├── .gitattributes ├── .gitignore ├── .gitmodules ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── SECURITY.md ├── docs └── README.md ├── guest_tools ├── README.md ├── attestation_sdk │ ├── .gitignore │ ├── LICENSE │ ├── README.md │ ├── __init__.py │ ├── poetry.lock │ ├── pyproject.toml │ ├── src │ │ ├── __init__.py │ │ └── nv_attestation_sdk │ │ │ ├── __init__.py │ │ │ ├── attestation.py │ │ │ ├── gpu │ │ │ ├── __init__.py │ │ │ ├── attest_gpu_local.py │ │ │ └── attest_gpu_remote.py │ │ │ ├── nvswitch │ │ │ ├── __init__.py │ │ │ ├── attest_nvswitch_local.py │ │ │ └── attest_nvswitch_remote.py │ │ │ ├── utils │ │ │ ├── __init__.py │ │ │ ├── claim_utils.py │ │ │ ├── config.py │ │ │ ├── headers.py │ │ │ ├── local_utils.py │ │ │ ├── logging_config.py │ │ │ ├── nras_utils.py │ │ │ └── unified_eat_parser.py │ │ │ └── verifiers │ │ │ ├── __init__.py │ │ │ └── nv_switch_verifier │ │ │ ├── __init__.py │ │ │ ├── attestation │ │ │ ├── __init__.py │ │ │ ├── spdm_msrt_req_msg.py │ │ │ └── spdm_msrt_resp_msg.py │ │ │ ├── certs │ │ │ ├── verifier_RIM_root.pem │ │ │ └── verifier_device_root.pem │ │ │ ├── config.py │ │ │ ├── exceptions │ │ │ └── __init__.py │ │ │ ├── models │ │ │ ├── __init__.py │ │ │ └── nvswitch.py │ │ │ ├── nscq │ │ │ ├── __init__.py │ │ │ ├── paths.py │ │ │ └── pynscq.py │ │ │ ├── nvswitch_admin.py │ │ │ ├── nvswitch_admin_utils.py │ │ │ ├── nvswitch_verifier.py │ │ │ ├── rim │ │ │ ├── __init__.py │ │ │ ├── golden_measurement.py │ │ │ ├── signSchema.xsd │ │ │ └── swidSchema2015.xsd │ │ │ └── utils │ │ │ ├── __init__.py │ │ │ ├── cert_chain_utils.py │ │ │ └── claims_utils.py │ └── tests │ │ ├── __init__.py │ │ ├── end_to_end │ │ ├── hardware │ │ │ ├── LocalGPUTest.py │ │ │ ├── LocalGPUTest_ServiceKey.py │ │ │ ├── LocalGPUTest_claims_2.0.py │ │ │ ├── LocalSwitchTest.py │ │ │ ├── LocalSwitchTest_ServiceKey.py │ │ │ ├── LocalSwitchTest_claims_2.0.py │ │ │ ├── RemoteGPUTest.py │ │ │ ├── RemoteGPUTest_ServiceKey.py │ │ │ ├── RemoteGPUTest_claims_2.0.py │ │ │ ├── RemoteSwitchTest.py │ │ │ ├── RemoteSwitchTest_ServiceKey.py │ │ │ └── RemoteSwitchTest_claims_2.0.py │ │ └── no_gpu │ │ │ ├── LocalNoGPUTest.py │ │ │ └── LocalNoGPUWithServiceKeyTest.py │ │ ├── policies │ │ ├── local │ │ │ ├── NVGPULocalPolicyExample.json │ │ │ ├── NVGPULocalv4PolicyExample.json │ │ │ ├── NVSwitchLocalPolicyExample.json │ │ │ └── NVSwitchLocalv4PolicyExample.json │ │ └── remote │ │ │ ├── v1 │ │ │ ├── NVGPULocalPolicyExample.json │ │ │ └── NVGPURemotePolicyExample.json │ │ │ ├── v2 │ │ │ ├── NVGPURemotePolicyExample.json │ │ │ └── NVSwitchRemotePolicyExample.json │ │ │ ├── v3 │ │ │ ├── NVGPURemotePolicyExample.json │ │ │ └── NVSwitchRemotePolicyExample.json │ │ │ └── v4 │ │ │ ├── NVGPURemotePolicyExample.json │ │ │ └── NVSwitchRemotePolicyExample.json │ │ └── pytests │ │ ├── data │ │ ├── gpu │ │ │ ├── detached_claims_local.json │ │ │ ├── detached_claims_remote.json │ │ │ ├── detached_granular_claims_local.json │ │ │ ├── detached_granular_claims_remote.json │ │ │ ├── overall_claims_local.json │ │ │ ├── overall_claims_remote.json │ │ │ ├── overall_granular_claims_local.json │ │ │ └── overall_granular_claims_remote.json │ │ └── switch │ │ │ ├── detached_claims_local.json │ │ │ ├── detached_claims_remote.json │ │ │ ├── detached_granular_claims_local.json │ │ │ ├── detached_granular_claims_remote.json │ │ │ ├── overall_claims_local.json │ │ │ ├── overall_claims_remote.json │ │ │ ├── overall_granular_claims_local.json │ │ │ └── overall_granular_claims_remote.json │ │ ├── gpu │ │ ├── test_attest_gpu_local.py │ │ └── test_attest_gpu_remote.py │ │ ├── nvswitch │ │ ├── test_attest_nvswitch_local.py │ │ └── test_attest_nvswitch_remote.py │ │ ├── test_attestation.py │ │ └── utils │ │ ├── test_common_utils.py │ │ ├── test_local_utils.py │ │ └── test_nras_utils.py ├── attestation_troubleshooting_guide.md ├── claims_guide_pre_2.0.md ├── docs │ └── images │ │ ├── hybrid.png │ │ ├── nras.png │ │ └── outpost.png ├── gpu_verifiers │ └── local_gpu_verifier │ │ ├── LICENSE.txt │ │ ├── README.md │ │ ├── pyproject.toml │ │ └── src │ │ └── verifier │ │ ├── __about__.py │ │ ├── attestation │ │ ├── __init__.py │ │ ├── spdm_msrt_req_msg.py │ │ └── spdm_msrt_resp_msg.py │ │ ├── cc_admin.py │ │ ├── cc_admin_utils.py │ │ ├── certs │ │ ├── __init__.py │ │ ├── verifier_RIM_root.pem │ │ └── verifier_device_root.pem │ │ ├── config.py │ │ ├── exceptions │ │ ├── __init__.py │ │ └── utils.py │ │ ├── nvml │ │ ├── __init__.py │ │ ├── gpu_cert_chains.py │ │ ├── nvmlHandlerTest.py │ │ └── test_handle.py │ │ ├── rim │ │ ├── __init__.py │ │ ├── golden_measurement.py │ │ ├── signSchema.xsd │ │ ├── swidSchema2015.xsd │ │ └── xml.xsd │ │ ├── samples │ │ ├── 1010_0200_882_96005E0001_PROD.swidtag │ │ ├── 1010_0200_882_96005E0001_test_no_gpu.swidtag │ │ ├── 1010_0200_882_96005E0003_PROD.swidtag │ │ ├── 1010_0200_882_960074001A_PROD.swidtag │ │ ├── 1010_0200_882_960074001C_PROD.swidtag │ │ ├── 1010_0205_862_96005E0002_PROD.swidtag │ │ ├── 1010_0205_862_96005E0004_PROD.swidtag │ │ ├── 1010_0205_862_960074001F_PROD.swidtag │ │ ├── 1010_0205_862_9600740020_PROD.swidtag │ │ ├── 1010_0210_886_9600740011_PROD.swidtag │ │ ├── 1010_0215_866_9600740010_PROD.swidtag │ │ ├── Driver_RIM_test_no_gpu.swidtag │ │ ├── g520_0200_885_9600740001_PROD.swidtag │ │ ├── g520_0200_885_960074000D_PROD.swidtag │ │ ├── g520_0202_885_96006D0008_PROD.swidtag │ │ ├── g520_0202_885_96006D0027_PROD.swidtag │ │ ├── g520_0202_885_9600740014_PROD.swidtag │ │ ├── g520_0202_885_9600740018_PROD.swidtag │ │ ├── g520_0205_865_9600740006_PROD.swidtag │ │ ├── g520_0205_865_960074000F_PROD.swidtag │ │ ├── g520_0207_865_9600740015_PROD.swidtag │ │ ├── g520_0207_865_9600740019_PROD.swidtag │ │ ├── g520_0213_881_96006D0007_PROD.swidtag │ │ ├── g520_0213_881_96006D0026_PROD.swidtag │ │ ├── g520_0228_889_96006D000A_PROD.swidtag │ │ ├── g520_0228_889_96006D0029_PROD.swidtag │ │ ├── hopperAttestationReport.txt │ │ └── hopperCertChain.txt │ │ ├── utils │ │ ├── __init__.py │ │ └── claims_utils.py │ │ └── verifier.py ├── ppcie-verifier │ ├── .coveragerc │ ├── .gitignore │ ├── .pylintrc │ ├── LICENSE │ ├── README.md │ ├── install │ │ └── ppcie-installer.sh │ ├── poetry.lock │ ├── ppcie │ │ ├── __init__.py │ │ └── verifier │ │ │ ├── __init__.py │ │ │ ├── data │ │ │ ├── NVGPULocalPolicy_claims_2.0.json │ │ │ ├── NVGPULocalPolicy_claims_3.0.json │ │ │ ├── NVGPURemotePolicy_claims_2.0.json │ │ │ ├── NVGPURemotePolicy_claims_3.0.json │ │ │ ├── NVSwitchLocalPolicy_claims_2.0.json │ │ │ ├── NVSwitchLocalPolicy_claims_3.0.json │ │ │ ├── NVSwitchRemotePolicy_claims_2.0.json │ │ │ └── NVSwitchRemotePolicy_claims_3.0.json │ │ │ ├── src │ │ │ ├── __init__.py │ │ │ ├── exceptions │ │ │ │ ├── __init__.py │ │ │ │ └── exception.py │ │ │ ├── nvml │ │ │ │ ├── __init__.py │ │ │ │ ├── exceptions.py │ │ │ │ └── nvml_client.py │ │ │ ├── topology │ │ │ │ ├── __init__.py │ │ │ │ ├── exceptions.py │ │ │ │ └── validate_topology.py │ │ │ └── utils │ │ │ │ ├── __init__.py │ │ │ │ ├── config.py │ │ │ │ ├── logging.py │ │ │ │ └── status.py │ │ │ └── verification.py │ ├── pyproject.toml │ ├── static │ │ ├── dependencies.png │ │ ├── ppcie-verifier-detailed.png │ │ ├── ppcie-verifier.png │ │ └── python.png │ └── tests │ │ ├── __init__.py │ │ ├── test_nvml_client.py │ │ ├── test_validate_topology.py │ │ └── test_verification.py └── rims │ └── rim_service │ └── README.md ├── host_tools ├── README.md └── sample_kvm_scripts │ ├── images │ └── .gitkeep │ ├── isos │ └── .gitkeep │ ├── launch_vm.sh │ └── prepare_vm.sh └── infrastructure ├── README.md └── patches └── linux ├── README.md ├── iommu_pagefault.patch └── iommu_pagesize.patch /.gitattributes: -------------------------------------------------------------------------------- 1 | infrastructure/kvm/ovmf/ovmf_source/BaseTools/Source/C/BrotliCompress/brotli/js/test_data.js filter=lfs diff=lfs merge=lfs -text 2 | infrastructure/kvm/ovmf/ovmf_source/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/tests/testdata/bb.binast filter=lfs diff=lfs merge=lfs -text 3 | infrastructure/kvm/ovmf/ovmf_source/BaseTools/Source/C/BrotliCompress/brotli/tests/testdata/bb.binast filter=lfs diff=lfs merge=lfs -text 4 | infrastructure/kvm/ovmf/ovmf_source/BaseTools/Source/C/bin/BrotliCompress filter=lfs diff=lfs merge=lfs -text 5 | infrastructure/kvm/ovmf/ovmf_source/CryptoPkg/Library/OpensslLib/openssl/test/drbg_cavs_data.c filter=lfs diff=lfs merge=lfs -text 6 | infrastructure/kvm/ovmf/ovmf_source/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/js/test_data.js filter=lfs diff=lfs merge=lfs -text 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.idea/ 2 | *__pycache__ 3 | *build/ 4 | *.egg-info 5 | .DS_Store 6 | *.iso 7 | *.qcow2 8 | *.log 9 | venv 10 | *.bak 11 | .coverage 12 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "host_tools/python"] 2 | path = host_tools/python 3 | url = https://github.com/nvidia/gpu-admin-tools 4 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Overview 4 | 5 | Define the code of conduct followed and enforced for __PROJECT__. 6 | 7 | ### Intended audience 8 | 9 | Community | Developers | Project Leads 10 | 11 | ## Our Pledge 12 | 13 | In the interest of fostering an open and welcoming environment, we as 14 | contributors and maintainers pledge to making participation in our project and 15 | our community a harassment-free experience for everyone, regardless of age, body 16 | size, disability, ethnicity, sex characteristics, gender identity and expression, 17 | level of experience, education, socio-economic status, nationality, personal 18 | appearance, race, religion, or sexual identity and orientation. 19 | 20 | ## Our Standards 21 | 22 | Examples of behavior that contributes to creating a positive environment 23 | include: 24 | 25 | * Using welcoming and inclusive language 26 | * Being respectful of differing viewpoints and experiences 27 | * Gracefully accepting constructive criticism 28 | * Focusing on what is best for the community 29 | * Showing empathy towards other community members 30 | 31 | Examples of unacceptable behavior by participants include: 32 | 33 | * The use of sexualized language or imagery and unwelcome sexual attention or 34 | advances 35 | * Trolling, insulting/derogatory comments, and personal or political attacks 36 | * Public or private harassment 37 | * Publishing others' private information, such as a physical or electronic 38 | address, without explicit permission 39 | * Other conduct which could reasonably be considered inappropriate in a 40 | professional setting 41 | 42 | ## Our Responsibilities 43 | 44 | Project maintainers are responsible for clarifying the standards of acceptable 45 | behavior and are expected to take appropriate and fair corrective action in 46 | response to any instances of unacceptable behavior. 47 | 48 | Project maintainers have the right and responsibility to remove, edit, or 49 | reject comments, commits, code, wiki edits, issues, and other contributions 50 | that are not aligned to this Code of Conduct, or to ban temporarily or 51 | permanently any contributor for other behaviors that they deem inappropriate, 52 | threatening, offensive, or harmful. 53 | 54 | ## Scope 55 | 56 | This Code of Conduct applies both within project spaces and in public spaces 57 | when an individual is representing the project or its community. Examples of 58 | representing a project or community include using an official project e-mail 59 | address, posting via an official social media account, or acting as an appointed 60 | representative at an online or offline event. Representation of a project may be 61 | further defined and clarified by project maintainers. 62 | 63 | ## Enforcement 64 | 65 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 66 | reported by contacting GitHub_Conduct@nvidia.com. All complaints will be reviewed and 67 | investigated and will result in a response that is deemed necessary and appropriate 68 | to the circumstances. The project team is obligated to maintain confidentiality with 69 | regard to the reporter of an incident. Further details of specific enforcement policies 70 | may be posted separately. 71 | 72 | Project maintainers who do not follow or enforce the Code of Conduct in good 73 | faith may face temporary or permanent repercussions as determined by other 74 | members of the project's leadership. 