separate 8 -bit data elements
  • one or more execution units can be combined into a fused execution unit 1809A-1809N having thread control logic (1807A-1807N) that is common to the fused EUs.
  • Multiple EUs can be fused into an EU group.
  • Each EU in the fused EU group can be configured to execute a separate SIMD hardware thread.
  • the number of EUs in a fused EU group can vary according to embodiments. Additionally, various SIMD widths can be performed per-EU, including but not limited to SIMD8, SIMD16, and SIMD32.
  • Each fused graphics execution unit 1809A-1809N includes at least two execution units.
  • fused execution unit 1809A includes a first EU 1808A, second EU 1808B, and thread control logic 1807A that is common to the first EU 1808A and the second EU 1808B.
  • the thread control logic 1807A controls threads executed on the fused graphics execution unit 1809 A, allowing each EU within the fused execution units 1809A-1809N to execute using a common instruction pointer register.
  • One or more internal instruction caches are included in the thread execution logic 1800 to cache thread instructions for the execution units.
  • one or more data caches are included to cache thread data during thread execution. Threads executing on the execution logic 1800 can also store explicitly managed data in the shared local memory 1811.
  • a sampler 1810 is included to provide texture sampling for 3D operations and media sampling for media operations.
  • sampler 1810 includes specialized texture or media sampling functionality to process texture or media data during the sampling process before providing the sampled data to an execution unit.
  • pixel processor logic within the shader processor 1802 is invoked to further compute output information and cause results to be written to output surfaces (e.g., color buffers, depth buffers, stencil buffers, etc.).
  • output surfaces e.g., color buffers, depth buffers, stencil buffers, etc.
  • a pixel shader or fragment shader calculates the values of the various vertex attributes that are to be interpolated across the rasterized object.
  • pixel processor logic within the shader processor 1802 then executes an application programming interface (API)-supplied pixel or fragment shader program.
  • API application programming interface
  • the shader processor 1802 dispatches threads to an execution unit (e.g., 1808 A) via thread dispatcher 1804.
  • shader processor 1802 uses texture sampling logic in the sampler 1810 to access texture data in texture maps stored in memory. Arithmetic operations on the texture data and the input geometry data compute pixel color data for each geometric fragment, or discards one or more pixels from further processing.
  • the data port 1814 provides a memory access mechanism for the thread execution logic 1800 to output processed data to memory for further processing on a graphics processor output pipeline.
  • the data port 1814 includes or couples to one or more cache memories (e.g., data cache 1812) to cache data for memory access via the data port.
  • the execution logic 1800 can also include a ray tracer 1805 that can provide ray tracing acceleration functionality.
  • the ray tracer 1805 can support a ray tracing instruction set that includes instructions/functions for ray generation.
  • the ray tracing instruction set can be similar to or different from the ray-tracing instruction set supported by the ray tracing cores 245 in FIG. 11C.
  • FIG. 14B illustrates exemplary internal details of an execution unit 1808, according to embodiments.
  • a graphics execution unit 1808 can include an instruction fetch unit 1837, a general register file array (GRF) 1824, an architectural register file array (ARF) 1826, a thread arbiter 1822, a send unit 1830, a branch unit 1832, a set of SIMD floating point units (FPUs) 1834, and in one embodiment a set of dedicated integer SIMD ALUs 1835.
  • the GRF 1824 and ARF 1826 includes the set of general register files and architecture register files associated with each simultaneous hardware thread that may be active in the graphics execution unit 1808.
  • per thread architectural state is maintained in the ARF 1826, while data used during thread execution is stored in the GRF 1824.
  • the execution state of each thread including the instruction pointers for each thread, can be held in thread-specific registers in the ARF 1826.
  • the graphics execution unit 1808 has an architecture that is a combination of Simultaneous Multi-Threading (SMT) and fine-grained Interleaved Multi -Threading (IMT).
  • SMT Simultaneous Multi-Threading
  • IMT Interleaved Multi -Threading
  • the architecture has a modular configuration that can be finetuned at design time based on a target number of simultaneous threads and number of registers per execution unit, where execution unit resources are divided across logic used to execute multiple simultaneous threads.
  • the number of logical threads that may be executed by the graphics execution unit 1808 is not limited to the number of hardware threads, and multiple logical threads can be assigned to each hardware thread.
  • the graphics execution unit 1808 can co-issue multiple instructions, which may each be different instructions.
  • the thread arbiter 1822 of the graphics execution unit thread 1808 can dispatch the instructions to one of the send unit 1830, branch unit 1832, or SIMD FPU(s) 1834 for execution.
  • Each execution thread can access 128 general -purpose registers within the GRF 1824, where each register can store 32 bytes, accessible as a SIMD 8-element vector of 32-bit data elements.
  • each execution unit thread has access to 4 Kbytes within the GRF 1824, although embodiments are not so limited, and greater or fewer register resources may be provided in other embodiments.
  • the graphics execution unit 1808 is partitioned into seven hardware threads that can independently perform computational operations, although the number of threads per execution unit can also vary according to embodiments. For example, in one embodiment up to 16 hardware threads are supported. In an embodiment in which seven threads may access 4 Kbytes, the GRF 1824 can store a total of 28 Kbytes. Where 16 threads may access 4Kbytes, the GRF 1824 can store a total of 64Kbytes. Flexible addressing modes can permit registers to be addressed together to build effectively wider registers or to represent strided rectangular block data structures.
  • memory operations, sampler operations, and other longer- latency system communications are dispatched via “send” instructions that are executed by the message passing send unit 1830.
  • branch instructions are dispatched to a dedicated branch unit 1832 to facilitate SIMD divergence and eventual convergence.
  • the graphics execution unit 1808 includes one or more SIMD floating point units (FPU(s)) 1834 to perform floating-point operations.
  • the FPU(s) 1834 also support integer computation.
  • the FPU(s) 1834 can SIMD execute up to M number of 32-bit floating-point (or integer) operations, or SIMD execute up to 2M 16-bit integer or 16-bit floating-point operations.
  • at least one of the FPU(s) provides extended math capability to support high-throughput transcendental math functions and double precision 54-bit floating-point.
  • a set of 8-bit integer SIMD ALUs 1835 are also present, and may be specifically optimized to perform operations associated with machine learning computations.
  • arrays of multiple instances of the graphics execution unit 1808 can be instantiated in a graphics sub-core grouping (e.g., a sub-slice). For scalability, product architects can choose the exact number of execution units per subcore grouping.
  • the execution unit 1808 can execute instructions across a plurality of execution channels. In a further embodiment, each thread executed on the graphics execution unit 1808 is executed on a different channel.
  • FIG. 15 illustrates an additional execution unit 1900, according to an embodiment.
  • the execution unit 1900 may be a compute-optimized execution unit for use in, for example, a compute engine tile 340A-340D as in FIG. 12C, but is not limited as such. Variants of the execution unit 1900 may also be used in a graphics engine tile 310A-310D as in FIG. 12B.
  • the execution unit 1900 includes a thread control unit 1901, a thread state unit 1902, an instruction fetch/prefetch unit 1903, and an instruction decode unit 1904.
  • the execution unit 1900 additionally includes a register file 1906 that stores registers that can be assigned to hardware threads within the execution unit.
  • the execution unit 1900 additionally includes a send unit 1907 and a branch unit 1908. In one embodiment, the send unit 1907 and branch unit 1908 can operate similarly as the send unit 1830 and a branch unit 1832 of the graphics execution unit 1808 of FIG. 14B.
  • the execution unit 1900 also includes a compute unit 1910 that includes multiple different types of functional units.
  • the compute unit 1910 includes an ALU unit 1911 that includes an array of arithmetic logic units.
  • the ALU unit 1911 can be configured to perform 64-bit, 32-bit, and 16-bit integer and floating point operations. Integer and floating point operations may be performed simultaneously.
  • the compute unit 1910 can also include a systolic array 1912, and a math unit 1913.
  • the systolic array 1912 includes a W wide and D deep network of data processing units that can be used to perform vector or other data-parallel operations in a systolic manner.
  • the systolic array 1912 can be configured to perform matrix operations, such as matrix dot product operations.
  • the systolic array 1912 support 16-bit floating point operations, as well as 8-bit and 4- bit integer operations. In one embodiment the systolic array 1912 can be configured to accelerate machine learning operations. In such embodiments, the systolic array 1912 can be configured with support for the bfloat 16-bit floating point format.
  • a math unit 1913 can be included to perform a specific subset of mathematical operations in an efficient and lower-power manner than then ALU unit 1911.
  • the math unit 1913 can include a variant of math logic that may be found in shared function logic of a graphics processing engine provided by other embodiments (e.g., math logic 422 of the shared function logic 420 of FIG. 13). In one embodiment the math unit 1913 can be configured to perform 32-bit and 64-bit floating point operations.
  • the thread control unit 1901 includes logic to control the execution of threads within the execution unit.
  • the thread control unit 1901 can include thread arbitration logic to start, stop, and preempt execution of threads within the execution unit 1900.
  • the thread state unit 1902 can be used to store thread state for threads assigned to execute on the execution unit 1900. Storing the thread state within the execution unit 1900 enables the rapid pre-emption of threads when those threads become blocked or idle.
  • the instruction fetch/prefetch unit 1903 can fetch instructions from an instruction cache of higher level execution logic (e.g., instruction cache 1806 as in FIG. 14A).
  • the instruction fetch/prefetch unit 1903 can also issue prefetch requests for instructions to be loaded into the instruction cache based on an analysis of currently executing threads.
  • the instruction decode unit 1904 can be used to decode instructions to be executed by the compute units. In one embodiment, the instruction decode unit 1904 can be used as a secondary decoder to decode complex instructions into constituent microoperations.
  • the execution unit 1900 additionally includes a register file 1906 that can be used by hardware threads executing on the execution unit 1900.
  • Registers in the register file 1906 can be divided across the logic used to execute multiple simultaneous threads within the compute unit 1910 of the execution unit 1900.
  • the number of logical threads that may be executed by the graphics execution unit 1900 is not limited to the number of hardware threads, and multiple logical threads can be assigned to each hardware thread.
  • the size of the register file 1906 can vary across embodiments based on the number of supported hardware threads. In one embodiment, register renaming may be used to dynamically allocate registers to hardware threads.
  • FIG. 16 is a block diagram illustrating a graphics processor instruction formats 2000 according to some embodiments.
  • the graphics processor execution units support an instruction set having instructions in multiple formats.
  • the solid lined boxes illustrate the components that are generally included in an execution unit instruction, while the dashed lines include components that are optional or that are only included in a sub-set of the instructions.
  • instruction format 2000 described and illustrated are macro-instructions, in that they are instructions supplied to the execution unit, as opposed to micro-operations resulting from instruction decode once the instruction is processed.
  • the graphics processor execution units natively support instructions in a 128-bit instruction format 2010.
  • a 64-bit compacted instruction format 2030 is available for some instructions based on the selected instruction, instruction options, and number of operands.
  • the native 128-bit instruction format 2010 provides access to all instruction options, while some options and operations are restricted in the 64-bit format 2030.
  • the native instructions available in the 64-bit format 2030 vary by embodiment.
  • the instruction is compacted in part using a set of index values in an index field 2013.
  • the execution unit hardware references a set of compaction tables based on the index values and uses the compaction table outputs to reconstruct a native instruction in the 128-bit instruction format 2010. Other sizes and formats of instruction can be used.
  • instruction opcode 2012 defines the operation that the execution unit is to perform.
  • the execution units execute each instruction in parallel across the multiple data elements of each operand. For example, in response to an add instruction the execution unit performs a simultaneous add operation across each color channel representing a texture element or picture element. By default, the execution unit performs each instruction across all data channels of the operands.
  • instruction control field 2014 enables control over certain execution options, such as channels selection (e.g., predication) and data channel order (e.g., swizzle).
  • channels selection e.g., predication
  • data channel order e.g., swizzle
  • exec-size field 2016 limits the number of data channels that will be executed in parallel. In some embodiments, exec-size field 2016 is not available for use in the 64-bit compact instruction format 2030.
  • Some execution unit instructions have up to three operands including two source operands, srcO 2020, srcl 2022, and one destination 2018. In some embodiments, the execution units support dual destination instructions, where one of the destinations is implied.
  • Data manipulation instructions can have a third source operand (e.g., SRC2 2024), where the instruction opcode 2012 determines the number of source operands.
  • An instruction's last source operand can be an immediate (e.g., hard-coded) value passed with the instruction.
  • the 128-bit instruction format 2010 includes an access/address mode field 2026 specifying, for example, whether direct register addressing mode or indirect register addressing mode is used. When direct register addressing mode is used, the register address of one or more operands is directly provided by bits in the instruction.
  • the 128-bit instruction format 2010 includes an access/address mode field 2026, which specifies an address mode and/or an access mode for the instruction.
