Confidential Computing within an AI Accelerator

Explore a groundbreaking conference talk from USENIX ATC '23 that introduces IPU Trusted Extensions (ITX), a set of hardware extensions enabling trusted execution environments in Graphcore's AI accelerators. Delve into the innovative approach to confidential computing within AI hardware, offering strong confidentiality and integrity guarantees with minimal performance impact. Learn how ITX isolates workloads from untrusted hosts, ensures data and model encryption, and incorporates a hardware root-of-trust for attestation and trusted execution orchestration. Discover the on-chip programmable cryptographic engines that provide authenticated encryption at PCIe bandwidth. Gain insights into the accompanying software developments, including compiler and runtime extensions supporting multi-party training without CPU-based TEEs. Examine the experimental implementation of ITX in Graphcore's GC200 IPU, taped out at TSMC's 7nm node, and its impressive performance results showing less than 5% overhead and up to 17x better performance compared to CPU-based confidential computing systems using AMD SEV-SNP.