75 | 76 | ## Attribution 77 | 78 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 79 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 80 | 81 | [homepage]: https://www.contributor-covenant.org 82 | 83 | For answers to common questions about this code of conduct, see 84 | https://www.contributor-covenant.org/faq 85 | 86 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # nvTrust: Ancillary Software for NVIDIA Trusted Computing Solutions 2 | 3 | This repository provides essential resources for implementing and validating Trusted Computing Solutions on NVIDIA hardware. It focuses on attestation, a crucial aspect of ensuring the integrity and security of confidential computing environments. 4 | 5 | For more information, including documentation, white papers, and videos regarding NVIDIA Confidential Computing, please visit [NVIDIA docs](https://docs.nvidia.com/confidential-computing/index.html). 6 | 7 | ## Getting Started with Attestation 8 | 9 | To begin using NVIDIA GPU attestation, please refer to [this documentation](./guest_tools/README.md). This guide will walk you through: 10 | 11 | - Setting up the necessary environment 12 | - Implementing attestation in your applications 13 | - Validating the attestation process 14 | 15 | ## Confidential Computing 16 | 17 | NVIDIA Confidential Computing offers a solution for securely processing data and code in use, preventing unauthorized users from both access and modification. When running AI training or inference, the data and the code must be protected. Often the input data includes personally identifiable information (PII) or enterprise secrets, and the trained model is highly valuable intellectual property (IP). Confidential computing is the ideal solution to protect both AI models and data. 18 | 19 | NVIDIA is at the forefront of confidential computing, collaborating with CPU partners, cloud providers, and independent software vendors (ISVs) to ensure that the change from traditional, accelerated workloads to confidential, accelerated workloads will be smooth and transparent. 20 | 21 | For more information, including documentation, white papers, and videos regarding the Hopper Confidential Computing story, please visit [NVIDIA docs](https://docs.nvidia.com/confidential-computing/index.html). 22 | 23 | ## License 24 | 25 | This repository is licensed under Apache License v2.0 except where otherwise noted. 26 | 27 | ## Support 28 | 29 | For issues or questions, please [file a bug](https://github.com/NVIDIA/nvtrust/issues). For additional support, contact us at [attestation-support@nvidia.com](mailto:attestation-support@nvidia.com) 30 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | ## Security 2 | 3 | NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization. 4 | 5 | If you need to report a security issue, please use the appropriate contact points outlined below. **Please do not report security vulnerabilities through GitHub.** 6 | 7 | ## Reporting Potential Security Vulnerability in an NVIDIA Product 8 | 9 | To report a potential security vulnerability in any NVIDIA product: 10 | - Web: [Security Vulnerability Submission Form](https://www.nvidia.com/object/submit-security-vulnerability.html) 11 | - E-Mail: psirt@nvidia.com 12 | - We encourage you to use the following PGP key for secure email communication: [NVIDIA public PGP Key for communication](https://www.nvidia.com/en-us/security/pgp-key) 13 | - Please include the following information: 14 | - Product/Driver name and version/branch that contains the vulnerability 15 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | Please find all documentation at [our Doc Hub](https://docs.nvidia.com/confidential-computing) 2 | -------------------------------------------------------------------------------- /guest_tools/README.md: -------------------------------------------------------------------------------- 1 | # NVIDIA GPU Attestation Guide 2 | 3 | This guide provides a comprehensive overview of NVIDIA GPU Attestation and outlines the steps to implement it in your environment. 4 | 5 | ## Table of Contents 6 | 7 | - [NVIDIA GPU Attestation Guide](#nvidia-gpu-attestation-guide) 8 | - [Table of Contents](#table-of-contents) 9 | - [Pre-requisites](#pre-requisites) 10 | - [Attestation Using SDK - A Primer](#attestation-using-sdk---a-primer) 11 | - [Quick Start](#quick-start) 12 | - [NVIDIA Attestation Service Integration Options](#nvidia-attestation-service-integration-options) 13 | - [Option 1: NVIDIA-Managed Attestation (Most Secure)](#option-1-nvidia-managed-attestation-most-secure) 14 | - [Option 2: Hybrid Attestation](#option-2-hybrid-attestation) 15 | - [Option 3: Customer-Managed Attestation](#option-3-customer-managed-attestation) 16 | - [Comparison of Options](#comparison-of-options) 17 | - [License](#license) 18 | - [Support](#support) 19 | 20 | ## Pre-requisites 21 | 22 | 1. Install Attestation SDK using [this guide](./attestation_sdk/README.md). This in turn installs Local GPU Verifier. 23 | 2. [Optional] Review the [NVIDIA NGC Status Page](https://status.ngc.nvidia.com/) to ensure NVIDIA Remote Attestation Service (NRAS), RIM Service, and OCSP Service are functional. 24 | 25 | ## Attestation Using SDK - A Primer 26 | 27 | Attestation using the SDK involves three main steps: 28 | 29 | 1. Add a verifier 30 | 31 | ```python 32 | client = attestation.Attestation() 33 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.REMOTE, NRAS_URL, "") 34 | ``` 35 | 2. Get GPU Evidence 36 | 37 | ```python 38 | evidence_list = client.get_evidence() 39 | ``` 40 | 3. Perform Attestation and optionally validate results using a JSON-based Relying Party policy 41 | 42 | ```python 43 | client.validate_token(JSON_POLICY) 44 | ``` 45 | 46 | ## Quick Start 47 | 48 | 1. Navigate to the `nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware` directory. 49 | 50 | ```bash 51 | cd nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware 52 | ``` 53 | 2. Run `RemoteGPUTest.py` or `LocalGPUTest.py` 54 | 55 | ```bash 56 | python LocalGPUTest.py 57 | # or 58 | python RemoteGPUTest.py 59 | ``` 60 | 61 | ## NVIDIA Attestation Service Integration Options 62 | 63 | ### Option 1: NVIDIA-Managed Attestation (Most Secure) 64 | 65 | ![Workflow](./docs/images/nras.png) 66 | 67 | This model offers the highest level of security and operational simplicity, leveraging NVIDIA's cloud-based attestation services for comprehensive verification. 68 | 69 | **Key Components:** 70 | - Local GPU Verifier: Collects evidence from the GPU 71 | - NVIDIA Cloud Services: Remote Attestation, RIM, and OCSP services 72 | 73 | **Example:** 74 | ```python 75 | # Code snippet from nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest.py 76 | # 77 | client = attestation.Attestation() 78 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.REMOTE, NRAS_URL, "") 79 | evidence_list = client.get_evidence() 80 | client.attest(evidence_list) 81 | ``` 82 | 83 | ### Option 2: Hybrid Attestation 84 | 85 | ![Workflow](./docs/images/hybrid.png) 86 | 87 | This model balances local control with cloud-based support, allowing for local comparison & verification of values while still utilizing NVIDIA cloud services. 88 | 89 | **Key Components:** 90 | - Local GPU Verifier: Handles both evidence collection and verification 91 | - NVIDIA Cloud Services: NVIDIA RIM and OCSP services 92 | 93 | **Example:** 94 | ```python 95 | # Code snippet from nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest.py 96 | # 97 | client = attestation.Attestation() 98 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "", OCSP_URL, RIM_URL) 99 | evidence_list = client.get_evidence() 100 | client.attest(evidence_list) 101 | ``` 102 | 103 | ### Option 3: Customer-Managed Attestation 104 | 105 | NVIDIA also offers Trust Outpost, a comprehensive GPU attestation solution for end-to-end GPU attestation designed for high-scale deployments and organizations needing enhanced local control. This on-premises implementation efficiently caches RIM and OCSP data, ideal for environments with strict data sovereignty or air-gapped systems. Access requires appropriate agreements with NVIDIA - please contact [attestation-support@nvidia.com](mailto:attestation-support@nvidia.com) to request participation in the program. 106 | 107 | ![Workflow](./docs/images/outpost.png) 108 | 109 | ## Comparison of Options 110 | 111 | | Feature | Cloud-Managed | Hybrid | Trust Outpost | 112 | |---------|---------------|--------|-----------------| 113 | | Security Level | Highest | High | High | 114 | | Operational Complexity | Lowest | Moderate | Highest | 115 | | Local Control | Lowest | Moderate | Highest | 116 | | Cloud Dependency | Highest | Moderate | Lowest | 117 | | Best For | Maximum security and simplicity | Balanced approach | Strict control requirements | 118 | 119 | ## License 120 | 121 | This repository is licensed under Apache License v2.0 except where otherwise noted. 122 | 123 | # Support 124 | For issues or questions, please [file a bug](https://github.com/NVIDIA/nvtrust/issues). For additional support, contact us at [attestation-support@nvidia.com](mailto:attestation-support@nvidia.com) 125 | 126 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/.gitignore: -------------------------------------------------------------------------------- 1 | .classpath 2 | .project 3 | .settings/ 4 | src/main/ngnsec-app/node/ 5 | target/ 6 | *.exe 7 | *.rpm 8 | *.deb 9 | .pydevproject 10 | *.iml 11 | .idea/ -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/pyproject.toml: -------------------------------------------------------------------------------- 1 | [tool.poetry] 2 | name = "nv-attestation-sdk" 3 | version = "2.5.0" 4 | description = "The Attestation SDK provides developers with a easy to use APIs for implementing attestation capabilities into their applications." 5 | authors = ["Karthik Jayaraman "] 6 | readme = "README.md" 7 | keywords = [ 8 | "confidential-computing", 9 | "local-gpu-verifier", 10 | "attestation", 11 | "NVIDIA" 12 | ] 13 | 14 | [tool.poetry.dependencies] 15 | python = ">=3.7" 16 | pyjwt = "~2.7.0" 17 | requests = "~2.32.3" 18 | cryptography = "==43.0.1" 19 | ecdsa = "==0.18.0" 20 | signxml = "==3.2.0" 21 | xmlschema = "==2.2.3" 22 | pyOpenSSL = "==24.2.1" 23 | PyJWT = "==2.7.0" 24 | nvidia-ml-py = ">=12.535.77" 25 | nv-local-gpu-verifier = "2.5.0" 26 | build = ">=0.7.0" 27 | twine = ">=3.7.1" 28 | pylint = ">=2.9.6" 29 | pytest = "==8.1.1" 30 | pytest-cov = ">=5.0.0" 31 | parameterized = "==0.9.0" 32 | 33 | 34 | [tool.pytest.ini_options] 35 | pythonpath = [ 36 | "src" 37 | ] 38 | 39 | [build-system] 40 | requires = ["poetry-core>=1.0.0"] 41 | build-backend = "poetry.core.masonry.api" 42 | 43 | # [tool.poetry.package.data] 44 | # nv_attestation_sdk = ["verifiers/nv_switch_verifier/rim/*.xsd", "verifiers/nv_switch_verifier/certs/*.pem"] 45 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/src/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/src/nv_attestation_sdk/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/gpu/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/src/nv_attestation_sdk/gpu/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/gpu/attest_gpu_local.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | """ 5 | This module is responsible for local attestation of GPUs using local gpu verifier. 6 | """ 7 | import logging 8 | import jwt 9 | 10 | from verifier import cc_admin 11 | from nv_attestation_sdk.utils.logging_config import get_logger 12 | from ..utils.config import RIM_SERVICE_URL, OCSP_SERVICE_URL, ATTESTATION_SERVICE_KEY 13 | from ..utils.config import get_allow_hold_cert 14 | logger = get_logger() 15 | 16 | 17 | def get_evidence(nonce, options): 18 | """ 19 | A function to get evidence for GPU to perform local attestation. 20 | 21 | Parameters: 22 | nonce (int): A unique identifier for the evidence retrieval process. 23 | 24 | Returns: 25 | list: A list of GPU evidence collected for local attestation. 