  • the access mode is used to define a data access alignment for the instruction.
  • Some embodiments support access modes including a 16-byte aligned access mode and a 1-byte aligned access mode, where the byte alignment of the access mode determines the access alignment of the instruction operands. For example, when in a first mode, the instruction may use byte-aligned addressing for source and destination operands and when in a second mode, the instruction may use 16-byte-aligned addressing for all source and destination operands.
  • the address mode portion of the access/address mode field 2026 determines whether the instruction is to use direct or indirect addressing.
  • direct register addressing mode bits in the instruction directly provide the register address of one or more operands.
  • indirect register addressing mode the register address of one or more operands may be computed based on an address register value and an address immediate field in the instruction.
  • instructions are grouped based on opcode 2012 bit-fields to simplify Opcode decode 2040.
  • bits 4, 5, and 6 allow the execution unit to determine the type of opcode.
  • the precise opcode grouping shown is merely an example.
  • a move and logic opcode group 2042 includes data movement and logic instructions (e.g., move (mov), compare (cmp)).
  • move and logic group 2042 shares the five most significant bits (MSB), where move (mov) instructions are in the form of OOOOxxxxb and logic instructions are in the form of OOOlxxxxb.
  • a flow control instruction group 2044 (e.g., call, jump (jmp)) includes instructions in the form of OOlOxxxxb (e.g., 0x20).
  • a miscellaneous instruction group 2046 includes a mix of instructions, including synchronization instructions (e.g., wait, send) in the form of OOl lxxxxb (e.g., 0x30).
  • a parallel math instruction group 2048 includes component-wise arithmetic instructions (e.g., add, multiply (mul)) in the form of OlOOxxxxb (e.g., 0x40). The parallel math group 2048 performs the arithmetic operations in parallel across data channels.
  • the vector math group 2050 includes arithmetic instructions (e.g., dp4) in the form of OlOlxxxxb (e.g., 0x50).
  • the vector math group performs arithmetic such as dot product calculations on vector operands.
  • the illustrated opcode decode 2040 can be used to determine which portion of an execution unit will be used to execute a decoded instruction. For example, some instructions may be designated as systolic instructions that will be performed by a systolic array. Other instructions, such as ray-tracing instructions (not shown) can be routed to a ray-tracing core or ray-tracing logic within a slice or partition of execution logic.
  • FIG. 17 is a block diagram of another embodiment of a graphics processor 2100. Elements of FIG. 17 having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.
  • graphics processor 2100 includes a geometry pipeline 2120, a media pipeline 2130, a display engine 2140, thread execution logic 2150, and a render output pipeline 2170.
  • graphics processor 2100 is a graphics processor within a multi-core processing system that includes one or more general-purpose processing cores. The graphics processor is controlled by register writes to one or more control registers (not shown) or via commands issued to graphics processor 2100 via a ring interconnect 2102.
  • ring interconnect 2102 couples graphics processor 2100 to other processing components, such as other graphics processors or general-purpose processors. Commands from ring interconnect 2102 are interpreted by a command streamer 2103, which supplies instructions to individual components of the geometry pipeline 2120 or the media pipeline 2130.
  • the graphics processor 2100 may implement aspects of the environment 700 (FIG.8 A), architecture 759 (FIG. 8B), process 760 (FIG. 8C), and method 780 (FIG. 8D).
  • command streamer 2103 directs the operation of a vertex fetcher 2105 that reads vertex data from memory and executes vertex-processing commands provided by command streamer 2103.
  • vertex fetcher 2105 provides vertex data to a vertex shader 2107, which performs coordinate space transformation and lighting operations to each vertex.
  • vertex fetcher 2105 and vertex shader 2107 execute vertex-processing instructions by dispatching execution threads to execution units 2152A-2152B via a thread dispatcher 2131.
  • execution units 2152A-2152B are an array of vector processors having an instruction set for performing graphics and media operations. In some embodiments, execution units 2152A-2152B have an attached LI cache 2151 that is specific for each array or shared between the arrays.
  • the cache can be configured as a data cache, an instruction cache, or a single cache that is partitioned to contain data and instructions in different partitions.
  • geometry pipeline 2120 includes tessellation components to perform hardware-accelerated tessellation of 3D objects.
  • a programmable hull shader 2111 configures the tessellation operations.
  • a programmable domain shader 2117 provides back-end evaluation of tessellation output.
  • a tessellator 2113 operates at the direction of hull shader 2111 and contains special purpose logic to generate a set of detailed geometric objects based on a coarse geometric model that is provided as input to geometry pipeline 2120.
  • tessellation components e.g., hull shader 2111, tessellator 2113, and domain shader 2117
  • complete geometric objects can be processed by a geometry shader 2119 via one or more threads dispatched to execution units 2152A- 2152B, or can proceed directly to the clipper 2129.
  • the geometry shader operates on entire geometric objects, rather than vertices or patches of vertices as in previous stages of the graphics pipeline. If the tessellation is disabled the geometry shader 2119 receives input from the vertex shader 2107. In some embodiments, geometry shader 2119 is programmable by a geometry shader program to perform geometry tessellation if the tessellation units are disabled.
  • a clipper 2129 processes vertex data.
  • the clipper 2129 may be a fixed function clipper or a programmable clipper having clipping and geometry shader functions.
  • a rasterizer and depth test component 2173 in the render output pipeline 2170 dispatches pixel shaders to convert the geometric objects into per pixel representations.
  • pixel shader logic is included in thread execution logic 2150.
  • an application can bypass the rasterizer and depth test component 2173 and access unrasterized vertex data via a stream out unit 2123.
  • the graphics processor 2100 has an interconnect bus, interconnect fabric, or some other interconnect mechanism that allows data and message passing amongst the major components of the processor.
  • execution units 2152A- 2152B and associated logic units interconnect via a data port 2156 to perform memory access and communicate with render output pipeline components of the processor.
  • sampler 2154, caches 2151, 2158 and execution units 2152A-2152B each have separate memory access paths.
  • the texture cache 2158 can also be configured as a sampler cache.
  • render output pipeline 2170 contains a rasterizer and depth test component 2173 that converts vertex-based objects into an associated pixelbased representation.
  • the rasterizer logic includes a windower/masker unit to perform fixed function triangle and line rasterization.
  • An associated render cache 2178 and depth cache 2179 are also available in some embodiments.
  • a pixel operations component 2177 performs pixel-based operations on the data, though in some instances, pixel operations associated with 2D operations (e.g., bit block image transfers with blending) are performed by the 2D engine 2141, or substituted at display time by the display controller 2143 using overlay display planes.
  • a shared L3 cache 2175 is available to all graphics components, allowing the sharing of data without the use of main system memory.
  • graphics processor media pipeline 2130 includes a media engine 2137 and a video front-end 2134.
  • video front-end 2134 receives pipeline commands from the command streamer 2103.
  • media pipeline 2130 includes a separate command streamer.
  • video front-end 2134 processes media commands before sending the command to the media engine 2137.
  • media engine 2137 includes thread spawning functionality to spawn threads for dispatch to thread execution logic 2150 via thread dispatcher 2131.
  • graphics processor 2100 includes a display engine 2140.
  • display engine 2140 is external to processor 2100 and couples with the graphics processor via the ring interconnect 2102, or some other interconnect bus or fabric.
  • display engine 2140 includes a 2D engine 2141 and a display controller 2143.
  • display engine 2140 contains special purpose logic capable of operating independently of the 3D pipeline.
  • display controller 2143 couples with a display device (not shown), which may be a system integrated display device, as in a laptop computer, or an external display device attached via a display device connector.
  • the geometry pipeline 2120 and media pipeline 2130 are configurable to perform operations based on multiple graphics and media programming interfaces and are not specific to any one application programming interface (API).
  • driver software for the graphics processor translates API calls that are specific to a particular graphics or media library into commands that can be processed by the graphics processor.
  • support is provided for the Open Graphics Library (OpenGL), Open Computing Language (OpenCL), and/or Vulkan graphics and compute API, all from the Khronos Group.
  • support may also be provided for the Direct3D library from the Microsoft Corporation.
  • a combination of these libraries may be supported.
  • Support may also be provided for the Open Source Computer Vision Library (OpenCV).
  • OpenCV Open Source Computer Vision Library
  • a future API with a compatible 3D pipeline would also be supported if a mapping can be made from the pipeline of the future API to the pipeline of the graphics processor.
  • FIG. 18A is a block diagram illustrating a graphics processor command format 2200 according to some embodiments.
  • FIG. 18B is a block diagram illustrating a graphics processor command sequence 2210 according to an embodiment.
  • the solid lined boxes in FIG. 18A illustrate the components that are generally included in a graphics command while the dashed lines include components that are optional or that are only included in a sub-set of the graphics commands.
  • the exemplary graphics processor command format 2200 of FIG. 18A includes data fields to identify a client 2202, a command operation code (opcode) 2204, and data 2206 for the command.
  • opcode command operation code
  • a sub-opcode 2205 and a command size 2208 are also included in some commands.
  • client 2202 specifies the client unit of the graphics device that processes the command data.
  • a graphics processor command parser examines the client field of each command to condition the further processing of the command and route the command data to the appropriate client unit.
  • the graphics processor client units include a memory interface unit, a render unit, a 2D unit, a 3D unit, and a media unit. Each client unit has a corresponding processing pipeline that processes the commands. Once the command is received by the client unit, the client unit reads the opcode 2204 and, if present, sub- opcode 2205 to determine the operation to perform. The client unit performs the command using information in data field 2206.
  • an explicit command size 2208 is expected to specify the size of the command.
  • the command parser automatically determines the size of at least some of the commands based on the command opcode. In some embodiments commands are aligned via multiples of a double word. Other command formats can be used.
  • the flow diagram in FIG. 18B illustrates an exemplary graphics processor command sequence 2210.
  • software or firmware of a data processing system that features an embodiment of a graphics processor uses a version of the command sequence shown to set up, execute, and terminate a set of graphics operations.
  • a sample command sequence is shown and described for purposes of example only as embodiments are not limited to these specific commands or to this command sequence.
  • the commands may be issued as batch of commands in a command sequence, such that the graphics processor will process the sequence of commands in at least partially concurrence.
  • the graphics processor command sequence 2210 may begin with a pipeline flush command 2212 to cause any active graphics pipeline to complete the currently pending commands for the pipeline.
  • the 3D pipeline 2222 and the media pipeline 2224 do not operate concurrently.
  • the pipeline flush is performed to cause the active graphics pipeline to complete any pending commands.
  • the command parser for the graphics processor will pause command processing until the active drawing engines complete pending operations and the relevant read caches are invalidated.
  • any data in the render cache that is marked ‘dirty’ can be flushed to memory.
  • pipeline flush command 2212 can be used for pipeline synchronization or before placing the graphics processor into a low power state.
  • a pipeline select command 2213 is used when a command sequence requires the graphics processor to explicitly switch between pipelines. In some embodiments, a pipeline select command 2213 is required only once within an execution context before issuing pipeline commands unless the context is to issue commands for both pipelines. In some embodiments, a pipeline flush command 2212 is required immediately before a pipeline switch via the pipeline select command 2213. In some embodiments, a pipeline control command 2214 configures a graphics pipeline for operation and is used to program the 3D pipeline 2222 and the media pipeline 2224. In some embodiments, pipeline control command 2214 configures the pipeline state for the active pipeline. In one embodiment, the pipeline control command 2214 is used for pipeline synchronization and to clear data from one or more cache memories within the active pipeline before processing a batch of commands.
  • return buffer state commands 2216 are used to configure a set of return buffers for the respective pipelines to write data. Some pipeline operations require the allocation, selection, or configuration of one or more return buffers into which the operations write intermediate data during processing. In some embodiments, the graphics processor also uses one or more return buffers to store output data and to perform cross thread communication. In some embodiments, the return buffer state commands 2216 select the size and number of return buffers to use for a set of pipeline operations.
  • the remaining commands in the command sequence differ based on the active pipeline for operations. Based on a pipeline determination 2220, the command sequence is tailored to the 3D pipeline 2222 beginning with the 3D pipeline state 2230 or the media pipeline 2224 beginning at the media pipeline state 2240.
  • the commands to configure the 3D pipeline state 2230 include 3D state setting commands for vertex buffer state, vertex element state, constant color state, depth buffer state, and other state variables that are to be configured before 3D primitive commands are processed. The values of these commands are determined at least in part based on the particular 3D API in use. In some embodiments, 3D pipeline state 2230 commands are also able to selectively disable or bypass certain pipeline elements if those elements will not be used.
