公开(公告)号：US20230014066A1

公开(公告)日：2023-01-19

申请号：US17305710

申请日：2021-07-13

Applicant: Graphcore Limited

Inventor： Daniel John Pelham Wilkinson ,  Stavros Volos ,  Kapil Vaswani ,  Balaji Vembu

IPC: G06F21/60 ,  G06F21/53 ,  G06F21/71 ,  G06F21/64

Abstract: A method for securely terminating a distributed trusted execution environment (TEE) spanning a plurality of work accelerators. After wiping sensitive data from the memory of its accelerator, a root of trust for each accelerator is configured to receive confirmation that the data has been wiped from the processor memory in relevant other accelerators prior to moving on to the next stage at which the TEE on its associated accelerator is terminated. Since the data has been wiped from the other accelerators, even if a third party were to inject malicious code into the accelerator, they would be unable to read out the secret data from the other accelerators since the data has been wiped from those other accelerators. In this way, a mechanism is provided for ensuring that when the distributed TEE is terminated, malicious third parties are unable to read out confidential data from the accelerators.

公开(公告)号：US12141330B2

公开(公告)日：2024-11-12

申请号：US17374925

申请日：2021-07-13

Applicant: Graphcore Limited

Inventor： Daniel John Pelham Wilkinson ,  Graham Bernard Cunningham ,  Stavros Volos ,  Kapil Vaswani ,  Cedric Alain Marie Fournet ,  Balaji Vembu

IPC: G06F21/72 ,  G06F3/06 ,  G06F21/78 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: A system and method for encrypting and decrypting data exchanged between a multi-tile processing unit and a storage, where a plurality of keys are used for the encryption. Each of the plurality of keys is associated with a different one or more sets of the processors. Encryption hardware is configured to select a key to use for encryption/decryption operations in dependence upon the set of tiles associated with the data being exchanged. Each write request from a tile contains identifier bits associated with that tile's set of tiles, enabling the encryption hardware to select the key to use for encrypting the data in the write request. Each read completion for a tile contains identifier bits associated with that tile's set of tiles, enabling the encryption hardware to select the key to use for decrypting the data in the read completion.

公开(公告)号：US11651090B2

公开(公告)日：2023-05-16

申请号：US17305710

申请日：2021-07-13

Applicant: Graphcore Limited

Inventor： Daniel John Pelham Wilkinson ,  Stavros Volos ,  Kapil Vaswani ,  Balaji Vembu

IPC: G06F21/60 ,  G06F21/53 ,  G06F21/64

CPC classification number: G06F21/606 ,  G06F21/53 ,  G06F21/602 ,  G06F21/64 ,  G06F2221/2143 ,  G06F2221/2149

Abstract: A method for securely terminating a distributed trusted execution environment (TEE) spanning a plurality of work accelerators. After wiping sensitive data from the memory of its accelerator, a root of trust for each accelerator is configured to receive confirmation that the data has been wiped from the processor memory in relevant other accelerators prior to moving on to the next stage at which the TEE on its associated accelerator is terminated. Since the data has been wiped from the other accelerators, even if a third party were to inject malicious code into the accelerator, they would be unable to read out the secret data from the other accelerators since the data has been wiped from those other accelerators. In this way, a mechanism is provided for ensuring that when the distributed TEE is terminated, malicious third parties are unable to read out confidential data from the accelerators.

公开(公告)号：US11651089B2

公开(公告)日：2023-05-16

申请号：US17305708

申请日：2021-07-13

Applicant: Graphcore Limited

Inventor： Daniel John Pelham Wilkinson ,  Stavros Volos ,  Kapil Vaswani ,  Balaji Vembu

IPC: G06F21/60 ,  G06F21/53

CPC classification number: G06F21/606 ,  G06F21/53 ,  G06F21/602 ,  G06F2221/2141 ,  G06F2221/2143 ,  G06F2221/2149

Abstract: A method for securely terminating a distributed trusted execution environment spanning a plurality of work accelerators. Each accelerator is configured to self-isolate upon determining that the distributed TEE is to be terminated across the system of accelerators. The data is also wiped from the processor memory of each accelerator, such that the data cannot be read out from the processor memory once the accelerator's links are re-enabled. The self-isolation is performed on each accelerator prior to the step of terminating the TEE on that accelerator. An accelerator only re-enables its links to other accelerators once the data is wiped from its processor memory such that the secret data is removed from the accelerator memory.