26 | """ 27 | try: 28 | logger.debug("Fetching evidence for GPU to perform local attestation") 29 | gpu_evidence_list = cc_admin.collect_gpu_evidence_local(nonce, ppcie_mode=options.get("ppcie_mode"), no_gpu_mode=options.get("no_gpu_mode")) 30 | logger.debug("Evidence list for GPU %s", gpu_evidence_list) 31 | return gpu_evidence_list 32 | except Exception as e: 33 | logger.error("Error in collecting evidences for GPU: %s", e) 34 | return [] 35 | 36 | 37 | def attest(nonce: str, gpu_evidence_list, attestation_options): 38 | """Attest a device locally 39 | 40 | Args: 41 | nonce (str): Nonce as hex string 42 | gpu_evidence_list (_type_): GPU evidence list 43 | attestation_options (dict): Arguments with which to perform attestation 44 | 45 | Returns: 46 | Attestation result and JWT token 47 | """ 48 | attestation_result = False 49 | 50 | try: 51 | params = { 52 | "verbose": False, 53 | "test_no_gpu": False, 54 | "driver_rim": None, 55 | "vbios_rim": None, 56 | "user_mode": True, 57 | "rim_root_cert": None, 58 | "rim_service_url": attestation_options.get("rim_service_url") or RIM_SERVICE_URL, 59 | "allow_hold_cert": get_allow_hold_cert(), 60 | "ocsp_url": attestation_options.get("ocsp_url") or OCSP_SERVICE_URL, 61 | "nonce": nonce, 62 | "ppcie_mode": attestation_options.get("ppcie_mode") or True, 63 | 'ocsp_nonce_disabled': attestation_options.get("ocsp_nonce_disabled") or False, 64 | "service_key": attestation_options.get("service_key") or ATTESTATION_SERVICE_KEY, 65 | "claims_version": attestation_options.get("claims_version") or "2.0" 66 | } 67 | attestation_result, jwt_token = cc_admin.attest( 68 | params, nonce, gpu_evidence_list 69 | ) 70 | except Exception as e: 71 | logger.error("Error in GPU Attestation using Local Verifier due to: %s", e) 72 | jwt_token = get_err_eat_token() 73 | return attestation_result, jwt_token 74 | 75 | 76 | def get_err_eat_token(error_code=1, err_msg="GPU_ATTESTATION_ERR"): 77 | err_json = {"x-nv-err-message": err_msg, "x-nv-err-code": error_code} 78 | return jwt.encode(err_json, "secret", "HS256") 79 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/gpu/attest_gpu_remote.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | """ 5 | This module is responsible for remote attestation of GPU using NRAS API. 6 | """ 7 | import json 8 | import logging 9 | import requests 10 | from verifier import cc_admin 11 | from nv_attestation_sdk.utils.logging_config import get_logger 12 | from ..utils import unified_eat_parser 13 | from ..utils import nras_utils 14 | from ..utils.config import REMOTE_GPU_VERIFIER_SERVICE_URL, GPU_ARCH, ATTESTATION_SERVICE_KEY 15 | from ..utils.headers import OCSP_ALLOW_CERT_HOLD, SERVICE_KEY_VALUE 16 | from ..utils.config import get_allow_hold_cert 17 | logger = get_logger() 18 | 19 | 20 | def get_evidence(nonce, options): 21 | """ 22 | A function to get evidence for GPU to perform remote attestation. 23 | 24 | Parameters: 25 | nonce (int): A unique identifier for the evidence retrieval process. 26 | 27 | Returns: 28 | list: A list of GPU evidence collected for remote attestation. 29 | """ 30 | try: 31 | ppcie_mode = options.get("ppcie_mode") 32 | 33 | logger.debug("Fetching evidence for GPU to perform remote attestation") 34 | gpu_evidence_list = cc_admin.collect_gpu_evidence_remote(nonce, ppcie_mode=ppcie_mode) 35 | logger.debug("Evidence list for GPU %s", gpu_evidence_list) 36 | return gpu_evidence_list 37 | except Exception as e: 38 | logger.error("Error in collecting evidences for GPU: %s", e) 39 | return [] 40 | 41 | 42 | def attest(nonce: str, gpu_evidence_list, attestation_options): 43 | """Verify GPU evidence with the Remote Verifier 44 | 45 | Args: 46 | nonce (_type_): Nonce represented as hex string 47 | gpu_evidence_list (_type_): GPU Evidence list 48 | attestation_options (dict): Arguments with which to perform attestation 49 | 50 | Returns: 51 | _type_: _description_ 52 | """ 53 | 54 | verifier_url = attestation_options.get('verifier_url') or REMOTE_GPU_VERIFIER_SERVICE_URL 55 | timeout = attestation_options.get('timeout') or 30 56 | service_key = attestation_options.get('service_key') or ATTESTATION_SERVICE_KEY 57 | 58 | attestation_result = False 59 | jwt_token = "" 60 | headers = {"Content-Type": "application/json"} 61 | if get_allow_hold_cert(): 62 | headers[OCSP_ALLOW_CERT_HOLD] = "true" 63 | if service_key: 64 | headers['Authorization'] = SERVICE_KEY_VALUE.format(service_key) 65 | 66 | try: 67 | claims_version = attestation_options.get("claims_version") or "2.0" 68 | payload = build_payload(nonce, gpu_evidence_list, claims_version) 69 | logger.debug("NRAS URL for GPU Attestation: %s", verifier_url) 70 | logger.debug("Initiating GPU Attestation with NRAS") 71 | response = requests.request( 72 | "POST", verifier_url, headers=headers, data=payload, timeout=timeout 73 | ) 74 | response_json = response.json() 75 | logger.debug( 76 | "Response received from NRAS for GPU Attestation: %s", response_json 77 | ) 78 | logger.debug("Status code from NRAS for GPU Attestation: %s", response.status_code) 79 | if response.status_code == 200: 80 | jwt_token = response_json 81 | main_token_jwt = unified_eat_parser.get_overall_claims_token(jwt_token) 82 | decoded_main_token_json = nras_utils.decode_nras_token( 83 | verifier_url, main_token_jwt 84 | ) 85 | attestation_result = decoded_main_token_json["x-nvidia-overall-att-result"] 86 | if attestation_result: 87 | logger.info("**** Attestation Successful ****") 88 | else: 89 | logger.error("**** Attestation Failed ****") 90 | else: 91 | logger.info("**** Attestation Failed ****") 92 | logger.error( 93 | "Error in GPU Attestation using NRAS due to: %s", response_json 94 | ) 95 | logger.error("NRAS Response Code: %s", response.status_code) 96 | except Exception as e: 97 | logger.error( 98 | "Error in GPU Attestation using Remote Verifier due to: %s", e 99 | ) 100 | return attestation_result, jwt_token 101 | 102 | 103 | def build_payload(nonce, evidences, claims_version): 104 | """ 105 | A function that builds a payload with the given nonce and list of evidences. 106 | """ 107 | if not evidences: 108 | raise ValueError("No evidences provided") 109 | 110 | first_evidence = evidences[0] 111 | if "arch" not in first_evidence or not first_evidence["arch"]: 112 | raise ValueError("Arch field is missing or empty in first evidence") 113 | 114 | gpu_arch = first_evidence["arch"] 115 | evidence_list = [] 116 | 117 | for i, evidence in enumerate(evidences): 118 | if "arch" not in evidence or not evidence["arch"]: 119 | raise ValueError(f"Arch field is missing or empty in evidence {i}") 120 | if evidence["arch"] != gpu_arch: 121 | raise ValueError(f"Inconsistent arch values found: {gpu_arch} vs {evidence['arch']} in evidence {i}") 122 | 123 | evidence_list.append({ 124 | "evidence": evidence.get("evidence"), 125 | "certificate": evidence.get("certificate") 126 | }) 127 | 128 | data = { 129 | "nonce": nonce, 130 | "evidence_list": evidence_list, 131 | "arch": gpu_arch, 132 | "claims_version": claims_version 133 | } 134 | 135 | logger.debug("NRAS request payload: %s", data) 136 | return json.dumps(data) 137 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/nvswitch/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/src/nv_attestation_sdk/nvswitch/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/nvswitch/attest_nvswitch_local.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | """ 5 | This module is responsible for local attestation of Nvswitch using nvswitch-verifier. 6 | """ 7 | import logging 8 | import jwt 9 | from nv_attestation_sdk.verifiers.nv_switch_verifier import nvswitch_admin 10 | from ..utils.config import RIM_SERVICE_URL, OCSP_SERVICE_URL, ATTESTATION_SERVICE_KEY 11 | from ..utils.config import get_allow_hold_cert 12 | from nv_attestation_sdk.utils.logging_config import get_logger 13 | 14 | logger = get_logger() 15 | 16 | 17 | def get_evidence(nonce, options): 18 | """ 19 | A function that fetches evidence for NvSwitch to perform local attestation. 20 | 21 | Parameters: 22 | nonce (str): The nonce value for fetching evidence. 23 | 24 | Returns: 25 | list: A list of evidence for NvSwitch. 26 | """ 27 | try: 28 | ppcie_mode = options.get("ppcie_mode") 29 | 30 | logger.debug("Fetching evidence for NvSwitch to perform local attestation") 31 | switch_evidence_list = nvswitch_admin.collect_evidence(nonce, ppcie_mode=ppcie_mode) 32 | logger.debug("Evidence list for NvSwitch %s", switch_evidence_list) 33 | return switch_evidence_list 34 | except Exception as e: 35 | logger.error("Error in collecting evidences for switches: %s", e) 36 | return [] 37 | 38 | 39 | def attest(nonce: str, evidence_list, attestation_options): 40 | """Attest a device locally 41 | 42 | Args: 43 | evidence_list: 44 | nonce (str): Nonce as hex string 45 | attestation_options (dict): Arguments with which to perform attestation 46 | 47 | Returns: 48 | Attestation result and JWT token 49 | """ 50 | attestation_result = False 51 | jwt_token = "" 52 | try: 53 | params = { 54 | "verbose": False, 55 | "test_no_gpu": False, 56 | "driver_rim": None, 57 | "vbios_rim": None, 58 | "user_mode": True, 59 | "rim_root_cert": None, 60 | "rim_service_url": attestation_options.get("rim_service_url") or RIM_SERVICE_URL, 61 | "allow_hold_cert": get_allow_hold_cert(), 62 | "ocsp_url": attestation_options.get("ocsp_url") or OCSP_SERVICE_URL, 63 | "nonce": nonce, 64 | 'ocsp_nonce_disabled': attestation_options.get("ocsp_nonce_disabled") or False, 65 | "service_key": attestation_options.get("service_key") or ATTESTATION_SERVICE_KEY, 66 | "claims_version": attestation_options.get("claims_version") or "2.0" 67 | } 68 | attestation_result, jwt_token = nvswitch_admin.attest( 69 | params, nonce, evidence_list 70 | ) 71 | except Exception as e: 72 | logger.error("Error in NvSwitch Attestation using Local Verifier due to: %s", e) 73 | jwt_token = get_err_eat_token() 74 | return attestation_result, jwt_token 75 | 76 | 77 | def get_err_eat_token(error_code=1, err_msg="NVSWITCH_ATTESTATION_ERR"): 78 | err_json = {"x-nv-err-message": err_msg, "x-nv-err-code": error_code} 79 | return jwt.encode(err_json, "secret", "HS256") 80 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/nvswitch/attest_nvswitch_remote.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | """ 5 | This module is responsible for remote attestation of Nvswitch using NRAS API. 6 | """ 7 | 8 | import logging 9 | import json 10 | import requests 11 | from nv_attestation_sdk.verifiers.nv_switch_verifier import nvswitch_admin 12 | from nv_attestation_sdk.utils.logging_config import get_logger 13 | from ..utils.config import REMOTE_NVSWITCH_VERIFIER_SERVICE_URL, ATTESTATION_SERVICE_KEY 14 | from ..utils.headers import OCSP_ALLOW_CERT_HOLD, SERVICE_KEY_VALUE 15 | from ..utils.config import get_allow_hold_cert 16 | from ..utils import unified_eat_parser 17 | from ..utils import nras_utils 18 | 19 | logger = get_logger() 20 | 21 | 22 | def get_evidence(nonce, options): 23 | """ 24 | A function that fetches evidence for NvSwitch to perform remote attestation. 25 | 26 | Parameters: 27 | nonce (str): The nonce value for fetching evidence. 28 | 29 | Returns: 30 | list: A list of evidence for NvSwitch. 