  • 3D primitive 2232 command is used to submit 3D primitives to be processed by the 3D pipeline. Commands and associated parameters that are passed to the graphics processor via the 3D primitive 2232 command are forwarded to the vertex fetch function in the graphics pipeline.
  • the vertex fetch function uses the 3D primitive 2232 command data to generate vertex data structures.
  • the vertex data structures are stored in one or more return buffers.
  • 3D primitive 2232 command is used to perform vertex operations on 3D primitives via vertex shaders.
  • 3D pipeline 2222 dispatches shader execution threads to graphics processor execution units.
  • 3D pipeline 2222 is triggered via an execute 2234 command or event.
  • a register write triggers command execution.
  • execution is triggered via a ‘go’ or ‘kick’ command in the command sequence.
  • command execution is triggered using a pipeline synchronization command to flush the command sequence through the graphics pipeline.
  • the 3D pipeline will perform geometry processing for the 3D primitives. Once operations are complete, the resulting geometric objects are rasterized and the pixel engine colors the resulting pixels. Additional commands to control pixel shading and pixel back end operations may also be included for those operations.
  • the graphics processor command sequence 2210 follows the media pipeline 2224 path when performing media operations.
  • the specific use and manner of programming for the media pipeline 2224 depends on the media or compute operations to be performed. Specific media decode operations may be offloaded to the media pipeline during media decode.
  • the media pipeline can also be bypassed and media decode can be performed in whole or in part using resources provided by one or more general-purpose processing cores.
  • the media pipeline also includes elements for general-purpose graphics processor unit (GPGPU) operations, where the graphics processor is used to perform SIMD vector operations using computational shader programs that are not explicitly related to the rendering of graphics primitives.
  • GPGPU general-purpose graphics processor unit
  • media pipeline 2224 is configured in a similar manner as the 3D pipeline 2222.
  • a set of commands to configure the media pipeline state 2240 are dispatched or placed into a command queue before the media object commands 2242.
  • commands for the media pipeline state 2240 include data to configure the media pipeline elements that will be used to process the media objects. This includes data to configure the video decode and video encode logic within the media pipeline, such as encode or decode format.
  • commands for the media pipeline state 2240 also support the use of one or more pointers to “indirect” state elements that contain a batch of state settings.
  • media object commands 2242 supply pointers to media objects for processing by the media pipeline.
  • the media objects include memory buffers containing video data to be processed.
  • all media pipeline states must be valid before issuing a media object command 2242.
  • the media pipeline 2224 is triggered via an execute command 2244 or an equivalent execute event (e.g., register write).
  • Output from media pipeline 2224 may then be post processed by operations provided by the 3D pipeline 2222 or the media pipeline 2224.
  • GPGPU operations are configured and executed in a similar manner as media operations.
  • FIG. 19 illustrates an exemplary graphics software architecture for a data processing system 2300 according to some embodiments.
  • software architecture includes a 3D graphics application 2310, an operating system 2320, and at least one processor 2330.
  • processor 2330 includes a graphics processor 2332 and one or more general-purpose processor core(s) 2334.
  • the graphics application 2310 and operating system 2320 each execute in the system memory 2350 of the data processing system.
  • 3D graphics application 2310 contains one or more shader programs including shader instructions 2312.
  • the shader language instructions may be in a high-level shader language, such as the High-Level Shader Language (HLSL) of Direct3D, the OpenGL Shader Language (GLSL), and so forth.
  • the application also includes executable instructions 2314 in a machine language suitable for execution by the general-purpose processor core 2334.
  • the application also includes graphics objects 2316 defined by vertex data.
  • operating system 2320 is a Microsoft® Windows® operating system from the Microsoft Corporation, a proprietary UNIX-like operating system, or an open source UNIX-like operating system using a variant of the Linux kernel.
  • the operating system 2320 can support a graphics API 2322 such as the Direct3D API, the OpenGL API, or the Vulkan API.
  • the operating system 2320 uses a front-end shader compiler 2324 to compile any shader instructions 2312 in HLSL into a lower-level shader language.
  • the compilation may be a just-in-time (JIT) compilation or the application can perform shader precompilation.
  • high-level shaders are compiled into low-level shaders during the compilation of the 3D graphics application 2310.
  • the shader instructions 2312 are provided in an intermediate form, such as a version of the Standard Portable Intermediate Representation (SPIR) used by the Vulkan API.
  • SPIR Standard Portable Intermediate Representation
  • user mode graphics driver 2326 contains a back-end shader compiler 2327 to convert the shader instructions 2312 into a hardware specific representation.
  • shader instructions 2312 in the GLSL high-level language are passed to a user mode graphics driver 2326 for compilation.
  • user mode graphics driver 2326 uses operating system kernel mode functions 2328 to communicate with a kernel mode graphics driver 2329.
  • kernel mode graphics driver 2329 communicates with graphics processor 2332 to dispatch commands and instructions.
  • One or more aspects of at least one embodiment may be implemented by representative code stored on a machine-readable medium which represents and/or defines logic within an integrated circuit such as a processor.
  • the machine-readable medium may include instructions which represent various logic within the processor. When read by a machine, the instructions may cause the machine to fabricate the logic to perform the techniques described herein.
  • Such representations known as “IP cores,” are reusable units of logic for an integrated circuit that may be stored on a tangible, machine-readable medium as a hardware model that describes the structure of the integrated circuit.
  • the hardware model may be supplied to various customers or manufacturing facilities, which load the hardware model on fabrication machines that manufacture the integrated circuit.
  • the integrated circuit may be fabricated such that the circuit performs operations described in association with any of the embodiments described herein.
  • FIG. 20A is a block diagram illustrating an IP core development system 2400 that may be used to manufacture an integrated circuit to perform operations according to an embodiment.
  • the IP core development system 2400 may be used to generate modular, re-usable designs that can be incorporated into a larger design or used to construct an entire integrated circuit (e.g., an SOC integrated circuit).
  • a design facility 2430 can generate a software simulation 2410 of an IP core design in a high-level programming language (e.g., C/C++).
  • the software simulation 2410 can be used to design, test, and verily the behavior of the IP core using a simulation model 2412.
  • the simulation model 2412 may include functional, behavioral, and/or timing simulations.
  • a register transfer level (RTL) design 2415 can then be created or synthesized from the simulation model 2412.
  • the RTL design 2415 is an abstraction of the behavior of the integrated circuit that models the flow of digital signals between hardware registers, including the associated logic performed using the modeled digital signals.
  • lower-level designs at the logic level or transistor level may also be created, designed, or synthesized. Thus, the particular details of the initial design and simulation may vary.
  • the RTL design 2415 or equivalent may be further synthesized by the design facility into a hardware model 2420, which may be in a hardware description language (HDL), or some other representation of physical design data.
  • the HDL may be further simulated or tested to verify the IP core design.
  • the IP core design can be stored for delivery to a 3rd party fabrication facility 2465 using non-volatile memory 2440 (e.g., hard disk, flash memory, or any non-volatile storage medium).
  • the IP core design may be transmitted (e.g., via the Internet) over a wired connection 2450 or wireless connection 2460.
  • the fabrication facility 2465 may then fabricate an integrated circuit that is based at least in part on the IP core design.
  • the fabricated integrated circuit can be configured to perform operations in accordance with at least one embodiment described herein. Some embodiments may generate an IP core design for aspects of the architecture 1150 (FIG. 7A), method 1190 (FIG. 7B), method 810 (FIG. 7C), and/or the method 840 (FIG. 7D) already discussed. Some embodiments may further relate to performance enhanced computing architecture 3400 (FIG. 6G), entry 3402 (FIG. 6H), and method 3500 (FIG. 61) already discussed.
  • FIG. 20B illustrates a cross-section side view of an integrated circuit package assembly 2470, according to some embodiments described herein.
  • the integrated circuit package assembly 2470 may implement aspects of the architecture 1150 (FIG. 7 A), method 1190 (FIG. 7B), method 810 (FIG. 7C), and/or the method 840 (FIG. 7D) already discussed, and further to include a CCE (FIG. 7A).
  • the integrated circuit package assembly 2470 illustrates an implementation of one or more processor or accelerator devices as described herein.
  • the package assembly 2470 includes multiple units of hardware logic 2472, 2474 connected to a substrate 2480.
  • the logic 2472, 2474 may be implemented at least partly in configurable logic or fixed-functionality logic hardware, and can include one or more portions of any of the processor core(s), graphics processor(s), or other accelerator devices described herein. Each unit of logic 2472, 2474 can be implemented within a semiconductor die and coupled with the substrate 2480 via an interconnect structure 2473.
  • the interconnect structure 2473 may be configured to route electrical signals between the logic 2472, 2474 and the substrate 2480, and can include interconnects such as, but not limited to bumps or pillars.
  • the interconnect structure 2473 may be configured to route electrical signals such as, for example, input/output (I/O) signals and/or power or ground signals associated with the operation of the logic 2472, 2474.
  • the substrate 2480 is an epoxy-based laminate substrate.
  • the substrate 2480 may include other suitable types of substrates in other embodiments.
  • the package assembly 2470 can be connected to other electrical devices via a package interconnect 2483.
  • the package interconnect 2483 may be coupled to a surface of the substrate 2480 to route electrical signals to other electrical devices, such as a motherboard, other chipset, or multi-chip module.
  • the units of logic 2472, 2474 are electrically coupled with a bridge 2482 that is configured to route electrical signals between the logic 2472, 2474.
  • the bridge 2482 may be a dense interconnect structure that provides a route for electrical signals.
  • the bridge 2482 may include a bridge substrate composed of glass or a suitable semiconductor material. Electrical routing features can be formed on the bridge substrate to provide a chip-to-chip connection between the logic 2472, 2474.
  • embodiments described herein may include more or fewer logic units on one or more dies.
  • the one or more dies may be connected by zero or more bridges, as the bridge 2482 may be excluded when the logic is included on a single die.
  • multiple dies or units of logic can be connected by one or more bridges.
  • multiple logic units, dies, and bridges can be connected together in other possible configurations, including three-dimensional configurations.
  • FIG. 20C illustrates a package assembly 2490 that includes multiple units of hardware logic chiplets connected to a substrate 2480 (e.g., base die).
  • a graphics processing unit, parallel processor, and/or compute accelerator as described herein can be composed from diverse silicon chiplets that are separately manufactured.
  • a chiplet is an at least partially packaged integrated circuit that includes distinct units of logic that can be assembled with other chiplets into a larger package.
  • a diverse set of chiplets with different IP core logic can be assembled into a single device.
  • the chiplets can be integrated into a base die or base chiplet using active interposer technology. The concepts described herein enable the interconnection and communication between the different forms of IP within the GPU.
  • IP cores can be manufactured using different process technologies and composed during manufacturing, which avoids the complexity of converging multiple IPs, especially on a large SoC with several flavors IPs, to the same manufacturing process. Enabling the use of multiple process technologies improves the time to market and provides a cost- effective way to create multiple product SKUs. Additionally, the disaggregated IPs are more amenable to being power gated independently, components that are not in use on a given workload can be powered off, reducing overall power consumption.
  • the hardware logic chiplets can include special purpose hardware logic chiplets 2472, logic or I/O chiplets 2474, and/or memory chiplets 2475.
  • the hardware logic chiplets 2472 and logic or I/O chiplets 2474 may be implemented at least partly in configurable logic or fixed-functionality logic hardware and can include one or more portions of any of the processor core(s), graphics processor(s), parallel processors, or other accelerator devices described herein.
  • the memory chiplets 2475 can be DRAM (e.g., GDDR, HBM) memory or cache (SRAM) memory.
  • Each chiplet can be fabricated as separate semiconductor die and coupled with the substrate 2480 via an interconnect structure 2473.
  • the interconnect structure 2473 may be configured to route electrical signals between the various chiplets and logic within the substrate 2480.
  • the interconnect structure 2473 can include interconnects such as, but not limited to bumps or pillars.
  • the interconnect structure 2473 may be configured to route electrical signals such as, for example, input/output (I/O) signals and/or power or ground signals associated with the operation of the logic, I/O and memory chiplets.
  • I/O input/output
  • the substrate 2480 is an epoxy-based laminate substrate.
  • the substrate 2480 may include other suitable types of substrates in other embodiments.
  • the package assembly 2490 can be connected to other electrical devices via a package interconnect 2483.
  • the package interconnect 2483 may be coupled to a surface of the substrate 2480 to route electrical signals to other electrical devices, such as a motherboard, other chipset, or multi-chip module.
  • a logic or I/O chiplet 2474 and a memory chiplet 2475 can be electrically coupled via a bridge 2487 that is configured to route electrical signals between the logic or I/O chiplet 2474 and a memory chiplet 2475.
  • the bridge 2487 may be a dense interconnect structure that provides a route for electrical signals.
  • the bridge 2487 may include a bridge substrate composed of glass or a suitable semiconductor material. Electrical routing features can be formed on the bridge substrate to provide a chip-to-chip connection between the logic or I/O chiplet 2474 and a memory chiplet 2475.
