HomeWinBuzzer NewsMicrosoft and NVIDIA Bring Confidential Computing to GPUs on Azure

Microsoft and NVIDIA Bring Confidential Computing to GPUs on Azure

Confidential computing capabilities through TEEs have been limited to CPUs, but Microsoft and NVIDIA are bringing them to Azure GPUs.


Cloud data is becoming a default way for millions of organizations – with multi-nationals or SMBs – to store information. AI is increasingly driving cloud storage solutions, but as always, the specter of threats looms large. Confidential computing by leveraging hardware and software to manage data governance for sharing and using is essential. is teaming with long-term partner to deliver a breakthrough in this area.

Creating a confidential computing relies on enabling trusted execution environments (TEEs) to drive data protection at a CPU-level. Processors for Intel and AMD already enable users to create TEEs to encrypt data when resting, when in use, or even in transit. Microsoft also already uses the same concepts in Azure.

One of the problems with TEEs in their current form is that they are built in CPUs. Microsoft wants to extend their capabilities to GPUs and to make that happen is collaborating with . This means data can become more secure at a hardware level for more powerful machines that handle intensive workloads.

Microsoft points out transitioning TEEs from CPUs to GPUs is a complex task. The GPU must protect from attacks while still providing full admin capabilities in Azure. Even for hardware the performance should not be impacted by placing TEE on the GPU.


Along with NVIDIA, Microsoft says its TEE features on GPUs can achieve the following:

  • “A new mode where all sensitive state on the GPU, including GPU memory, is isolated from the host
  • A hardware root-of-trust on the GPU chip that can generate verifiable attestations capturing all security sensitive state of the GPU, including all firmware and microcode
  • Extensions to the GPU driver to verify GPU attestations, set up a secure communication channel with the GPU, and transparently encrypt all communications between the CPU and GPU
  • Hardware support to transparently encrypt all GPU-GPU communications over NVLink
  • Support in the guest operating system and hypervisor to securely attach GPUs to a CPU TEE, even if the contents of the CPU TEE are encrypted.”

Microsoft and NVIDIA have already baked confidential computing abilities into NVIDIA's A100 Tensor Core GPU on Azure. The companies used a tool known as Ampere Protected Memory (APM). It is a technical achievement, so you should check out the full blog post for all the details. In the meantime, Microsoft is private previewing the TEEs through Azure Confidential GPU VMs.

Tip of the day: Did you know that your data and privacy might be at risk if you run Windows without encryption? A bootable USB with a live-linux distribution is often just enough to gain access to all of your files.

If you want to change that, check out our detailed BitLocker guide where we show you how to turn on encryption for your system disk or any other drive you might be using in your computer.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News