31 | """ 32 | try: 33 | ppcie_mode = options.get("ppcie_mode") 34 | 35 | logger.debug("Fetching evidence for NvSwitch to perform local attestation") 36 | switch_evidence_list = nvswitch_admin.collect_evidence_remote(nonce, ppcie_mode=ppcie_mode) 37 | logger.debug("Evidence list for NvSwitch %s", switch_evidence_list) 38 | return switch_evidence_list 39 | except Exception as e: 40 | logger.error("Error in collecting evidences for Switch: %s", e) 41 | return [] 42 | 43 | def attest(nonce: str, gpu_evidence_list, attestation_options): 44 | """Verify GPU evidence with the Remote Verifier 45 | 46 | Args: 47 | nonce (_type_): Nonce represented as hex string 48 | gpu_evidence_list (_type_): GPU Evidence list 49 | attestation_options (dict): Arguments with which to perform attestation 50 | 51 | Returns: 52 | _type_: _description_ 53 | """ 54 | verifier_url = attestation_options.get('verifier_url') or REMOTE_NVSWITCH_VERIFIER_SERVICE_URL 55 | timeout = attestation_options.get('timeout') or 30 56 | service_key = attestation_options.get('service_key') or ATTESTATION_SERVICE_KEY 57 | 58 | attestation_result = False 59 | jwt_token = "" 60 | headers = {"Content-Type": "application/json"} 61 | if get_allow_hold_cert(): 62 | headers[OCSP_ALLOW_CERT_HOLD] = "true" 63 | if service_key: 64 | headers['Authorization'] = SERVICE_KEY_VALUE.format(service_key) 65 | try: 66 | claims_version = attestation_options.get("claims_version") or "2.0" 67 | payload = build_payload(nonce, gpu_evidence_list, claims_version) 68 | logger.debug("NRAS URL for NvSwitch Attestation: %s", verifier_url) 69 | logger.debug("Initiating Nvswitch Attestation with NRAS") 70 | response = requests.request( 71 | "POST", verifier_url, headers=headers, data=payload, timeout=timeout 72 | ) 73 | response_json = response.json() 74 | logger.debug( 75 | "Response received from NRAS for Nvswitch Attestation: %s", response_json 76 | ) 77 | logger.debug("Status code from NRAS for Nvswitch Attestation: %s", response.status_code) 78 | if response.status_code == 200: 79 | jwt_token = response_json 80 | main_token_jwt = unified_eat_parser.get_overall_claims_token(jwt_token) 81 | decoded_main_token_json = nras_utils.decode_nras_token( 82 | verifier_url, main_token_jwt 83 | ) 84 | attestation_result = decoded_main_token_json["x-nvidia-overall-att-result"] 85 | if attestation_result: 86 | logger.info("**** Attestation Successful ****") 87 | else: 88 | logger.info("******** Attestation Failed ****") 89 | else: 90 | logger.info("**** Attestation Failed ****") 91 | logger.error( 92 | "Error in Nvswitch Attestation using NRAS due to: %s", response_json 93 | ) 94 | logger.error("NRAS Response Code: %s", response.status_code) 95 | except Exception as e: 96 | logger.error("Error in Nvswitch Attestation using NRAS due to: %s", e) 97 | return attestation_result, jwt_token 98 | 99 | 100 | def build_payload(nonce, evidences, claims_version): 101 | """ 102 | A function that builds a payload with the given nonce and list of evidences. 103 | """ 104 | data = {"nonce": nonce, "evidence_list": evidences, "arch": "LS10", "claims_version": claims_version} 105 | return json.dumps(data) 106 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/claim_utils.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | """ 5 | Utility functions for handling claims in a token. 6 | """ 7 | from typing import Any, Optional 8 | import json 9 | import logging 10 | import jwt 11 | 12 | file_logger = logging.getLogger("sdk-file") 13 | console_logger = logging.getLogger("sdk-console") 14 | 15 | 16 | def validate_claims(token: dict, auth_rules: dict) -> bool: 17 | """ 18 | A function to validate the claims in a token based on the provided authorization rules. 19 | 20 | Parameters: 21 | - token (dict): The token containing the claims to be validated. 22 | - auth_rules (dict): The authorization rules to compare the token claims against. 23 | 24 | Returns: 25 | - bool: True if all token claims match the authorization rules, False otherwise. 26 | """ 27 | file_logger.info("Comparing token: %s with rules auth_rules: %s", token, auth_rules) 28 | for key in auth_rules: 29 | if key in token: 30 | # Check if both values are dictionaries and recurse for nested dictionaries 31 | if isinstance(auth_rules[key], dict) and isinstance(token[key], dict): 32 | if not validate_claims(token[key], auth_rules[key]): 33 | return False 34 | elif token[key] != auth_rules[key]: 35 | console_logger.error( 36 | "[ERROR] Invalid token. Authorized claims does not match " 37 | "the appraisal policy: %s", 38 | key, 39 | ) 40 | return False 41 | else: 42 | console_logger.info("%s has been validated", auth_rules) 43 | else: 44 | console_logger.error( 45 | "[ERROR] Invalid token. Authorized claims is missing attribute: %s", key 46 | ) 47 | return False 48 | return True 49 | 50 | 51 | def get_auth_rules(policy: str) -> Optional[Any]: 52 | """Extract Auth rule from the policy 53 | 54 | Args: 55 | policy (str): Policy 56 | 57 | Returns: 58 | str: Auth rules 59 | """ 60 | if not policy: 61 | console_logger.error("Policy is empty") 62 | return None 63 | return json.loads(policy)["authorization-rules"] 64 | 65 | 66 | def decode_jwt(token, secret=None, algorithms=None): 67 | """ 68 | A function to decode a JWT token using the provided secret key and algorithms. 69 | 70 | Parameters: 71 | token (str): The JWT token to decode. 72 | secret (str): The secret key used to decode the token. Defaults to None. 73 | algorithms (list): The list of algorithms to use for decoding. Defaults to ["HS256"]. 74 | 75 | Returns: 76 | dict or str: The decoded payload if successful, otherwise returns a string indicating the issue. 77 | """ 78 | if algorithms is None: 79 | algorithms = ["HS256"] 80 | try: 81 | decoded_payload = jwt.decode( 82 | token, secret, algorithms=algorithms, options={"verify_signature": False} 83 | ) 84 | return decoded_payload 85 | except jwt.ExpiredSignatureError: 86 | return "Token has expired" 87 | except jwt.InvalidTokenError: 88 | return "Invalid token" 89 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/config.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | 3 | """Config file for maintaining the dependant URLs for services and constants""" 4 | import os 5 | 6 | CERT_HOLD_STATUS = None 7 | RIM_SERVICE_URL = os.getenv("NV_RIM_URL", "https://rim.attestation.nvidia.com/v1/rim/") 8 | OCSP_SERVICE_URL = os.getenv("NV_OCSP_URL", "https://ocsp.ndis.nvidia.com/") 9 | REMOTE_GPU_VERIFIER_SERVICE_URL = os.getenv( 10 | "NV_NRAS_GPU_URL", "https://nras.attestation.nvidia.com/v3/attest/gpu" 11 | ) 12 | REMOTE_NVSWITCH_VERIFIER_SERVICE_URL = os.getenv( 13 | "NV_NRAS_NVSWITCH_URL", "https://nras.attestation.nvidia.com/v3/attest/switch" 14 | ) 15 | # Planned to move the below to a list of acceptable GPU architectures 16 | GPU_ARCH = "HOPPER" 17 | 18 | ATTESTATION_SERVICE_KEY = os.getenv("NVIDIA_ATTESTATION_SERVICE_KEY") 19 | 20 | def set_allow_hold_cert(value): 21 | global CERT_HOLD_STATUS 22 | CERT_HOLD_STATUS = value 23 | 24 | def get_allow_hold_cert(): 25 | global CERT_HOLD_STATUS 26 | if CERT_HOLD_STATUS is not None: 27 | return CERT_HOLD_STATUS 28 | else: 29 | return os.getenv("NV_ALLOW_HOLD_CERT") == "true" -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/headers.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | 3 | """Maintains the set of request headers for service calls to dependent URL's""" 4 | OCSP_ALLOW_CERT_HOLD = "X-NVIDIA-OCSP-ALLOW-CERT-HOLD" 5 | SERVICE_KEY_VALUE = "nv-sak {}" 6 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/local_utils.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | """ 5 | Utility functions for handling claims in a token for local verifiers. 6 | """ 7 | import logging 8 | import jwt 9 | from . import unified_eat_parser 10 | from . import claim_utils 11 | 12 | 13 | console_logger = logging.getLogger("sdk-console") 14 | file_logger = logging.getLogger("sdk-file") 15 | 16 | 17 | def validate_token(verifier: str, gpu_token: list, policy: str): 18 | """Validate token using a policy 19 | 20 | Args: 21 | gpu_token (str): EAT token 22 | policy (str): Appraisal policy for attestation results 23 | 24 | Returns: 25 | bool: result 26 | """ 27 | if not (policy and gpu_token): 28 | console_logger.error("Invalid policy or token") 29 | return False 30 | return validate_token_with_policy(gpu_token, claim_utils.get_auth_rules(policy)) 31 | 32 | 33 | def validate_token_with_policy(token: list, auth_rules: dict) -> bool: 34 | """Validate token using a policy 35 | 36 | Args: 37 | token (str): EAT token 38 | auth_rules (str): policy 39 | 40 | Returns: 41 | bool: result 42 | """ 43 | if auth_rules["type"] != unified_eat_parser.get_overall_token_type(token): 44 | console_logger.error("Invalid token type. Expected %s but received %s", auth_rules["type"], unified_eat_parser.get_overall_token_type(token)) 45 | return False 46 | 47 | overall_claims = jwt.decode( 48 | unified_eat_parser.get_overall_claims_token(token), 49 | algorithms="HS256", 50 | verify=False, 51 | key="secret", 52 | ) 53 | if not claim_utils.validate_claims(overall_claims, auth_rules["overall-claims"]): 54 | return False 55 | 56 | detached_claims = unified_eat_parser.get_detached_claims_token(token) 57 | for key, claim in detached_claims.items(): 58 | if not claim_utils.validate_claims( 59 | jwt.decode(claim, algorithms="HS256", verify=False, key="secret"), 60 | auth_rules["detached-claims"], 61 | ): 62 | return False 63 | 64 | return True 65 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/logging_config.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | 5 | """Config file for maintaining logging format""" 6 | 7 | import logging 8 | import sys 9 | import os 10 | 11 | 12 | class SimpleMessageHandler(logging.StreamHandler): 13 | """ 14 | Customized logging handler to display logs in a box format. 15 | """ 16 | 17 | def emit(self, record): 18 | """ 19 | Emit a formatted record to the stream. 20 | 21 | This method is called by the logging framework whenever a log event occurs. 22 | It formats the record and writes it to the stream. 23 | 24 | Parameters: 25 | - record (logging.LogRecord): The log record to be emitted. 26 | 27 | Returns: 28 | None 29 | """ 30 | try: 31 | msg = self.format(record) 32 | stream = self.stream 33 | formatted_msg = self.center_message(msg, width=75) # Adjust width as needed 34 | stream.write(f"{formatted_msg}\n") 35 | self.flush() 36 | except Exception as e: 37 | self.handleError(record) 38 | logging.error("An error occurred while emitting the log record: %s", str(e)) 39 | 40 | def center_message(self, msg, width): 41 | """ 42 | This method centers a given message within a box of specified width. 43 | 44 | Parameters: 45 | - msg (str): The message to be centered. 46 | - width (int): The total width of the box. 47 | 48 | Returns: 49 | str: The centered message within a box. 50 | """ 51 | # Define the total width of the box 52 | total_width = width 53 | # Calculate padding 54 | padding = ( 55 | total_width - len(msg) - 2 56 | ) // 2 # Subtract 2 for the spaces around the message 57 | padding = max(padding, 0) 58 | # Construct the centered message 59 | centered_msg = f"{' ' * padding}{msg}{' ' * padding}" 60 | if len(centered_msg) < total_width: 61 | centered_msg = centered_msg[:-1] 62 | # Construct the full box with @ symbols 63 | box_top_bottom = "-" * total_width 64 | return f"\n{box_top_bottom}\n{centered_msg}\n{box_top_bottom}" 65 | 66 | 67 | def setup_logging(): 68 | """ 69 | This method centers a given message within a box of specified width. 70 | 71 | Parameters: 72 | - msg (str): The message to be centered. 73 | - width (int): The total width of the box. 74 | 75 | Returns: 76 | str: The centered message within a box. 77 | """ 78 | logger = logging.getLogger("nv-attestation-sdk") 79 | logger.setLevel(logging.DEBUG) 80 | 81 | handler = SimpleMessageHandler(sys.stdout) 82 | formatter = logging.Formatter("%(message)s") 83 | handler.setFormatter(formatter) 84 | return logger 85 | 86 | 87 | def get_logger(): 88 | logger = logging.getLogger("sdk-logger") 89 | if logger.hasHandlers(): 90 | return logger 91 | 92 | logger.setLevel(logging.DEBUG) 93 | 94 | console_handler = logging.StreamHandler(sys.stdout) 95 | console_formatter = logging.Formatter("%(message)s") 96 | console_handler.setFormatter(console_formatter) 97 | console_handler.setLevel(logging.INFO) 98 | 99 | logger_file_path = os.path.join(os.getcwd(), "attestation_sdk.log") 100 | if os.path.exists(logger_file_path): 101 | os.remove(logger_file_path) 102 | file_handler = logging.FileHandler(logger_file_path) 103 | file_handler.setLevel(logging.DEBUG) 104 | file_handler.setFormatter( 105 | logging.Formatter("%(asctime)s:%(levelname)s: %(message)s", "%m-%d-%Y %H:%M:%S") 106 | ) 107 | 108 | logger.addHandler(console_handler) 109 | logger.addHandler(file_handler) 110 | 111 | return logger 112 | 113 | 114 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/nras_utils.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | """ 5 | Utility functions for handling claims in a token for remote verifiers. 