  • the bridge 2487 may also be referred to as a silicon bridge or an interconnect bridge.
  • the bridge 2487 in some embodiments, is an Embedded Multi-die Interconnect Bridge (EMIB).
  • EMIB Embedded Multi-die Interconnect Bridge
  • the bridge 2487 may simply be a direct connection from one chiplet to another chiplet.
  • the substrate 2480 can include hardware components for I/O 2491, cache memory 2492, and other hardware logic 2493.
  • a fabric 2485 can be embedded in the substrate 2480 to enable communication between the various logic chiplets and the logic 2491, 2493 within the substrate 2480.
  • the I/O 2491, fabric 2485, cache, bridge, and other hardware logic 2493 can be integrated into a base die that is layered on top of the substrate 2480.
  • a package assembly 2490 can include fewer or greater number of components and chiplets that are interconnected by a fabric 2485 or one or more bridges 2487.
  • the chiplets within the package assembly 2490 may be arranged in a 3D or 2.5D arrangement.
  • bridge structures 2487 may be used to facilitate a point to point interconnect between, for example, logic or I/O chiplets and memory chiplets.
  • the fabric 2485 can be used to interconnect the various logic and/or VO chiplets (e.g., chiplets 2472, 2474, 2491, 2493). with other logic and/or VO chiplets.
  • the cache memory 2492 within the substrate can act as a global cache for the package assembly 2490, part of a distributed global cache, or as a dedicated cache for the fabric 2485.
  • FIG. 20D illustrates a package assembly 2494 including interchangeable chiplets 2495, according to an embodiment.
  • the interchangeable chiplets 2495 can be assembled into standardized slots on one or more base chiplets 2496, 2498.
  • the base chiplets 2496, 2498 can be coupled via a bridge interconnect 2497, which can be similar to the other bridge interconnects described herein and may be, for example, an EMIB.
  • Memory chiplets can also be connected to logic or I/O chiplets via a bridge interconnect. I/O and logic chiplets can communicate via an interconnect fabric.
  • the base chiplets can each support one or more slots in a standardized format for one of logic or I/O or memory/cache.
  • SRAM and power delivery circuits can be fabricated into one or more of the base chiplets 2496, 2498, which can be fabricated using a different process technology relative to the interchangeable chiplets 2495 that are stacked on top of the base chiplets.
  • the base chiplets 2496, 2498 can be fabricated using a larger process technology, while the interchangeable chiplets can be manufactured using a smaller process technology.
  • One or more of the interchangeable chiplets 2495 may be memory (e.g., DRAM) chiplets. Different memory densities can be selected for the package assembly 2494 based on the power, and/or performance targeted for the product that uses the package assembly 2494.
  • logic chiplets with a different number of type of functional units can be selected at time of assembly based on the power, and/or performance targeted for the product. Additionally, chiplets containing IP logic cores of differing types can be inserted into the interchangeable chiplet slots, enabling hybrid processor designs that can mix and match different technology IP blocks.
  • FIGs. 21-22B illustrate exemplary integrated circuits and associated graphics processors that may be fabricated using one or more IP cores, according to various embodiments described herein. In addition to what is illustrated, other logic and circuits may be included, including additional graphics processors/cores, peripheral interface controllers, or general-purpose processor cores.
  • FIG. 21 is a block diagram illustrating an exemplary system on a chip integrated circuit 1200 that may be fabricated using one or more IP cores, according to an embodiment.
  • Exemplary integrated circuit 1200 includes one or more application processor(s) 1205 (e.g., CPUs), at least one graphics processor 1210, and may additionally include an image processor 1215 and/or a video processor 1220, any of which may be a modular IP core from the same or multiple different design facilities.
  • Integrated circuit 1200 includes peripheral or bus logic including a USB controller 1225, UART controller 1230, an SPI/SDIO controller 1235, and an I2S/I2C controller 1240.
  • the integrated circuit can include a display device 1245 coupled to one or more of a high-definition multimedia interface (HDMI) controller 1250 and a mobile industry processor interface (MIPI) display interface 1255.
  • HDMI high-definition multimedia interface
  • MIPI mobile industry processor interface
  • Storage may be provided by a flash memory subsystem 1260 including flash memory and a flash memory controller.
  • Memory interface may be provided via a memory controller 1265 for access to SDRAM or SRAM memory devices.
  • Some integrated circuits additionally include an embedded security engine 1270.
  • FIGs. 22A-22B are block diagrams illustrating exemplary graphics processors for use within an SoC, according to embodiments described herein.
  • FIG. 22A illustrates an exemplary graphics processor 1310 of a system on a chip integrated circuit that may be fabricated using one or more IP cores, according to an embodiment.
  • FIG. 22B illustrates an additional exemplary graphics processor 1340 of a system on a chip integrated circuit that may be fabricated using one or more IP cores, according to an embodiment.
  • Graphics processor 1310 of FIG. 22A is an example of a low power graphics processor core.
  • Graphics processor 1340 of FIG. 22B is an example of a higher performance graphics processor core.
  • Each of the graphics processors 1310, 1340 can be variants of the graphics processor 1210 of FIG. 21.
  • FIGs. 22A-22B are block diagrams illustrating exemplary graphics processors for use within an SoC, according to embodiments described herein.
  • FIG. 22A illustrates an exemplary graphics processor 2610 of a system on a chip integrated circuit that may be fabricated using one or more IP cores, according to an embodiment.
  • FIG. 22B illustrates an additional exemplary graphics processor 2640 of a system on a chip integrated circuit that may be fabricated using one or more IP cores, according to an embodiment.
  • Graphics processor 2610 of FIG. 22A is an example of a low power graphics processor core.
  • Graphics processor 2640 of FIG. 22B is an example of a higher performance graphics processor core.
  • Each of the graphics processors 2610, 2640 can be variants of the graphics processor 2510 of FIG. 21.
  • graphics processor 2610 includes a vertex processor 2605 and one or more fragment processor(s) 2615A-2615N (e.g., 2615A, 2615B, 2615C, 2615D, through 2615N-1, and 2615N).
  • Graphics processor 2610 can execute different shader programs via separate logic, such that the vertex processor 2605 is optimized to execute operations for vertex shader programs, while the one or more fragment processor(s) 2615A-2615N execute fragment (e.g., pixel) shading operations for fragment or pixel shader programs.
  • the vertex processor 2605 performs the vertex processing stage of the 3D graphics pipeline and generates primitives and vertex data.
  • the fragment processor(s) 2615A-2615N use the primitive and vertex data generated by the vertex processor 2605 to produce a framebuffer that is displayed on a display device.
  • the fragment processor(s) 2615A-2615N are optimized to execute fragment shader programs as provided for in the OpenGL API, which may be used to perform similar operations as a pixel shader program as provided for in the Direct 3D API.
  • the GPU 2610 may operate similarly to the GPU 1152 (FIG. 7 A).
  • Graphics processor 2610 additionally includes one or more memory management units (MMUs) 2620A-2620B, cache(s) 2625A-2625B, and circuit interconnect(s) 2630A-2630B.
  • MMUs memory management units
  • the one or more MMU(s) 2620A-2620B provide for virtual to physical address mapping for the graphics processor 2610, including for the vertex processor 2605 and/or fragment processor(s) 2615A-2615N, which may reference vertex or image/texture data stored in memory, in addition to vertex or image/texture data stored in the one or more cache(s) 2625A-2625B.
  • the one or more MMU(s) 2620A-2620B may be synchronized with other MMUs within the system, including one or more MMUs associated with the one or more application processor(s) 2505, image processor 2515, and/or video processor 2520 of FIG. 21, such that each processor 2505-2520 can participate in a shared or unified virtual memory system.
  • the one or more circuit interconnect(s) 2630A-2630B enable graphics processor 2610 to interface with other IP cores within the SoC, either via an internal bus of the SoC or via a direct connection, according to embodiments.
  • graphics processor 2640 includes the one or more MMU(s) 2620A-2620B, cache(s) 2625 A-2625B, and circuit interconnect(s) 2630A-2630B of the graphics processor 2610 of FIG. 22A.
  • Graphics processor 2640 includes one or more shader core(s) 2655A-2655N (e.g., 2655A, 2655B, 2655C, 2655D, 2655E, 2655F, through 2655N-1, and 2655N), which provides for a unified shader core architecture in which a single core or type or core can execute all types of programmable shader code, including shader program code to implement vertex shaders, fragment shaders, and/or compute shaders.
  • graphics processor 2640 includes an inter-core task manager 2645, which acts as a thread dispatcher to dispatch execution threads to one or more shader cores 2655A-2655N and a tiling unit 2658 to accelerate tiling operations for tile-based rendering, in which rendering operations for a scene are subdivided in image space, for example to exploit local spatial coherence within a scene or to optimize use of internal caches.
  • inter-core task manager 2645 acts as a thread dispatcher to dispatch execution threads to one or more shader cores 2655A-2655N and a tiling unit 2658 to accelerate tiling operations for tile-based rendering, in which rendering operations for a scene are subdivided in image space, for example to exploit local spatial coherence within a scene or to optimize use of internal caches.
  • Example Al includes a computing system comprising a graphics processor including a plurality of cores including lanes and encryption engines, wherein each of the lanes is to be associated with a different encryption engine of the encryption engines, a memory including a set of instructions, which when executed by the graphics processor, cause the computing system to process thread data with the lanes, and encrypt, with the encryption engines, the lanes according to a plurality of different encryption keys.
  • Example A2 includes the computing system of Example Al, wherein the instructions, when executed, cause the computing system to identify that a first thread is to be associated with a first context, identify a first key associated with the first context, and encrypt, with a first encryption engine of the encryption engines, first data associated with the first thread based on the first key.
  • Example A3 includes the computing system of Example A2, wherein the instructions, when executed, cause the computing system to identify that a second thread is to be associated with a second context, identify a second key associated with the second context, and encrypt, with a second encryption engine, second data associated with the second thread based on the second key concurrently with the encryption of the first data.
  • Example A4 includes the computing system of Example Al, wherein the instructions, when executed, cause the computing system to verify credentials of a thread, and assign a key to the thread based on the credentials.
  • Example A5 includes the computing system of Example Al, wherein the instructions, when executed, cause the computing system to concatenate data associated with a same encryption key, wherein the data is to originate from a plurality of the lanes.
  • Example A6 includes the computing system of any one of Examples Al to A5, wherein the graphics processor is to be a single instruction, multiple data architecture.
  • Example A7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to process thread data with lanes of a plurality of cores of a graphics processor, wherein the plurality of cores include encryption engines, wherein each of the lanes is to be associated with a different encryption engine of the encryption engines, and encrypt, with the encryption engines, the lanes according to a plurality of different encryption keys.
  • Example A8 includes the apparatus of Example A7, wherein the logic coupled to the one or more substrates is to identify that a first thread is to be associated with a first context, identify a first key associated with the first context, and encrypt, with a first encryption engine of the encryption engines, first data associated with the first thread based on the first key.
  • Example A9 includes the apparatus of Example A8, wherein the logic coupled to the one or more substrates is to identify that a second thread is to be associated with a second context, identify a second key associated with the second context, and encrypt, with a second encryption engine, second data associated with the second thread based on the second key concurrently with the encryption of the first data.
  • Example A10 includes the apparatus of Example A7, wherein the logic coupled to the one or more substrates is to verify credentials of a thread, and assign a key to the thread based on the credentials.
  • Example Al 1 includes the apparatus of Example A7, wherein the logic coupled to the one or more substrates is to concatenate data associated with a same encryption key, wherein the data is to originate from a plurality of the lanes.
  • Example Al 2 includes the apparatus of any one of Examples A7 to Al l, wherein the graphics processor is to be a single instruction, multiple data architecture.
  • Example Al 3 includes the apparatus of any one of Examples A7 to Al l, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.
  • Example A14 includes At least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to process thread data with lanes of a plurality of cores of a graphics processor, wherein the plurality of cores include encryption engines, wherein each of the lanes is to be associated with a different encryption engine of the encryption engines, and encrypt, with the encryption engines, the lanes according to a plurality of different encryption keys.
  • Example Al 5 includes the at least one computer readable storage medium of Example A14, wherein the instructions, when executed, cause the computing device to identify that a first thread is to be associated with a first context, identify a first key associated with the first context, and encrypt, with a first encryption engine of the encryption engines, first data associated with the first thread based on the first key.
  • Example Al 6 the at least one computer readable storage medium of Example Al 5, wherein the instructions, when executed, cause the computing device to identify that a second thread is to be associated with a second context, identify a second key associated with the second context, and encrypt, with a second encryption engine, second data associated with the second thread based on the second key concurrently with the encryption of the first data.
  • Example Al 7 includes the at least one computer readable storage medium of Example A14, wherein the instructions, when executed, cause the computing device to verify credentials of a thread, and assign a key to the thread based on the credentials.
  • Example Al 8 includes the at least one computer readable storage medium of Example A14, wherein the instructions, when executed, cause the computing device to concatenate data associated with a same encryption key, wherein the data is to originate from a plurality of the lanes.
