Intel, NVIDIA to Collaborate on Confidential Computing for AI Workloads

Chip rivals Intel and NVIDIA have joined in a “coopetition” collaboration for Confidential Computing solutions targeting AI workloads.

At the recent Confidential Computing Summit in San Francisco, Intel said it working with NVIDIA to offer “attestation” services for NVIDIA H100 GPUs via Intel Trust Domain Extensions and Intel’s upcoming cloud-based trust service, code-named “Project Amber.”

Confidential Computing is an industry movement to protect sensitive data and code while it is in use by executing inside a hardware-hardened Trusted Execution Environment (TEE) where it can be accessed only by authorized users and software.

AI workloads often handle data that demands a high level of protection due to elevated security concerns or privacy regulations. Attestation is a process within Confidential Computing in which a stakeholder is provided cryptographically-verified proof that the TEE they plan to use is genuine, conforms to security policies and is configured as expected.

Intel and Nvidia said their collaboration will deliver Confidential Computing technologies that establish independent TEE’s on their CPU and GPU, respectively. This is designed to address a challenge for customers who otherwise would require attestation from two different services to gather the evidence needed to verify the trustworthiness of the CPU and GPU TEE’s.

“Through this collaboration, Intel and Nvidia will enable a more unified, easy-to-deploy attestation solution for ‘Confidential AI’ based on Intel Xeon Scalable CPUs with Intel Trust Domain Extensions (Intel TDX) and NVIDIA H100 GPUs,” Intel said.

Users will have the option of making separate attestation calls to the NVIDIA Remote Attestation Service (NRAS) for GPU attestation and Intel’s Project Amber for the CPU attestation, or they can make a single request to Project Amber and collect the required evidence for CPU and GPU from a single service.

“Project Amber will transparently integrate with NRAS for a seamless user experience,” Intel said.   “Customers can also use the Project Amber Policy definition and appraisal capabilities for both CPU and GPU TEEs.”

The architecture behind the collaboration relies on separate CPU- and GPU-based TEE’s communicating via an NVIDIA driver that encrypts data across a PCI Express connection. At the Open Confidential Computing Conference earlier this year, Intel announced TDX Connect, designed to be a more robust, performance-oriented solution for confidential communications and memory sharing between TEE’s on the CPU and PCI Express-attached devices. At the conference, Nvidia offered their support for Intel TDX Connect.

“This is a significant development for customers who want to deploy confidentiality-preserving artificial intelligence solutions that meet elevated security and compliance needs,” Intel said.