6 | """ 7 | from urllib.parse import urlparse 8 | import base64 9 | import logging 10 | import json 11 | import requests 12 | import jwt 13 | 14 | from cryptography.x509 import load_der_x509_certificate 15 | from cryptography.hazmat.backends import default_backend 16 | from ..utils import unified_eat_parser, claim_utils 17 | from .. import attestation 18 | 19 | console_logger = logging.getLogger("sdk-console") 20 | file_logger = logging.getLogger("sdk-file") 21 | 22 | 23 | def create_jwks_url(verifier_url: str) -> str: 24 | """Generate JWKS URL using the verifier URL 25 | 26 | Args: 27 | verifier_url (str): Verifier URL 28 | 29 | Returns: 30 | str: JWKS URL 31 | """ 32 | parsed_url = urlparse(verifier_url) 33 | jwks_url = f"{parsed_url.scheme}://{parsed_url.netloc}/.well-known/jwks.json" 34 | return jwks_url 35 | 36 | 37 | def validate_gpu_token(verifier, gpu_token: list, policy: str) -> bool: 38 | """Validate GPU token using a policy 39 | 40 | Args: 41 | verifier (_type_): verifier object 42 | gpu_token (str): EAT token 43 | policy (str): Appraisal policy for attestation results 44 | 45 | Returns: 46 | bool: result 47 | """ 48 | file_logger.info("GPU token validation started with value %s:", gpu_token) 49 | if not (policy and gpu_token): 50 | file_logger.error("Invalid policy or token") 51 | return False 52 | return validate_gpu_token_with_policy( 53 | verifier[attestation.VerifierFields.URL], 54 | gpu_token, 55 | claim_utils.get_auth_rules(policy), 56 | ) 57 | 58 | 59 | def validate_claims_and_decode( 60 | verifier_url: str, auth_rules: dict, claim_type: str, claim_token: str 61 | ) -> bool: 62 | """ 63 | A function that validates claims and decodes a claim token. 64 | """ 65 | claims_decoded = decode_nras_token(verifier_url, claim_token) 66 | if not claim_utils.validate_claims(claims_decoded, auth_rules[claim_type]): 67 | file_logger.error("[ERROR] %s do not match the appraisal policy", claim_type) 68 | return False 69 | file_logger.info("%s have been validated successfully", claim_type) 70 | return True 71 | 72 | 73 | def validate_gpu_token_with_policy( 74 | verifier_url: str, token: list, auth_rules: dict 75 | ) -> bool: 76 | """ 77 | A function to validate a GPU token with a given policy. 78 | """ 79 | if auth_rules["type"] != unified_eat_parser.get_overall_token_type(token): 80 | console_logger.error("[ERROR] Invalid token. Token type must be JWT. Found %s instead", unified_eat_parser.get_overall_token_type(token)) 81 | return False 82 | 83 | if not validate_claims_and_decode( 84 | verifier_url, 85 | auth_rules, 86 | "overall-claims", 87 | unified_eat_parser.get_overall_claims_token(token), 88 | ): 89 | return False 90 | 91 | # check detached claims for all submodules 92 | detached_claims = unified_eat_parser.get_detached_claims_token(token) 93 | for key in detached_claims: 94 | file_logger.info( 95 | "Evaluating evidence for %s with appraisal policy for attestation results", 96 | key, 97 | ) 98 | if not validate_claims_and_decode( 99 | verifier_url, auth_rules, "detached-claims", detached_claims[key] 100 | ): 101 | return False 102 | 103 | return True 104 | 105 | 106 | def get_matching_key(jwks_data, kid): 107 | """ 108 | A function that searches for a matching key based on the kid parameter 109 | in the provided jwks_data dictionary 110 | """ 111 | for key in jwks_data["keys"]: 112 | if key["kid"] == kid: 113 | return key 114 | return None 115 | 116 | 117 | def decode_jwt_token(token, cert): 118 | # Skipping verification of iat and nbf claims 119 | # until https://github.com/jpadilla/pyjwt/issues/814 is fixed 120 | """ 121 | A function that decodes a JWT token using the provided certificate. 122 | """ 123 | return jwt.decode( 124 | token, 125 | cert.public_key(), 126 | algorithms=["ES384"], 127 | options={"verify_iat": False, "verify_nbf": False}, 128 | ) 129 | 130 | 131 | def decode_nras_token(verifier_url: str, token: str) -> dict: 132 | """ 133 | A function to decode a token using the provided verifier URL and token. 134 | """ 135 | try: 136 | jwks_url = create_jwks_url(verifier_url) 137 | console_logger.info("***** Validating Signature using JWKS endpoint %s ****** ", jwks_url) 138 | jwks_data = requests.get(jwks_url, timeout=30).json() 139 | kid = jwt.get_unverified_header(token)["kid"] 140 | matching_key = get_matching_key(jwks_data, kid) 141 | if matching_key and "x5c" in matching_key: 142 | try: 143 | matching_cert = matching_key["x5c"][0].encode() 144 | dercert = base64.b64decode(matching_cert) 145 | cert = load_der_x509_certificate(dercert, default_backend()) 146 | decoded_token = decode_jwt_token(token, cert) 147 | file_logger.info("Decoded Token %s:", json.dumps(decoded_token, indent=2)) 148 | console_logger.info("***** JWT token signature is valid. *****") 149 | return decoded_token 150 | except jwt.ExpiredSignatureError: 151 | console_logger.error("JWT token has expired.") 152 | except jwt.InvalidTokenError as e: 153 | console_logger.error("JWT token signature is invalid %s", repr(e)) 154 | else: 155 | console_logger.error("No matching key or x5c key found for the provided kid.") 156 | except Exception as e: 157 | console_logger.error("Error in decoding token using JWKs endpoint %s", repr(e)) 158 | return {} 159 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/unified_eat_parser.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | 5 | """ 6 | Utility functions for EAT token parsing. 7 | """ 8 | 9 | 10 | def get_overall_token_type(token: list) -> str: 11 | """ 12 | Get the overall token type from a list of tokens. 13 | 14 | :param token: A list of tokens. 15 | :return: The type of the overall token. 16 | """ 17 | overall_token_arr = token[0] 18 | return overall_token_arr[0] 19 | 20 | 21 | def get_overall_claims_token(token: list) -> str: 22 | """ 23 | A function that takes a list as input and returns a string. 24 | It extracts the second element of the first list in the input list. 25 | """ 26 | overall_token_arr = token[0] 27 | return overall_token_arr[1] 28 | 29 | 30 | def get_detached_claims_token(token: list) -> str: 31 | """ 32 | A function that takes in a list as a parameter and returns the element at index 1. 33 | Parameters: 34 | token (list): The input list. 35 | Returns: 36 | str: The element at index 1 of the input list. 37 | """ 38 | return token[1] 39 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/certs/verifier_RIM_root.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICKTCCAbCgAwIBAgIQRdrjoA5QN73fh1N17LXicDAKBggqhkjOPQQDAzBFMQsw 3 | CQYDVQQGEwJVUzEPMA0GA1UECgwGTlZJRElBMSUwIwYDVQQDDBxOVklESUEgQ29S 4 | SU0gc2lnbmluZyBSb290IENBMCAXDTIzMDMxNjE1MzczNFoYDzIwNTMwMzA4MTUz 5 | NzM0WjBFMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGTlZJRElBMSUwIwYDVQQDDBxO 6 | VklESUEgQ29SSU0gc2lnbmluZyBSb290IENBMHYwEAYHKoZIzj0CAQYFK4EEACID 7 | YgAEuECyi9vNM+Iw2lfUzyBldHAwaC1HF7TCgp12QcEyUTm3Tagxwr48d55+K2VI 8 | lWYIDk7NlAIQdcV/Ff7euGLI+Qauj93HsSI4WX298PpW54RTgz9tC+Q684caR/BX 9 | WEeZo2MwYTAdBgNVHQ4EFgQUpaXrOPK4ZDAk08DBskn594zeZjAwHwYDVR0jBBgw 10 | FoAUpaXrOPK4ZDAk08DBskn594zeZjAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B 11 | Af8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwHGDyscDP6ihHqRvZlI3eqZ4YkvjE 12 | 1duaN84tAHRVgxVMvNrp5Tnom3idHYGW/dskAjATvjIx6VzHm/4e2GiZAyZEIUBD 13 | OKPzp5ei/A0iUZpdvngenDwV8Qa/wGdiTmJ7Bp4= 14 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/certs/verifier_device_root.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICCzCCAZCgAwIBAgIQLTZwscoQBBHB/sDoKgZbVDAKBggqhkjOPQQDAzA1MSIw 3 | IAYDVQQDDBlOVklESUEgRGV2aWNlIElkZW50aXR5IENBMQ8wDQYDVQQKDAZOVklE 4 | SUEwIBcNMjExMTA1MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMDUxIjAgBgNVBAMM 5 | GU5WSURJQSBEZXZpY2UgSWRlbnRpdHkgQ0ExDzANBgNVBAoMBk5WSURJQTB2MBAG 6 | ByqGSM49AgEGBSuBBAAiA2IABA5MFKM7+KViZljbQSlgfky/RRnEQScW9NDZF8SX 7 | gAW96r6u/Ve8ZggtcYpPi2BS4VFu6KfEIrhN6FcHG7WP05W+oM+hxj7nyA1r1jkB 8 | 2Ry70YfThX3Ba1zOryOP+MJ9vaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B 9 | Af8EBAMCAQYwHQYDVR0OBBYEFFeF/4PyY8xlfWi3Olv0jUrL+0lfMB8GA1UdIwQY 10 | MBaAFFeF/4PyY8xlfWi3Olv0jUrL+0lfMAoGCCqGSM49BAMDA2kAMGYCMQCPeFM3 11 | TASsKQVaT+8S0sO9u97PVGCpE9d/I42IT7k3UUOLSR/qvJynVOD1vQKVXf0CMQC+ 12 | EY55WYoDBvs2wPAH1Gw4LbcwUN8QCff8bFmV4ZxjCRr4WXTLFHBKjbfneGSBWwA= 13 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/models/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/models/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/models/nvswitch.py: -------------------------------------------------------------------------------- 1 | from ..utils.cert_chain_utils import get_switch_cert_chain 2 | 3 | 4 | class NVSwitch: 5 | 6 | def __init__(self, uuid, attestation_cert_chain, attestation_report): 7 | self.uuid = uuid 8 | self.attestation_cert_chain = get_switch_cert_chain(attestation_cert_chain) 9 | self.attestation_report = attestation_report 10 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/nscq/paths.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2021-2024 NVIDIA Corporation. All rights reserved. 3 | # 4 | # NOTICE TO USER: 5 | # 6 | # This source code is subject to NVIDIA ownership rights under U.S. and 7 | # international Copyright laws. Users and possessors of this source code 8 | # are hereby granted a nonexclusive, royalty-free license to use this code 9 | # in individual and commercial software. 10 | # 11 | # NVIDIA MAKES NO REPRESENTATION ABOUT THE SUITABILITY OF THIS SOURCE 12 | # CODE FOR ANY PURPOSE. IT IS PROVIDED "AS IS" WITHOUT EXPRESS OR 13 | # IMPLIED WARRANTY OF ANY KIND. NVIDIA DISCLAIMS ALL WARRANTIES WITH 14 | # REGARD TO THIS SOURCE CODE, INCLUDING ALL IMPLIED WARRANTIES OF 15 | # MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. 16 | # IN NO EVENT SHALL NVIDIA BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, 17 | # OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS 18 | # OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 19 | # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE 20 | # OR PERFORMANCE OF THIS SOURCE CODE. 21 | # 22 | # U.S. Government End Users. This source code is a "commercial item" as 23 | # that term is defined at 48 C.F.R. 2.101 (OCT 1995), consisting of 24 | # "commercial computer software" and "commercial computer software 25 | # documentation" as such terms are used in 48 C.F.R. 12.212 (SEPT 1995) 26 | # and is provided to the U.S. Government only as a commercial end item. 27 | # Consistent with 48 C.F.R.12.212 and 48 C.F.R. 227.7202-1 through 28 | # 227.7202-4 (JUNE 1995), all U.S. Government End Users acquire the 29 | # source code with only those rights set forth herein. 30 | # 31 | # Any use of this source code in individual and commercial software must 32 | # include, in the user documentation and internal comments to the code, 33 | # the above Disclaimer and U.S. Government End Users Notice. 34 | # 35 | 36 | nscq_nvswitch_drv_version = b"/drv/nvswitch/version" 37 | nscq_nvswitch_device_uuid_path = b"/drv/nvswitch/{device}/uuid" 38 | nscq_nvswitch_pcie_mode = b"/{nvswitch}/config/pcie_mode" 39 | nscq_nvswitch_attestation_report = b"/{nvswitch}/config/attestation_report" 40 | nscq_nvswitch_certificate = b"/{nvswitch}/config/certificate" 41 | nscq_nvswitch_arch = b"/{nvswitch}/id/arch" 42 | 43 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/nvswitch_verifier.py: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this 9 | # list of conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, 12 | # this list of conditions and the following disclaimer in the documentation 13 | # and/or other materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its 16 | # contributors may be used to endorse or promote products derived from 17 | # this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | from .config import ( 32 | BaseSettings, 33 | ) 34 | import logging 35 | from .exceptions import InvalidMeasurementIndexError 36 | from nv_attestation_sdk.utils.logging_config import get_logger 37 | logger = get_logger() 38 | 39 | 40 | class SwitchVerifier: 41 | """ A class to match the runtime Switch measurements against the golden 42 | measurements. 43 | """ 44 | 45 | def verify(self, settings): 46 | """ This methods compares the runtime measurement with the golden measurement in order to check if there is any discrepancy. 47 | 48 | Args: 49 | settings (config.LS10Settings): the object containing the various config info. 50 | 51 | Returns: 52 | [bool]: returns True if all the valid golden measurements values matches with the 53 | corresponding runtime measurements. Otherwise, returns False. 54 | """ 55 | logger.info("\tComparing measurements (runtime vs golden)") 56 | 57 | if len(self.runtime_measurements) == 0: 58 | logger.warning("\t\t\tWarning : no measurements from attestation report received.") 59 | 60 | if len(self.golden_measurements) == 0: 61 | logger.warning("\t\t\tWarning : no golden measurements from RIMs received.") 