  • Example Al 9 includes the at least one computer readable storage medium of any one of Examples A14 to Al 8, wherein the graphics processor is to be a single instruction, multiple data architecture.
  • Example A20 includes a method comprising processing thread data with lanes of a plurality of cores of a graphics processor, wherein the plurality of cores include encryption engines, wherein each of the lanes is associated with a different encryption engine of the encryption engines, and encrypting, with the encryption engines, the lanes according to a plurality of different encryption keys.
  • Example A21 includes the method of Example A20, further comprising identifying that a first thread is associated with a first context, identifying a first key associated with the first context, and encrypting, with a first encryption engine of the encryption engines, first data associated with the first thread based on the first key.
  • Example A22 includes the method of Example A21, further comprising identifying that a second thread is associated with a second context, identifying a second key associated with the second context, and encrypting, with a second encryption engine, second data associated with the second thread based on the second key concurrently with the encryption of the first data.
  • Example A23 includes the method of Example A20, further comprising verifying credentials of a thread, and assigning a key to the thread based on the credentials.
  • Example A24 includes the method of Example A20, further comprising concatenating data associated with a same encryption key, wherein the data originates from a plurality of the lanes.
  • Example A25 includes the method of any one of Examples A20 to A24, wherein the graphics processor is a single instruction, multiple data architecture.
  • Example A26 includes an apparatus comprising means for performing the method of any one of Examples A20 to A25.
  • Example Bl includes a computing system comprising a graphics processor, a memory including a set of instructions, which when executed by the graphics processor, cause the computing system to identify a plurality of claims associated with a same content, wherein the plurality of claims are to originate from a plurality of sources, and determine an authenticity score for the content based on the plurality of claims.
  • Example B2 includes the computing system of Example Bl, wherein each respective claim of the plurality of claims is to include an indication of whether the same content is authentic or fake.
  • Example B3 includes the computing system of Example B2, wherein one or more of the claims is to include an identification of a machine learning model that generated the indication.
  • Example B4 includes the computing system of Example Bl, wherein one or more of the claims is to include a non-machine learning reproductive algorithm that is to reproduce the same content.
  • Example B5 includes the computing system of Example Bl, wherein one or more of the claims is to include a machine learning reproductive algorithm that is to reproduce the same content.
  • Example B6 includes the computing system of any one of Examples Bl to B5, wherein the instructions, when executed, cause the computing system to execute a machine learning algorithm to determine the authenticity score.
  • Example B7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to identify a plurality of claims associated with a same content, wherein the plurality of claims are to originate from a plurality of sources, and determine an authenticity score for the content based on the plurality of claims.
  • Example B8 includes the apparatus of Example B7, wherein each respective claim of the plurality of claims is to include an indication of whether the same content is authentic or fake.
  • Example B9 includes the apparatus of claim B8, wherein one or more of the claims is to include an identification of a machine learning model that generated the indication.
  • Example BIO includes the apparatus of Example B7, wherein one or more of the claims is to include a non-machine learning reproductive algorithm that is to reproduce the same content.
  • Example Bl l includes the apparatus of Example B7, wherein one or more of the claims is to include a machine learning reproductive algorithm that is to reproduce the same content.
  • Example B12 includes the apparatus of any one of Examples B7 to Bll, wherein the logic coupled to the one or more substrates is to execute a machine learning algorithm to determine the authenticity score.
  • Example Bl 3 includes the apparatus of any one of Examples B7 to Bll, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.
  • Example B14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to identify a plurality of claims associated with a same content, wherein the plurality of claims is to originate from a plurality of sources, and determine an authenticity score for the content based on the plurality of claims.
  • Example B15 includes the at least one computer readable storage medium of Example Bl 4, wherein each respective claim of the plurality of claims is to include an indication of whether the same content is authentic or fake.
  • Example B16 includes the at least one computer readable storage medium of Example B15, wherein one or more of the claims is to include an identification of a machine learning model that generated the indication.
  • Example B17 includes the at least one computer readable storage medium of Example Bl 4, wherein one or more of the claims is to include a non-machine learning reproductive algorithm that is to reproduce the same content.
  • Example B18 includes the at least one computer readable storage medium of Example Bl 4, wherein one or more of the claims is to include a machine learning reproductive algorithm that is to reproduce the same content.
  • Example B19 includes the at least one computer readable storage medium of any one of Examples B14 to Bl 8, wherein, wherein the instructions, when executed, cause the computing system to execute a machine learning algorithm to determine the authenticity score.
  • Example B20 includes a method comprising identifying a plurality of claims associated with a same content, wherein the plurality of claims originate from a plurality of sources, and determining an authenticity score for the content based on the plurality of claims.
  • Example B21 includes the method of Example B20, wherein each respective claim of the plurality of claims includes an indication of whether the same content is authentic or fake.
  • Example B22 includes the method of Example B21, wherein one or more of the claims includes an identification of a machine learning model that generated the indication.
  • Example B23 includes the method of Example B20, wherein one or more of the claims include a non-machine learning reproductive algorithm that reproduced the same content.
  • Example B24 includes the method of Example B20, wherein one or more of the claims includes a machine learning reproductive algorithm that reproduced the same content.
  • Example B25 includes the method of any one of Examples B20 to B24, further comprising executing a machine learning algorithm to determine the authenticity score.
  • Example B26 includes an apparatus comprising means for performing the method of any one of Examples B20 to B25.
  • Example Cl includes a computing system comprising a data storage, a host processor, a plurality of accelerators that are to be divided into a first trust domain and a second trust domain, wherein the plurality of accelerators are to include a graphics processor, and a converged cryptographic engine (CCE) implemented at least partly in one or more of configurable logic or fixed-functionality logic hardware, and a memory including a set of instructions, which when executed by one or more of the graphics processor or the host processor, cause the computing system to partition a plurality of encryption keys between the first trust domain and the second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain, and encrypt, with the CCE, data according to the first encryption keys or the second encryption keys based on whether the data is to originate from the first trust domain or the second trust domain.
  • CCE converged cryptographic engine
  • Example C2 includes the computing system of example Cl, wherein the instructions, when executed, cause the computing system to identify, with the CCE, that a first data write is to originate from the first trust domain, and encrypt, with the CCE, data associated with the first data write with a key of the first encryption keys.
  • Example C3 includes the computing system of example C2, wherein the instructions, when executed, cause the computing system to identify, with the CCE, that a second data write is to originate from the second trust domain, and encrypt, with the CCE, data associated with the second data write with a key of the second encryption keys.
  • Example C4 includes the computing system of example Cl, wherein the instructions, when executed, cause the computing system to block the host processor from accessing the first encryption keys and the second encryption keys.
  • Example C5 includes the computing system of example Cl, wherein the instructions, when executed, cause the computing system to store the encrypted data in the data storage.
  • Example C6 includes the computing system of any one of examples C1-C5, wherein the CCE is be in a memory path between the first and second trust domains and the data storage.
  • Example C7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to partition a plurality of encryption keys between a first trust domain and a second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain, wherein the first and second trust domains are to be associated with a plurality of accelerators, and encrypt, with a converged cryptographic engine (CCE), data according to the first encryption keys or the second encryption keys based on whether the data is to originate from the first trust domain or the second trust domain.
  • CCE converged cryptographic engine
  • Example C8 includes the apparatus of example C7, wherein the logic coupled to the one or more substrates is to identify, with the CCE, that a first data write is to originate from the first trust domain, and encrypt, with the CCE, data associated with the first data write with a key of the first encryption keys.
  • Example C9 includes the apparatus of example C8, wherein the logic coupled to the one or more substrates is to identify, with the CCE, that a second data write is to originate from the second trust domain, and encrypt, with the CCE, data associated with the second data write with a key of the second encryption keys.
  • Example CIO includes the apparatus of example C7, wherein the logic coupled to the one or more substrates is to block a host processor from accessing the first encryption keys and the second encryption keys.
  • Example Cl 1 includes the apparatus of example C9, wherein the logic coupled to the one or more substrates is to store the encrypted data in a data storage.
  • Example C12 includes the apparatus of any one of examples C7 to Cll, wherein the CCE is be in a memory path between the first and second trust domains and a data storage.
  • Example C 13 includes the apparatus of any one of examples C7 to Cl 1, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.
  • Example C14 includes At least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to partition a plurality of encryption keys between a first trust domain and a second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain, wherein the first and second trust domains are to be associated with a plurality of accelerators, and encrypt, with a converged cryptographic engine (CCE), data according to the first encryption keys or the second encryption keys based on whether the data is to originate from the first trust domain or the second trust domain.
  • CCE converged cryptographic engine
  • Example C15 includes the at least one computer readable storage medium of example Cl 4, wherein the instructions, when executed, cause the computing device to identify, with the CCE, that a first data write is to originate from the first trust domain, and encrypt, with the CCE, data associated with the first data write with a key of the first encryption keys.
  • Example C16 includes the at least one computer readable storage medium of example Cl 5, wherein the instructions, when executed, cause the computing device to identify, with the CCE, that a second data write is to originate from the second trust domain, and encrypt, with the CCE, data associated with the second data write with a key of the second encryption keys.
  • Example C17 includes the at least one computer readable storage medium of example Cl 6, wherein the instructions, when executed, cause the computing device to block a host processor from accessing the first encryption keys and the second encryption keys.
  • Example C18 includes the at least one computer readable storage medium of example Cl 4, wherein the instructions, when executed, cause the computing device to store the encrypted data in a data storage.
  • Example C19 includes the at least one computer readable storage medium of any one of examples C14 to Cl 8, wherein the CCE is be in a memory path between the first and second trust domains and a data storage.
  • Example C20 includes A method comprising partitioning a plurality of encryption keys between a first trust domain and a second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain, wherein the first and second trust domains are associated with a plurality of accelerators, and encrypt, with a converged cryptographic engine (CCE), data according to the first encryption keys or the second encryption keys based on whether the data originates from the first trust domain or the second trust domain.
  • CCE converged cryptographic engine
  • Example C21 includes the method of example C20, further comprising identifying, with the CCE, that a first data write originates from the first trust domain, and encrypting, with the CCE, data associated with the first data write with a key of the first encryption keys.
  • Example C22 includes the method of example C20, further comprising identifying, with the CCE, that a second data write originates from the second trust domain, and encrypting, with the CCE, data associated with the second data write with a key of the second encryption keys.
  • Example C23 includes the method of example C22, further including blocking a host processor from accessing the first encryption keys and the second encryption keys.
  • Example C24 includes the method of example C20, further including storing the encrypted data in a data storage.
  • Example C25 includes the method of any one of examples C20 to C25, wherein the CCE is be in a memory path between the first and second trust domains and a data storage.
  • Example C26 includes an apparatus comprising means for performing the method of any one of Examples C20 to C25.
  • Example DI includes a computing system comprising a host processor, a graphics processor, a memory including a set of instructions, which when executed by one or more of the host processor or the graphics processor, cause the computing system to encrypt, with the host processor, a virtual address based on a first key and a tweak, wherein the tweak is one or more fields of the virtual address, and share, with the host processor, the first key and the tweak.
  • Example D2 includes the computing system of Example DI, wherein the instructions, when executed, cause the computing system to decrypt, with the graphics processor, the encrypted virtual address based on the first key and the tweak.
  • Example D3 includes the computing system of Example D2, wherein the instructions, when executed, cause the computing system to identify, with the graphics processor, encrypted data associated with the virtual address.
  • Example D4 includes the computing system of Example D3, wherein the instructions, when executed, cause the computing system to decrypt, with the graphics processor, the encrypted data based on the encrypted virtual address.
  • Example D5 includes the computing system of Example D4, wherein the instructions, when executed, cause the computing system to decrypt, with the graphics processor, the encrypted data based on a second key.
  • Example D6 includes the computing system of any one of Examples DI to D5, wherein the one or more fields are to include address bits, a size, a type, a location, an ownership, an access control, and permissions.
  • Example D7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to encrypt, with a host processor, a virtual address based on a first key and a tweak, wherein the tweak is one or more fields of the virtual address, and share, with the host processor, the first key and the tweak.
  • Example D8 includes the apparatus of Example D7, wherein the logic coupled to the one or more substrates is to decrypt, with a graphics processor, the encrypted virtual address based on the first key and the tweak.
  • Example D9 includes the apparatus of Example D8, wherein the logic coupled to the one or more substrates is to identify, with the graphics processor, encrypted data associated with the virtual address.
  • Example DIO includes the apparatus of Example D9, wherein the logic coupled to the one or more substrates is to decrypt, with the graphics processor, the encrypted data based on the encrypted virtual address.
  • Example Dl l includes the apparatus of Example DIO, wherein the logic coupled to the one or more substrates is to decrypt, with the graphics processor, the encrypted data based on a second key.
  • Example D12 includes the apparatus of any one of Examples D7 to Dl l, wherein the one or more fields are to include address bits, a size, a type, a location, an ownership, an access control, and permissions.
  • Example DI 3 includes the apparatus of any one of Examples D7 to Dl l, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.
  • Example D14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to encrypt, with a host processor, a virtual address based on a first key and a tweak, wherein the tweak is one or more fields of the virtual address, and share, with the host processor, the first key and the tweak.
  • Example D15 includes the at least one computer readable storage medium of Example D14, wherein the instructions, when executed, cause the computing device to decrypt, with a graphics processor, the encrypted virtual address based on the first key and the tweak.
  • Example D16 includes the at least one computer readable storage medium of Example D15, wherein the instructions, when executed, cause the computing device to identify, with the graphics processor, encrypted data associated with the virtual address.
  • Example D17 includes the at least one computer readable storage medium of Example 16, wherein the instructions, when executed, cause the computing device to decrypt, with the graphics processor, the encrypted data based on the encrypted virtual address.
  • Example DI 8 includes the at least one computer readable storage medium of Example DI 7, wherein the instructions, when executed, cause the computing device to decrypt, with the graphics processor, the encrypted data based on a second key.
  • Example D19 includes the at least one computer readable storage medium of any one of Examples D14 to DI 8, wherein the one or more fields are to include address bits, a size, a type, a location, an ownership, an access control, and permissions.
  • Example D20 includes a method comprising encrypting, with a host processor, a virtual address based on a first key and a tweak, wherein the tweak is one or more fields of the virtual address, and sharing, with the host processor, the first key and the tweak.
  • Example D21 includes the method of Example D20, further comprising decrypting, with a graphics processor, the encrypted virtual address based on the first key and the tweak.
  • Example D22 includes the method of Example D21, further comprising identifying, with the graphics processor, encrypted data associated with the virtual address.
  • Example D23 includes the method of Example D22, further comprising decrypting, with the graphics processor, the encrypted data based on the encrypted virtual address.
  • Example D24 includes the method of Example D23, further comprising decrypting, with the graphics processor, the encrypted data based on a second key.
  • Example D25 includes the method of any one of Examples D20 to D24, wherein the one or more fields are to include address bits, a size, a type, a location, an ownership, an access control, and permissions.
  • Example D26 includes an apparatus comprising means for performing the method of any one of Examples D20 to D25.
  • Example El includes a computing system comprising a graphics processor that includes a plurality of compute engines, a plurality of target environments and root-of- trust (RoT) hardware, a memory including a set of instructions, which when executed by the graphics processor, cause the computing system to transmit, with a first target environment of the plurality of target environments, first key seeds to the compute engines, collect claims, with the first target environment, from the compute engines to generate evidence, and generate, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.
  • RoT root-of- trust
  • Example E2 includes the computing system of Example El, wherein the instructions, when executed, cause the computing system to transmit, with the plurality of target environments, second key seeds to each other.
  • Example E3 includes the computing system of Example E2, wherein the instructions, when executed, cause the computing system to generate, with the plurality of target environments, unique identity keys based on the second key seeds.
  • Example E4 includes the computing system of Example E3, wherein the instructions, when executed, cause the computing system to collect, with the plurality of target environments, claims of the plurality of target environments, and generate evidence for attestation based on the claims of the plurality of target environments.
  • Example E5 includes the computing system of any one of Examples El to E4, wherein the instructions, when executed, cause the computing system to generate, with the RoT hardware, a key seed for a second target environment of the plurality of target environments.
  • Example E6 includes the computing system of Example E5, wherein the instructions, when executed, cause the computing system to collect claims, with the RoT hardware, from the second target environment, and generate, with the RoT hardware, evidence based on the claims collected from the second target environment.
  • Example E7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to transmit, with a first target environment of a plurality of target environments of a graphics processor, first key seeds to compute engines of the graphics processor, collect claims, with the first target environment, from the compute engines to generate evidence, and generate, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.
  • Example E8 includes the apparatus of Example E7, wherein the logic coupled to the one or more substrates is to transmit, with the plurality of target environments, second key seeds to each other.
  • Example E9 includes the apparatus of Example E8, wherein the logic coupled to the one or more substrates is to generate, with the plurality of target environments, unique identity keys based on the second key seeds.
  • Example E10 includes the apparatus of Example E9, wherein the logic coupled to the one or more substrates is to collect, with the plurality of target environments, claims of the plurality of target environments, and generate evidence for attestation based on the claims of the plurality of target environments.
  • Example el l includes the apparatus of any one of Examples E7 to E10, wherein the logic coupled to the one or more substrates is to generate, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments.
  • Example E12 includes the apparatus of Example El l, wherein the logic coupled to the one or more substrates is to collect claims, with the RoT hardware, from the second target environment, and generate, with the RoT hardware, evidence based on the claims collected from the second target environment.
  • Example El 3 includes the apparatus of any one of Examples E7 to El 1, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.
  • Example El 4 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to transmit, with a first target environment of a plurality of target environments of a graphics processor, first key seeds to compute engines of the graphics processor, collect claims, with the first target environment, from the compute engines to generate evidence, and generate, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.
  • Example El 5 includes the at least one computer readable storage medium of Example E14, wherein the instructions, when executed, cause the computing device to transmit, with the plurality of target environments, second key seeds to each other.
  • Example El 6 includes the at least one computer readable storage medium of Example El 5, wherein the instructions, when executed, cause the computing device to generate, with the plurality of target environments, unique identity keys based on the second key seeds.
  • Example E17 includes The at least one computer readable storage medium of Example El 6, wherein the instructions, when executed, cause the computing device to collect, with the plurality of target environments, claims of the plurality of target environments, and generate evidence for attestation based on the claims of the plurality of target environments.
  • Example El 8 includes the at least one computer readable storage medium of any one of Examples E14 to E17, wherein the instructions, when executed, cause the computing device to generate, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments.
  • Example El 9 includes the at least one computer readable storage medium of Example El 8, wherein the instructions, when executed, cause the computing device to collect claims, with the RoT hardware, from the second target environment, and generate, with the RoT hardware, evidence based on the claims collected from the second target environment.
  • Example E20 includes a method comprising transmitting, with a first target environment of a plurality of target environments of a graphics processor, first key seeds to compute engines of the graphics processor, collecting claims, with the first target environment, from the compute engines to generate evidence, and generating, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.
  • Example E21 includes the method of Example E20, further comprising transmitting, with the plurality of target environments, second key seeds to each other.
  • Example E22 includes the method of Example E21, further comprising generating, with the plurality of target environments, unique identity keys based on the second key seeds.
  • Example E23 includes the method of Example E22, further comprising collecting, with the plurality of target environments, claims of the plurality of target environments, and generating evidence for attestation based on the claims of the plurality of target environments.
  • Example E24 includes the method of Examples E20 to E23, further comprising generating, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments.
  • Example E25 includes he method of Example E24, further comprising collecting claims, with the RoT hardware, from the second target environment, and generating, with the RoT hardware, evidence based on the claims collected from the second target environment.
  • Example E26 includes an apparatus comprising means for performing the method of any one of Examples E20 to E25.
  • Example Fl includes a computing system comprising a host processor to execute a host operating system, a graphics processor, a memory including a set of instructions, which when executed by one or more of the graphics processor or the host processor, cause the computing system to generate, with a virtual machine, confidential data to be rendered, encrypt, with one or more of the graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, store the encrypted confidential data in a first buffer, and decrypt, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.
  • Example F2 includes the computing system of Example Fl, wherein the instructions, when executed, further cause the one or more of the graphics processor or the host processor to conduct a verification process with a trusted execution environment to prove an identity of the virtual machine, receive, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receive, with the graphics processor, the session key from the trusted execution environment.
  • Example F3 includes the computing system of Example Fl, wherein the instructions, when executed, further cause the graphics processor to generate the first encryption key.
  • Example F4 includes the computing system of Example Fl, wherein the instructions, when executed, further cause one or more of the graphics processor or the host processor to composite the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is to be associated with one or more application to be executed on the host operating system, encrypt the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second encryption key is to be different from the first encryption key, and store the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer.
  • Example F5 includes the computing system of Example F4, wherein the instructions, when executed, further cause one or more of the graphics processor or the host processor to in response to an identification that the encrypted composited confidential and application data is to be displayed, decrypt the encrypted composited confidential and application data according to the second encryption key.
  • Example F6 includes the computing system of any one of Examples Fl to F5, wherein the first encryption key is to be a private symmetric digital rights management (DRM) session key.
  • DRM digital rights management
  • Example F7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to generate, with a virtual machine, confidential data to be rendered, encrypt, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, store the encrypted confidential data in a first buffer, and decrypt, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.
  • the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to generate, with a virtual machine, confidential data to be rendered, encrypt, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, store the encrypted confidential data in a first buffer, and decrypt, with the graphics processor, the encrypted confidential data to generate decrypted confidential information
  • Example F8 includes the apparatus of Example F7, wherein the logic coupled to the one or more substrates is to conduct a verification process with a trusted execution environment to prove an identity of the virtual machine, receive, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receive, with the graphics processor, the session key from the trusted execution environment.
  • Example F9 includes the apparatus of Example F7, wherein the logic coupled to the one or more substrates is to generate the first encryption key.