62 | 63 | # Make sure that active golden measurement are always less than or equal to run time measurement 64 | if len(self.golden_measurements) > len(self.runtime_measurements): 65 | logger.warning( 66 | "\t\t\tWarning : Golden measurement are more than measurements in Attestation report.") 67 | return False 68 | 69 | list_of_mismatched_indexes = list() 70 | 71 | for i in self.golden_measurements: 72 | 73 | is_matching = False 74 | 75 | for j in range(self.golden_measurements[i].get_number_of_alternatives()): 76 | 77 | if self.golden_measurements[i].get_value_at_index(j) == self.runtime_measurements[i] and \ 78 | self.golden_measurements[i].get_size() == len(self.runtime_measurements[i]) // 2: 79 | is_matching = True 80 | 81 | if not is_matching: 82 | # Measurements are not matching. 83 | list_of_mismatched_indexes.append(i) 84 | 85 | if len(list_of_mismatched_indexes) > 0: 86 | 87 | logger.info("""\t\t\tThe runtime measurements are not matching with the 88 | golden measurements at the following indexes(starting from 0) :\n\t\t\t[""") 89 | 90 | list_of_mismatched_indexes.sort() 91 | 92 | for i, index in enumerate(list_of_mismatched_indexes): 93 | if i != len(list_of_mismatched_indexes) - 1: 94 | logger.info(f'\t\t\t{index}, ') 95 | else: 96 | logger.info("\t\t\t" + str(index)) 97 | logger.info("\t\t\t]") 98 | settings.mark_measurements_as_matching(False) 99 | return False 100 | else: 101 | logger.info("\t\t\tThe runtime measurements are matching with the golden measurements.\ 102 | \n\t\tSwitch is in expected state.") 103 | settings.mark_measurements_as_matching() 104 | return True 105 | 106 | def generate_golden_measurement_list(self, vbios_golden_measurements, settings): 107 | """ This method takes the driver and vbios golden measurements and 108 | combines them into a single dictionary with the measurement index as 109 | the key and the golden measurement object as the value. 110 | 111 | Args: 112 | vbios_golden_measurements (dict): the dictionary containing the vbios golden measurements. 113 | settings (config.LS10Settings): the object containing the various config info. 114 | 115 | Raises: 116 | InvalidMeasurementIndexError: it is raised in case both the driver and vbios RIM file have 117 | active measurement at the same index. 118 | """ 119 | self.golden_measurements = dict() 120 | 121 | for gld_msr_idx in vbios_golden_measurements: 122 | 123 | if vbios_golden_measurements[gld_msr_idx].is_active() and \ 124 | gld_msr_idx in self.golden_measurements: 125 | settings.mark_no_driver_vbios_measurement_index_conflict(False) 126 | raise InvalidMeasurementIndexError( 127 | f"The driver and vbios RIM have measurement at the same index : {gld_msr_idx}") 128 | 129 | elif vbios_golden_measurements[gld_msr_idx].is_active(): 130 | self.golden_measurements[gld_msr_idx] = vbios_golden_measurements[gld_msr_idx] 131 | 132 | settings.mark_no_driver_vbios_measurement_index_conflict() 133 | 134 | def __init__(self, attestation_report_obj, vbios_rim_obj, settings): 135 | """ The constructor method for the Verifier class. 136 | 137 | Args: 138 | attestation_report_obj (AttestationReport): the attestation report. 139 | vbios_rim_obj (rim.RIM): the vbios RIM object containing the vbios golden measurement. 140 | settings (config.LS10Settings): the object containing the various config info. 141 | """ 142 | self.generate_golden_measurement_list(vbios_rim_obj.get_measurements(), 143 | settings) 144 | self.runtime_measurements = attestation_report_obj.get_measurements() 145 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/utils/__init__.py: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this 9 | # list of conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, 12 | # this list of conditions and the following disclaimer in the documentation 13 | # and/or other materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its 16 | # contributors may be used to endorse or promote products derived from 17 | # this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | import queue 32 | from queue import Empty 33 | from threading import ( 34 | Thread, 35 | Event, 36 | ) 37 | 38 | from cryptography import x509 39 | from cryptography.hazmat.primitives import serialization 40 | 41 | from ..exceptions import ( 42 | TimeoutError, 43 | ) 44 | 45 | 46 | def read_field_as_little_endian(binary_data): 47 | """ Reads a multi-byte field in little endian form and return the read 48 | field as a hexadecimal string. 49 | 50 | Args: 51 | binary_data (bytes): the data to be read in little endian format. 52 | 53 | Returns: 54 | [str]: the value of the field as hexadecimal string. 55 | """ 56 | assert type(binary_data) is bytes 57 | x = str() 58 | 59 | for i in range(len(binary_data)): 60 | temp = binary_data[i: i + 1] 61 | x = temp.hex() + x 62 | 63 | return x 64 | 65 | 66 | def convert_string_to_blob(inp): 67 | """ A function to convert the input string of byte values to bytes data type. 68 | 69 | Args: 70 | inp (str): the input string 71 | 72 | Returns: 73 | [bytes]: the corresponding binary data. 74 | """ 75 | assert type(inp) is str 76 | 77 | out = inp.replace(" ", "") 78 | out = out.replace("\n", "") 79 | out = out.replace("0x", "") 80 | out = out.replace("\\x", "") 81 | out = bytes.fromhex(out) 82 | return out 83 | 84 | 85 | def extract_public_key(certificate): 86 | """ Reads the leaf certificate and then extract the public key. 87 | 88 | Args: 89 | certificate (cryptography.hazmat.backends.openssl.x509._Certificate): 90 | the switch leaf certificate as an cryptography x509 object. 91 | 92 | Returns: 93 | [bytes]: the public key extracted from the certificate in PEM format. 94 | """ 95 | assert isinstance(certificate, x509.Certificate) 96 | public_key = certificate.public_key() 97 | public_key_in_pem_format = public_key.public_bytes(encoding=serialization.Encoding.PEM, 98 | format=serialization.PublicFormat.SubjectPublicKeyInfo) 99 | return public_key_in_pem_format 100 | 101 | 102 | def is_zeros(x): 103 | """ This function checks if all the character are zeros of the given input 104 | string. 105 | 106 | Args: 107 | x (str): the input string. 108 | 109 | Returns: 110 | [bool]: True if all the characters are '0', otherwise False. 111 | """ 112 | assert type(x) is str 113 | 114 | for i in range(len(x)): 115 | if x[i] != '0': 116 | return False 117 | 118 | return True 119 | 120 | 121 | def format_vbios_version(version): 122 | """ Converts the input VBIOS version to a string 123 | 124 | Args: 125 | version (bytes): the VBIOS version 126 | 127 | Returns: 128 | [str]: the vbios version in the required format. 129 | """ 130 | assert type(version) is bytes 131 | return version.decode("utf-8") 132 | 133 | 134 | def function_caller(inp, logger): 135 | """ This function is run in a separate thread by 136 | function_wrapper_with_timeout function so that return values 137 | and exceptions are propagated to the caller. 138 | Note that since Python does not provide a way to cancel/kill 139 | a running thread the caller must expect that a thread that 140 | exceeded the time limit is still running. 141 | 142 | Args: 143 | inp (tuple): the tuple containing the function to be executed and its 144 | arguments. 145 | """ 146 | q = inp[-1] 147 | function_name = inp[-2] 148 | function = inp[0] 149 | arguments = inp[1:-2] 150 | try: 151 | result = function(*arguments) 152 | q.put((result, None)) 153 | logger.info(f"{function_name} completed successfully") 154 | except BaseException as e: 155 | q.put((None, e)) 156 | logger.info(f"{function_name} raised an exception") 157 | 158 | 159 | 160 | def function_wrapper_with_timeout(args, logger, max_time_delay): 161 | """ This function spawns a separate thread for the given function in the 162 | arguments to be executed in that separate thread. 163 | 164 | Args: 165 | args (list): the list containing the function and its arguments. 166 | 167 | Raises: 168 | TimeoutError: it is raised if the thread spawned takes more time than 169 | the threshold time limit. 170 | Exception: raises any exception raised by the called thread 171 | 172 | Returns: 173 | [any]: the return of the function being executed in the thread. 174 | """ 175 | assert type(args) is list 176 | function_name = args[-1] 177 | q = queue.Queue() 178 | args.append(q) 179 | args = ((args), logger) 180 | logger.info(f"{function_name} called.") 181 | thread = Thread(target=function_caller, args=args, daemon=True) 182 | thread.start() 183 | try: 184 | return_value, inner_exception = q.get(block=True, timeout=max_time_delay) 185 | except Empty as e: 186 | raise TimeoutError(f"Call to {function_name} timed out after {max_time_delay} seconds.") from e 187 | if inner_exception is not None: 188 | raise inner_exception 189 | return return_value 190 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/utils/cert_chain_utils.py: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this 9 | # list of conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, 12 | # this list of conditions and the following disclaimer in the documentation 13 | # and/or other materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its 16 | # contributors may be used to endorse or promote products derived from 17 | # this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | from OpenSSL import crypto 32 | import re 33 | import base64 34 | from ..config import ( 35 | BaseSettings, 36 | ) 37 | from ..nvswitch_admin_utils import NVSwitchAdminUtils 38 | from ..exceptions import CertExtractionError 39 | 40 | 41 | def extract_cert_chain(bin_cert_chain_data): 42 | """ A static method that takes in the raw data coming in from the nvml api as the switch certificate chain in PEM format 43 | and then parse it to extract the individual certificates from the certificate chain. 44 | 45 | Args: 46 | bin_cert_chain_data (bytes): the certificate chain in PEM format. 47 | 48 | Returns: 49 | [list] : List of the certificates extracted from the given cert chain. 50 | """ 51 | try: 52 | assert type(bin_cert_chain_data) is bytes 53 | 54 | PEM_CERT_END_DELIMITER = '-----END CERTIFICATE-----' 55 | start_index = 0 56 | end_index = None 57 | 58 | str_data = bin_cert_chain_data.decode() 59 | cert_obj_list = list() 60 | 61 | for itr in re.finditer(PEM_CERT_END_DELIMITER, str_data): 62 | end_index = itr.start() 63 | cert_obj_list.append(crypto.load_certificate(crypto.FILETYPE_PEM, \ 64 | str_data[ 65 | start_index: end_index + len(PEM_CERT_END_DELIMITER)])) 66 | 67 | start_index = end_index + len(PEM_CERT_END_DELIMITER) + len('\n') 68 | 69 | if len(str_data) < start_index: 70 | break 71 | return cert_obj_list 72 | 73 | except Exception as err: 74 | info_log.error(err) 75 | err_msg = "\tSomething went wrong while extracting the individual certificates from the certificate chain." 76 | event_log.error(err_msg) 77 | raise CertExtractionError(err_msg) 78 | 79 | 80 | def extract_switch_cert_chain_base64(switch_attestation_cert_chain): 81 | """ Method to extract Switch Certificate Chain and convert that to base64 encoded string 82 | 83 | Args: 84 | switch_attestation_cert_chain: Switch Certificate Chain from the Attestation Report 85 | 86 | Returns: 87 | base64 encoded Switch Certificate Chain 88 | """ 89 | cert_chain_data = "" 90 | for certificate in switch_attestation_cert_chain: 91 | cert = certificate.to_cryptography() 92 | py_open_ssl_cert = NVSwitchAdminUtils.convert_cert_from_cryptography_to_pyopenssl(cert) 93 | cert_chain_data += crypto.dump_certificate(crypto.FILETYPE_PEM, py_open_ssl_cert).decode() 94 | cert_chain_bytes = cert_chain_data.encode("ascii") 95 | encoded_cert_chain = base64.b64encode(cert_chain_bytes) 96 | encoded_cert_chain = encoded_cert_chain.decode('utf-8') 97 | return encoded_cert_chain 98 | 99 | 100 | def get_switch_cert_chain(switch_cert_chain): 101 | switch_att_cert_chain = extract_cert_chain(switch_cert_chain[0])[:-1] 102 | with open(BaseSettings.DEVICE_ROOT_CERT, 'r') as f: 103 | data = f.read() 104 | switch_att_cert_chain.append(crypto.load_certificate(type=crypto.FILETYPE_PEM, buffer=data)) 105 | return switch_att_cert_chain 106 | 107 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/attestation_sdk/tests/__init__.py -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | 11 | client = attestation.Attestation() 12 | client.set_name("thisNode1") 13 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 14 | client.set_claims_version("3.0") 15 | 16 | print ("[LocalGPUTest] node name :", client.get_name()) 17 | file = "../../policies/local/NVGPULocalv4PolicyExample.json" 18 | 19 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "") 20 | 21 | print(client.get_verifiers()) 22 | 23 | print ("[LocalGPUTest] call get_evidence()") 24 | evidence_list = client.get_evidence() 25 | 26 | print ("[LocalGPUTest] call attest() - expecting True") 27 | print("[LocalGPUTest] call attest() - result : ", client.attest(evidence_list)) 28 | print ("[LocalGPUTest] token : "+str(client.get_token())) 29 | print ("[LocalGPUTest] call validate_token() - expecting True") 30 | 31 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 32 | json_data = json.load(json_file) 33 | att_result_policy = json.dumps(json_data) 34 | print ("[LocalGPUTest] call validate_token() - result: ", client.validate_token(att_result_policy)) 35 | 36 | client.decode_token(client.get_token()) 37 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest_ServiceKey.