  • Example F10 includes the apparatus of Example F7, wherein the logic coupled to the one or more substrates is to composite the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is to be associated with one or more application to be executed on a host operating system, encrypt the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second encryption key is to be different from the first encryption key, and store the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer.
  • Example Fl 1 includes the apparatus of Example Fl 0, wherein the logic coupled to the one or more substrates is to in response to an identification that the encrypted composited confidential and application data is to be displayed, decrypt the encrypted composited confidential and application data according to the second encryption key.
  • Example F12 includes the apparatus of any one of Examples F7 to Fl 1, wherein the first encryption key is to be a private symmetric digital rights management (DRM) session key.
  • DRM digital rights management
  • Example Fl 3 includes the apparatus of any one of Examples F7 to Fl 1, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.
  • Example F14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to generate, with a virtual machine, confidential data to be rendered, encrypt, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, store the encrypted confidential data in a first buffer, and decrypt, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.
  • Example Fl 5 includes the at least one computer readable storage medium of Example Fl 4, wherein the instructions, when executed, cause the computing device to conduct a verification process with a trusted execution environment to prove an identity of the virtual machine, receive, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receive, with the graphics processor, the session key from the trusted execution environment.
  • Example Fl 6 includes the at least one computer readable storage medium of Example Fl 4, wherein the instructions, when executed, cause the computing device to generate the first encryption key.
  • Example Fl 7 includes the at least one computer readable storage medium of Example Fl 4, wherein the instructions, when executed, cause the computing device to composite the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is to be associated with one or more application to be executed on a host operating system, encrypt the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second encryption key is to be different from the first encryption key, and store the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer.
  • Example Fl 8 includes the at least one computer readable storage medium of Example Fl 7, wherein the instructions, when executed, cause the computing device to in response to an identification that the encrypted composited confidential and application data is to be displayed, decrypt the encrypted composited confidential and application data according to the second encryption key.
  • Example Fl 9 includes the at least one computer readable storage medium of any one of Examples F14 to Fl 8, wherein the first encryption key is to be a private symmetric digital rights management (DRM) session key.
  • DRM digital rights management
  • Example F20 includes a method comprising generating, with a virtual machine, confidential data that will be rendered, encrypting, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, storing the encrypted confidential data in a first buffer, and decrypting, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.
  • Example F21 includes the method of Example F20, further comprising conducting a verification process with a trusted execution environment to prove an identity of the virtual machine, receiving, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receiving, with the graphics processor, the session key from the trusted execution environment.
  • Example F22 includes the method of Example F20, further comprising generating the first encryption key.
  • Example F23 includes the method of Example F20, further comprising compositing the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is associated with one or more application to be executed on a host operating system, encrypting the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second encryption key is different from the first encryption key, and storing the encrypted composited confidential and application data in a second buffer that is different than the first buffer.
  • Example F24 includes the method of Example F23, further comprising in response to an identification that the encrypted composited confidential and application data will be displayed, decrypting the encrypted composited confidential and application data according to the second encryption key.
  • Example F25 includes the method of any one of Examples F20 to F24, wherein the first encryption key is to be a private symmetric digital rights management (DRM) session key.
  • Example F26 includes an apparatus comprising means for performing the method of any one of Examples F20 to F25.
  • DRM digital rights management
  • Example G1 includes a computing system comprising a non-volatile storage, a host processor, a graphics processor, and a memory including a set of instructions, which when executed by one or more of the graphics processor or the host processor, cause the computing system to identify that first data is to be in a first format, wherein the first format is to be a physical address based encryption format, convert, with the graphics processor, the first data from the first format to a second format, wherein the second format is to be a physical address agnostic encryption format, and page-out the first data, that is to be in the second format, from the memory to the non-volatile storage.
  • Example G2 includes the computing system of Example Gl, wherein the instructions, when executed, cause the computing system to increment a global counter in response to an identification that the first data is to be paged-out.
  • Example G3 includes the computing system of any one of Examples Gl to G2, wherein the instructions, when executed, cause the computing system to generate a message authentication code (MAC) value based on the first data that is to be in the second format.
  • MAC message authentication code
  • Example G4 includes the computing system of Example G3, wherein the instructions, when executed, cause the computing system to store the MAC value in a protected memory.
  • Example G5 includes the computing system of Example Gl, wherein the instructions, when executed, cause the computing system to page-in second data from a storage, calculate a message authentication code (MAC) value based on the second data, and compare the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.
  • MAC message authentication code
  • Example G6 includes the computing system of Example G5, wherein the instructions, when executed, cause the computing system to execute one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data, and bypass one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.
  • Example G7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to identify that first data is to be in a first format, wherein the first format is to be a physical address based encryption format, convert, with a graphics processor, the first data from the first format to a second format, wherein the second format is to be a physical address agnostic encryption format, and page-out the first data, that is to be in the second format, from a memory to a nonvolatile storage.
  • the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to identify that first data is to be in a first format, wherein the first format is to be a physical address based encryption format, convert, with a graphics processor, the first data from the first format to a second format, wherein the second format is to be
  • Example G8 includes the apparatus of Example G7, wherein the logic coupled to the one or more substrates is to increment a global counter in response to an identification that the first data is to be paged-out.
  • Example G9 includes the apparatus of any one of Examples G7 to G8, wherein the logic coupled to the one or more substrates is to generate a message authentication code (MAC) value based on the first data that is to be in the second format.
  • MAC message authentication code
  • Example GIO includes the apparatus of Example G9, wherein the logic coupled to the one or more substrates is to store the MAC value in a protected memory.
  • Example G11 includes the apparatus of Example G7, wherein the logic coupled to the one or more substrates is to page-in second data from a storage, calculate a message authentication code (MAC) value based on the second data, and compare the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.
  • MAC message authentication code
  • Example G12 includes the apparatus of Example Gil, wherein the logic coupled to the one or more substrates is to execute one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data, and bypass one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.
  • Example G13 includes the apparatus of any one of Examples G7 to Gil, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.
  • Example G14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to identify that first data is to be in a first format, wherein the first format is to be a physical address based encryption format, convert, with a graphics processor, the first data from the first format to a second format, wherein the second format is to be a physical address agnostic encryption format, and page-out the first data, that is to be in the second format, from a memory to a non-volatile storage.
  • Example G15 includes The at least one computer readable storage medium of Example G14, wherein the instructions, when executed, cause the computing device to increment a global counter in response to an identification that the first data is to be paged-out.
  • Example G16 includes the at least one computer readable storage medium of any one of Examples G14 to G15, wherein the instructions, when executed, cause the computing device to generate a message authentication code (MAC) value based on the first data that is to be in the second format.
  • MAC message authentication code
  • Example G17 includes the at least one computer readable storage medium of Example G16, wherein the instructions, when executed, cause the computing device to store the MAC value in a protected memory.
  • Example G18 includes the at least one computer readable storage medium of Example G14, wherein the instructions, when executed, cause the computing device to page-in second data from a storage, calculate a message authentication code (MAC) value based on the second data, and compare the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.
  • MAC message authentication code
  • Example G19 includes the at least one computer readable storage medium of Example G18, wherein the instructions, when executed, cause the computing device to execute one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data, and bypass one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.
  • Example G20 includes a method comprising identifying that first data is to be in a first format, wherein the first format is a physical address based encryption format, converting, with a graphics processor, the first data from the first format to a second format, wherein the second format is a physical address agnostic encryption format, and paging-out the first data, that is in the second format, from a memory to a nonvolatile storage.
  • Example G21 includes the method of Example G20, further comprising incrementing a global counter in response to an identification that the first data is to be paged-out.
  • Example G22 includes the method of any one of Examples G20 to G21, further comprising generating a message authentication code (MAC) value based on the first data that is to be in the second format.
  • MAC message authentication code
  • Example G23 includes the method of Example G22, further comprising storing the MAC value in a protected memory.
  • Example G24 includes the method of Example G20, further comprising pagingin second data from a storage, calculating a message authentication code (MAC) value based on the second data, and comparing the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.
  • MAC message authentication code
  • Example G25 includes the method of Example G24, further comprising executing one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data, and bypassing one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.
  • Example G26 includes an apparatus comprising means for performing the method of any one of Examples G20 to G25.
  • Embodiments are applicable for use with all types of semiconductor integrated circuit (“IC”) chips.
  • IC semiconductor integrated circuit
  • Examples of these IC chips include but are not limited to processors, controllers, chipset components, programmable logic arrays (PLAs), memory chips, network chips, systems on chip (SoCs), SSD/NAND controller ASICs, and the like.
  • PLAs programmable logic arrays
  • SoCs systems on chip
  • SSD/NAND controller ASICs solid state drive/NAND controller ASICs
  • signal conductor lines are represented with lines. Some may be different, to indicate more constituent signal paths, have a number label, to indicate a number of constituent signal paths, and/or have arrows at one or more ends, to indicate primary information flow direction. This, however, should not be construed in a limiting manner.
  • Any represented signal lines may actually comprise one or more signals that may travel in multiple directions and may be implemented with any suitable type of signal scheme, e.g., digital or analog lines implemented with differential pairs, optical fiber lines, and/or single-ended lines.
  • Example sizes/models/values/ranges may have been given, although embodiments are not limited to the same. As manufacturing techniques (e.g., photolithography) mature over time, it is expected that devices of smaller size could be manufactured.
  • well known power/ground connections to IC chips and other components may or may not be shown within the figures, for simplicity of illustration and discussion, and so as not to obscure certain aspects of the embodiments. Further, arrangements may be shown in block diagram form in order to avoid obscuring embodiments, and also in view of the fact that specifics with respect to implementation of such block diagram arrangements are highly dependent upon the platform within which the embodiment is to be implemented, i.e., such specifics should be well within purview of one skilled in the art.
  • Coupled may be used herein to refer to any type of relationship, direct or indirect, between the components in question, and may apply to electrical, mechanical, fluid, optical, electromagnetic, electromechanical or other connections.
  • first”, second”, etc. may be used herein only to facilitate discussion, and carry no particular temporal or chronological significance unless otherwise indicated.
  • a list of items joined by the term “one or more of’ may mean any combination of the listed terms.
  • the phrase “one or more of A, B, and C” and the phrase “one or more of A, B, or C” both may mean A; B; C; A and B; A and C; B and C; or A, B and C.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Image Generation (AREA)
  • Image Processing (AREA)
EP21887148.1A 2020-11-02 2021-09-24 Grafiksicherheit mit synergistischer verschlüsselung, inhaltsbasierter und ressourcenverwaltungstechnologie Pending EP4237983A4 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US202063108691P 2020-11-02 2020-11-02
US17/133,336 US20220138286A1 (en) 2020-11-02 2020-12-23 Graphics security with synergistic encryption, content-based and resource management technology
PCT/US2021/052090 WO2022093456A1 (en) 2020-11-02 2021-09-24 Graphics security with synergistic encryption, content-based and resource management technology

Publications (2)

Publication Number Publication Date
EP4237983A1 true EP4237983A1 (de) 2023-09-06
EP4237983A4 EP4237983A4 (de) 2024-11-06

Family

ID=80121621

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21887148.1A Pending EP4237983A4 (de) 2020-11-02 2021-09-24 Grafiksicherheit mit synergistischer verschlüsselung, inhaltsbasierter und ressourcenverwaltungstechnologie

Country Status (2)

Country Link
EP (1) EP4237983A4 (de)
NL (1) NL2029297B1 (de)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7890747B2 (en) * 2006-07-06 2011-02-15 Accenture Global Services Limited Display of decrypted data by a graphics processing unit
US8736626B2 (en) * 2008-08-26 2014-05-27 Matrox Graphics Inc. Method and system for cryptographically securing a graphics system
US9525668B2 (en) * 2014-06-27 2016-12-20 Intel Corporation Face based secure messaging
US20190004973A1 (en) * 2017-06-28 2019-01-03 Intel Corporation Multi-key cryptographic memory protection
US20190342093A1 (en) * 2019-06-28 2019-11-07 Siddhartha Chhabra Converged cryptographic engine

Also Published As

Publication number Publication date
NL2029297A (en) 2022-06-17
NL2029297B1 (en) 2022-09-16
EP4237983A4 (de) 2024-11-06

Similar Documents

Publication Publication Date Title
US20220138286A1 (en) Graphics security with synergistic encryption, content-based and resource management technology
US12033005B2 (en) Disaggregated computing for distributed confidential computing environment
CN117853311A (zh) SoC架构的分解
CN112819679A (zh) 图形处理单元处理和高速缓存改进
US11257180B2 (en) Thread serialization, distributed parallel programming, and runtime extensions of parallel computing platform
US10729980B2 (en) Anti-cheating solution to detect graphics driver tampering for online gaming
CN108694687B (zh) 用于保护虚拟化和图形环境中的内容的设备及方法
BR102020019646A2 (pt) aparelho e método para facilitar o particionamento de memória local e unidade de processamento de gráficos
EP4109240A1 (de) Abgesicherter befehl zur beschleunigung der durchführung von sicheren hash-algorithmus-2(sha-2)-arbeitslasten in einer graphischen umgebung
US20220126210A1 (en) Anti-cheat game technology in graphics hardware
WO2020190776A1 (en) Synchronizing encrypted workloads across multiple graphics processing units
NL2029297B1 (en) Graphics security with synergistic encryption, content-based and resource management technology
NL2029296B1 (en) Graphics security with synergistic encryption, content-based and resource management technology
US20230186545A1 (en) Systems and methods for improved efficient e-sports spectator mode through use of gpu attached non-volatile memory
CN110889093A (zh) 用于图形或视频子系统中的内容保护的系统和方法
US20240111925A1 (en) Hardware power optimization via e-graph based automatic rtl exploration
US20240111353A1 (en) Constructing hierarchical clock gating architectures via rewriting
US20240126964A1 (en) Automated detection of case-splitting opportunities in rtl

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230327

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Free format text: PREVIOUS MAIN CLASS: G06F0021720000

Ipc: G06F0021570000

A4 Supplementary search report drawn up and despatched

Effective date: 20241009

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/84 20130101ALI20241002BHEP

Ipc: G06F 21/78 20130101ALI20241002BHEP

Ipc: G06F 21/57 20130101AFI20241002BHEP