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | 11 | client = attestation.Attestation() 12 | client.set_name("thisNode1") 13 | client.set_service_key("someServiceKey") 14 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 15 | 16 | print ("[LocalGPUTest] node name :", client.get_name()) 17 | file = "../../policies/local/NVGPULocalPolicyExample.json" 18 | 19 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "") 20 | 21 | print(client.get_verifiers()) 22 | 23 | print ("[LocalGPUTest] call get_evidence()") 24 | evidence_list = client.get_evidence() 25 | 26 | print ("[LocalGPUTest] call attest() - expecting True") 27 | print("[LocalGPUTest] call attest() - result : ", client.attest(evidence_list)) 28 | print ("[LocalGPUTest] token : "+str(client.get_token())) 29 | print ("[LocalGPUTest] call validate_token() - expecting True") 30 | 31 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 32 | json_data = json.load(json_file) 33 | att_result_policy = json.dumps(json_data) 34 | print ("[LocalGPUTest] call validate_token() - result: ", client.validate_token(att_result_policy)) 35 | 36 | client.decode_token(client.get_token()) 37 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest_claims_2.0.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | 11 | client = attestation.Attestation() 12 | client.set_name("thisNode1") 13 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 14 | 15 | print ("[LocalGPUTest] node name :", client.get_name()) 16 | file = "../../policies/local/NVGPULocalPolicyExample.json" 17 | 18 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "") 19 | 20 | print(client.get_verifiers()) 21 | 22 | print ("[LocalGPUTest] call get_evidence()") 23 | evidence_list = client.get_evidence() 24 | 25 | print ("[LocalGPUTest] call attest() - expecting True") 26 | print("[LocalGPUTest] call attest() - result : ", client.attest(evidence_list)) 27 | print ("[LocalGPUTest] token : "+str(client.get_token())) 28 | print ("[LocalGPUTest] call validate_token() - expecting True") 29 | 30 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 31 | json_data = json.load(json_file) 32 | att_result_policy = json.dumps(json_data) 33 | print ("[LocalGPUTest] call validate_token() - result: ", client.validate_token(att_result_policy)) 34 | 35 | client.decode_token(client.get_token()) 36 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalSwitchTest.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | client = attestation.Attestation() 11 | client.set_name("thisNode1") 12 | print ("[LocalSwitchTest] node name :", client.get_name()) 13 | 14 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 15 | client.set_claims_version("3.0") 16 | 17 | client.add_verifier(attestation.Devices.SWITCH, attestation.Environment.LOCAL, "", "") 18 | 19 | evidence_list = client.get_evidence() 20 | 21 | client.attest(evidence_list) 22 | file = "../../policies/local/NVSwitchLocalv4PolicyExample.json" 23 | print ("[LocalSwitchTest] token : "+str(client.get_token())) 24 | 25 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 26 | json_data = json.load(json_file) 27 | att_result_policy = json.dumps(json_data) 28 | print(client.validate_token(att_result_policy)) 29 | 30 | client.decode_token(client.get_token()) 31 | 32 | 33 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalSwitchTest_ServiceKey.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | client = attestation.Attestation() 11 | client.set_name("thisNode1") 12 | client.set_service_key("someServiceKey") 13 | print ("[LocalSwitchTest] node name :", client.get_name()) 14 | 15 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 16 | 17 | client.add_verifier(attestation.Devices.SWITCH, attestation.Environment.LOCAL, "", "") 18 | 19 | evidence_list = client.get_evidence() 20 | 21 | client.attest(evidence_list) 22 | file = "../../policies/local/NVSwitchLocalPolicyExample.json" 23 | print ("[LocalSwitchTest] token : "+str(client.get_token())) 24 | 25 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 26 | json_data = json.load(json_file) 27 | remote_att_result_policy = json.dumps(json_data) 28 | print(client.validate_token(remote_att_result_policy)) 29 | 30 | client.decode_token(client.get_token()) -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalSwitchTest_claims_2.0.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | client = attestation.Attestation() 11 | client.set_name("thisNode1") 12 | print ("[LocalSwitchTest] node name :", client.get_name()) 13 | 14 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 15 | 16 | client.add_verifier(attestation.Devices.SWITCH, attestation.Environment.LOCAL, "", "") 17 | 18 | evidence_list = client.get_evidence() 19 | 20 | client.attest(evidence_list) 21 | file = "../../policies/local/NVSwitchLocalPolicyExample.json" 22 | print ("[LocalSwitchTest] token : "+str(client.get_token())) 23 | 24 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 25 | json_data = json.load(json_file) 26 | att_result_policy = json.dumps(json_data) 27 | print(client.validate_token(att_result_policy)) 28 | 29 | client.decode_token(client.get_token()) 30 | 31 | 32 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | NRAS_URL = "https://nras.attestation.nvidia.com/v4/attest/gpu" 11 | client = attestation.Attestation() 12 | client.set_name("thisNode1") 13 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 14 | client.set_claims_version("3.0") 15 | 16 | print("[RemoteGPUTest] node name :", client.get_name()) 17 | 18 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.REMOTE, NRAS_URL, "") 19 | print(client.get_verifiers()) 20 | 21 | print("[RemoteGPUTest] call get_evidence()") 22 | evidence_list = client.get_evidence() 23 | 24 | print("[RemoteGPUTest] call attest() - expecting True") 25 | print(client.attest(evidence_list)) 26 | 27 | print("[RemoteGPUTest] token : " + str(client.get_token())) 28 | print("[RemoteGPUTest] call validate_token() - expecting True") 29 | 30 | file = "../../policies/remote/v4/NVGPURemotePolicyExample.json" 31 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 32 | json_data = json.load(json_file) 33 | remote_att_result_policy = json.dumps(json_data) 34 | print(client.validate_token(remote_att_result_policy)) 35 | 36 | client.decode_token(client.get_token()) 37 | 38 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest_ServiceKey.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | NRAS_URL = "https://nras.attestation.nvidia.com/v3/attest/gpu" 11 | client = attestation.Attestation() 12 | client.set_name("thisNode1") 13 | client.set_service_key("someServiceKey") 14 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 15 | 16 | print("[RemoteGPUTest] node name :", client.get_name()) 17 | 18 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.REMOTE, NRAS_URL, "") 19 | print(client.get_verifiers()) 20 | 21 | print("[RemoteGPUTest] call get_evidence()") 22 | evidence_list = client.get_evidence() 23 | 24 | print("[RemoteGPUTest] call attest() - expecting True") 25 | print(client.attest(evidence_list)) 26 | 27 | print("[RemoteGPUTest] token : " + str(client.get_token())) 28 | print("[RemoteGPUTest] call validate_token() - expecting True") 29 | 30 | file = "../../policies/remote/v3/NVGPURemotePolicyExample.json" 31 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 32 | json_data = json.load(json_file) 33 | remote_att_result_policy = json.dumps(json_data) 34 | print(client.validate_token(remote_att_result_policy)) 35 | 36 | client.decode_token(client.get_token()) -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest_claims_2.0.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | NRAS_URL = "https://nras.attestation.nvidia.com/v3/attest/gpu" 11 | client = attestation.Attestation() 12 | client.set_name("thisNode1") 13 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 14 | 15 | print("[RemoteGPUTest] node name :", client.get_name()) 16 | 17 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.REMOTE, NRAS_URL, "") 18 | print(client.get_verifiers()) 19 | 20 | print("[RemoteGPUTest] call get_evidence()") 21 | evidence_list = client.get_evidence() 22 | 23 | print("[RemoteGPUTest] call attest() - expecting True") 24 | print(client.attest(evidence_list)) 25 | 26 | print("[RemoteGPUTest] token : " + str(client.get_token())) 27 | print("[RemoteGPUTest] call validate_token() - expecting True") 28 | 29 | file = "../../policies/remote/v3/NVGPURemotePolicyExample.json" 30 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 31 | json_data = json.load(json_file) 32 | remote_att_result_policy = json.dumps(json_data) 33 | print(client.validate_token(remote_att_result_policy)) 34 | 35 | client.decode_token(client.get_token()) 36 | 37 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteSwitchTest.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import json 8 | import os 9 | import jwt 10 | 11 | NRAS_URL = "https://nras.attestation.nvidia.com/v4/attest/switch" 12 | 13 | client = attestation.Attestation() 14 | client.set_name("thisNode1") 15 | print ("[RemoteSwitchTest] node name :", client.get_name()) 16 | file = "../../policies/remote/v4/NVSwitchRemotePolicyExample.json" 17 | client.set_claims_version("3.0") 18 | 19 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 20 | 21 | client.add_verifier(attestation.Devices.SWITCH, attestation.Environment.REMOTE, NRAS_URL, "") 22 | 23 | evidence_list = client.get_evidence() 24 | 25 | client.attest(evidence_list) 26 | print ("[RemoteSwitchTest] token : "+str(client.get_token())) 27 | print ("[RemoteSwitchTest] call validate_token() - expecting True") 28 | 29 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 30 | json_data = json.load(json_file) 31 | remote_att_result_policy = json.dumps(json_data) 32 | print(client.validate_token(remote_att_result_policy)) 33 | 34 | client.decode_token(client.get_token()) 35 | 36 | 37 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteSwitchTest_ServiceKey.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import json 8 | import os 9 | import jwt 10 | 11 | NRAS_URL = "https://nras.attestation.nvidia.com/v3/attest/switch" 12 | 13 | client = attestation.Attestation() 14 | client.set_name("thisNode1") 15 | client.set_service_key("someServiceKey") 16 | print ("[RemoteSwitchTest] node name :", client.get_name()) 17 | file = "../../policies/remote/v3/NVSwitchRemotePolicyExample.json" 18 | 19 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 20 | 21 | client.add_verifier(attestation.Devices.SWITCH, attestation.Environment.REMOTE, NRAS_URL, "") 22 | 23 | evidence_list = client.get_evidence() 24 | 25 | client.attest(evidence_list) 26 | print ("[RemoteSwitchTest] token : "+str(client.get_token())) 27 | print ("[RemoteSwitchTest] call validate_token() - expecting True") 28 | 29 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 30 | json_data = json.load(json_file) 31 | remote_att_result_policy = json.dumps(json_data) 32 | print(client.validate_token(remote_att_result_policy)) 33 | 34 | client.decode_token(client.get_token()) -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteSwitchTest_claims_2.0.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import json 8 | import os 9 | import jwt 10 | 11 | NRAS_URL = "https://nras.attestation.nvidia.com/v3/attest/switch" 12 | 13 | client = attestation.Attestation() 14 | client.set_name("thisNode1") 15 | print ("[RemoteSwitchTest] node name :", client.get_name()) 16 | file = "../../policies/remote/v3/NVSwitchRemotePolicyExample.json" 17 | 18 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 19 | 20 | client.add_verifier(attestation.Devices.SWITCH, attestation.Environment.REMOTE, NRAS_URL, "") 21 | 22 | evidence_list = client.get_evidence() 23 | 24 | client.attest(evidence_list) 25 | print ("[RemoteSwitchTest] token : "+str(client.get_token())) 26 | print ("[RemoteSwitchTest] call validate_token() - expecting True") 27 | 28 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 29 | json_data = json.load(json_file) 30 | remote_att_result_policy = json.dumps(json_data) 31 | print(client.validate_token(remote_att_result_policy)) 32 | 33 | client.decode_token(client.get_token()) 34 | 35 | 36 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/no_gpu/LocalNoGPUTest.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | OCSP_URL = "https://ocsp.ndis.nvidia.com/" 11 | RIM_URL = "https://rim.attestation.nvidia.com/v1/rim/" 12 | 13 | client = attestation.Attestation() 14 | client.set_name("thisNode1") 15 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 16 | print ("[LocalGPUTest] node name :", client.get_name()) 17 | file = "../policies/local/NVGPULocalPolicyExample.json" 18 | 19 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "", OCSP_URL, RIM_URL) 20 | print(client.get_verifiers()) 21 | 22 | print ("[LocalGPUTest] call get_evidence()") 23 | evidence_list = client.get_evidence(options={"no_gpu_mode": True}) 24 | 25 | print ("[LocalGPUTest] call attest() - expecting True") 26 | print("[LocalGPUTest] call attest() - result : ", client.attest(evidence_list)) 27 | print ("[LocalGPUTest] token : "+str(client.get_token())) 28 | print ("[LocalGPUTest] call validate_token() - expecting True") 29 | 30 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 31 | json_data = json.load(json_file) 32 | att_result_policy = json.dumps(json_data) 33 | print ("[LocalGPUTest] call validate_token() - result: ", client.validate_token(att_result_policy)) 34 | 35 | client.decode_token(client.get_token()) 36 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/end_to_end/no_gpu/LocalNoGPUWithServiceKeyTest.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 5 | # 6 | from nv_attestation_sdk import attestation 7 | import os 8 | import json 9 | 10 | OCSP_URL = "https://ocsp.ndis.nvidia.com/" 11 | RIM_URL = "https://rim.attestation.nvidia.com/v1/rim/" 12 | 13 | client = attestation.Attestation() 14 | client.set_name("thisNode1") 15 | client.set_service_key("someServiceKey") 16 | client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb") 17 | print ("[LocalGPUTest] node name :", client.get_name()) 18 | file = "../policies/local/NVGPULocalPolicyExample.json" 19 | 20 | client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "", OCSP_URL, RIM_URL) 21 | print(client.get_verifiers()) 22 | 23 | print ("[LocalGPUTest] call get_evidence()") 24 | evidence_list = client.get_evidence(options={"no_gpu_mode": True}) 25 | 26 | print ("[LocalGPUTest] call attest() - expecting True") 27 | print("[LocalGPUTest] call attest() - result : ", client.attest(evidence_list)) 28 | print ("[LocalGPUTest] token : "+str(client.get_token())) 29 | print ("[LocalGPUTest] call validate_token() - expecting True") 30 | 31 | with open(os.path.join(os.path.dirname(__file__), file)) as json_file: 32 | json_data = json.load(json_file) 33 | att_result_policy = json.dumps(json_data) 34 | print ("[LocalGPUTest] call validate_token() - result: ", client.validate_token(att_result_policy)) 35 | 36 | client.decode_token(client.get_token()) 37 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/local/NVGPULocalPolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"3.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "LOCAL_GPU_VERIFIER", 7 | "x-nvidia-overall-att-result": true, 8 | "x-nvidia-ver": "2.0" 9 | }, 10 | "detached-claims":{ 11 | "measres": "success", 12 | "x-nvidia-gpu-arch-check": true, 13 | "x-nvidia-gpu-attestation-report-cert-chain-validated": true, 14 | "x-nvidia-gpu-attestation-report-parsed": true, 15 | "x-nvidia-gpu-attestation-report-nonce-match": true, 16 | "x-nvidia-gpu-attestation-report-signature-verified": true, 17 | "x-nvidia-gpu-driver-rim-fetched": true, 18 | "x-nvidia-gpu-driver-rim-schema-validated": true, 19 | "x-nvidia-gpu-driver-rim-cert-validated": true, 20 | "x-nvidia-gpu-driver-rim-signature-verified": true, 21 | "x-nvidia-gpu-driver-rim-measurements-available": true, 22 | "x-nvidia-gpu-vbios-rim-fetched": true, 23 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 24 | "x-nvidia-gpu-vbios-rim-cert-validated": true, 25 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 26 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 27 | "x-nvidia-gpu-vbios-index-no-conflict": true 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/local/NVGPULocalv4PolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"4.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "LOCAL_GPU_VERIFIER", 7 | "x-nvidia-overall-att-result": true, 8 | "x-nvidia-ver": "3.0" 9 | }, 10 | "detached-claims":{ 11 | "measres": "success", 12 | "x-nvidia-gpu-arch-check": true, 13 | "x-nvidia-gpu-attestation-report-parsed": true, 14 | "x-nvidia-gpu-attestation-report-nonce-match": true, 15 | "x-nvidia-gpu-attestation-report-signature-verified": true, 16 | "x-nvidia-gpu-attestation-report-cert-chain": 17 | { 18 | "x-nvidia-cert-status": "valid", 19 | "x-nvidia-cert-ocsp-status": "good" 20 | }, 21 | "x-nvidia-gpu-attestation-report-cert-chain-fwid-match": true, 22 | "x-nvidia-gpu-driver-rim-fetched": true, 23 | "x-nvidia-gpu-driver-rim-schema-validated": true, 24 | "x-nvidia-gpu-driver-rim-signature-verified": true, 25 | "x-nvidia-gpu-driver-rim-measurements-available": true, 26 | "x-nvidia-gpu-driver-rim-version-match": true, 27 | "x-nvidia-gpu-driver-rim-cert-chain": 28 | { 29 | "x-nvidia-cert-status": "valid", 30 | "x-nvidia-cert-ocsp-status": "good" 31 | }, 32 | "x-nvidia-gpu-vbios-rim-fetched": true, 33 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 34 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 35 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 36 | "x-nvidia-gpu-vbios-rim-version-match": true, 37 | "x-nvidia-gpu-vbios-index-no-conflict": true, 38 | "x-nvidia-gpu-vbios-rim-cert-chain": 39 | { 40 | "x-nvidia-cert-status": "valid", 41 | "x-nvidia-cert-ocsp-status": "good" 42 | } 43 | } 44 | } 45 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/local/NVSwitchLocalPolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"3.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "LOCAL_SWITCH_VERIFIER", 7 | "x-nvidia-overall-att-result": true, 8 | "x-nvidia-ver": "2.0" 9 | }, 10 | "detached-claims":{ 11 | "measres": "success", 12 | "x-nvidia-switch-arch-check": true, 13 | "x-nvidia-switch-bios-rim-measurements-available": true, 14 | "x-nvidia-switch-attestation-report-signature-verified": true, 15 | "x-nvidia-switch-attestation-report-parsed": true, 16 | "x-nvidia-switch-attestation-report-nonce-match": true, 17 | "x-nvidia-switch-attestation-report-cert-chain-validated": true, 18 | "x-nvidia-switch-bios-rim-schema-validated": true, 19 | "x-nvidia-switch-bios-rim-signature-verified": true, 20 | "x-nvidia-switch-bios-rim-cert-validated": true, 21 | "x-nvidia-switch-bios-rim-fetched": true 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/local/NVSwitchLocalv4PolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"4.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "LOCAL_SWITCH_VERIFIER", 7 | "x-nvidia-overall-att-result": true, 8 | "x-nvidia-ver": "3.0" 9 | }, 10 | "detached-claims":{ 11 | "measres": "success", 12 | "x-nvidia-switch-arch-check": true, 13 | "x-nvidia-switch-attestation-report-parsed": true, 14 | "x-nvidia-switch-attestation-report-nonce-match": true, 15 | "x-nvidia-switch-attestation-report-signature-verified": true, 16 | "x-nvidia-switch-attestation-report-cert-chain": 17 | { 18 | "x-nvidia-cert-status": "valid", 19 | "x-nvidia-cert-ocsp-status": "good" 20 | }, 21 | "x-nvidia-switch-attestation-report-cert-chain-fwid-match": true, 22 | "x-nvidia-switch-bios-rim-fetched": true, 23 | "x-nvidia-switch-bios-rim-schema-validated": true, 24 | "x-nvidia-switch-bios-rim-signature-verified": true, 25 | "x-nvidia-switch-bios-rim-cert-chain": 26 | { 27 | "x-nvidia-cert-status": "valid", 28 | "x-nvidia-cert-ocsp-status": "good" 29 | }, 30 | "x-nvidia-switch-bios-rim-version-match": true, 31 | "x-nvidia-switch-bios-rim-measurements-available": true 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/remote/v1/NVGPULocalPolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"1.0", 3 | "authorization-rules":{ 4 | "x-nv-gpu-available":true, 5 | "x-nv-gpu-attestation-report-available":true, 6 | "x-nv-gpu-info-fetched":true, 7 | "x-nv-gpu-arch-check":true, 8 | "x-nv-gpu-root-cert-available":true, 9 | "x-nv-gpu-cert-chain-verified":true, 10 | "x-nv-gpu-ocsp-cert-chain-verified":true, 11 | "x-nv-gpu-ocsp-signature-verified":true, 12 | "x-nv-gpu-cert-ocsp-nonce-match":true, 13 | "x-nv-gpu-cert-check-complete":true, 14 | "x-nv-gpu-measurement-available":true, 15 | "x-nv-gpu-attestation-report-parsed":true, 16 | "x-nv-gpu-nonce-match":true, 17 | "x-nv-gpu-attestation-report-driver-version-match":true, 18 | "x-nv-gpu-attestation-report-vbios-version-match":true, 19 | "x-nv-gpu-attestation-report-verified":true, 20 | "x-nv-gpu-driver-rim-schema-fetched":true, 21 | "x-nv-gpu-driver-rim-schema-validated":true, 22 | "x-nv-gpu-driver-rim-cert-extracted":true, 23 | "x-nv-gpu-driver-rim-signature-verified":true, 24 | "x-nv-gpu-driver-rim-driver-measurements-available":true, 25 | "x-nv-gpu-driver-vbios-rim-fetched":true, 26 | "x-nv-gpu-vbios-rim-schema-validated":true, 27 | "x-nv-gpu-vbios-rim-cert-extracted":true, 28 | "x-nv-gpu-vbios-rim-signature-verified":true, 29 | "x-nv-gpu-vbios-rim-driver-measurements-available":true, 30 | "x-nv-gpu-vbios-index-no-conflict":true, 31 | "x-nv-gpu-measurements-match":true 32 | } 33 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/remote/v1/NVGPURemotePolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"1.0", 3 | "authorization-rules":{ 4 | "sub":"NVIDIA-GPU-ATTESTATION", 5 | "secboot":true, 6 | "x-nvidia-gpu-manufacturer":"NVIDIA Corporation", 7 | "x-nvidia-attestation-type":"GPU", 8 | "eat_nonce":"931D8DD0ADD203AC3D8B4FBDE75E115278EEFCDCEAC5B87671A748F32364DFCB", 9 | "x-nvidia-attestation-detailed-result":{ 10 | "x-nvidia-gpu-driver-rim-schema-validated":true, 11 | "x-nvidia-gpu-vbios-rim-cert-validated":true, 12 | "x-nvidia-gpu-attestation-report-cert-chain-validated":true, 13 | "x-nvidia-gpu-driver-rim-schema-fetched":true, 14 | "x-nvidia-gpu-attestation-report-parsed":true, 15 | "x-nvidia-gpu-nonce-match":true, 16 | "x-nvidia-gpu-vbios-rim-signature-verified":true, 17 | "x-nvidia-gpu-driver-rim-signature-verified":true, 18 | "x-nvidia-gpu-arch-check":true, 19 | "x-nvidia-gpu-measurements-match":true, 20 | "x-nvidia-gpu-attestation-report-signature-verified":true, 21 | "x-nvidia-gpu-vbios-rim-schema-validated":true, 22 | "x-nvidia-gpu-driver-rim-cert-validated":true, 23 | "x-nvidia-gpu-vbios-rim-schema-fetched":true, 24 | "x-nvidia-gpu-vbios-rim-measurements-available":true, 25 | "x-nvidia-gpu-driver-rim-driver-measurements-available":true 26 | }, 27 | "x-nvidia-gpu-driver-version":"535.104.05", 28 | "hwmodel":"GH100 A01 GSP BROM", 29 | "measres":"comparison-successful", 30 | "x-nvidia-gpu-vbios-version":"96.00.5E.00.02" 31 | } 32 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/remote/v2/NVGPURemotePolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"2.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "https://nras.attestation.nvidia.com", 7 | "x-nvidia-overall-att-result": true 8 | }, 9 | "detached-claims":{ 10 | "x-nvidia-gpu-driver-rim-schema-validated": true, 11 | "x-nvidia-gpu-attestation-report-cert-chain-validated": true, 12 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 13 | "x-nvidia-gpu-measurements-match": true, 14 | "x-nvidia-gpu-vbios-rim-schema-fetched": true, 15 | "x-nvidia-gpu-vbios-rim-cert-validated": true, 16 | "x-nvidia-gpu-driver-rim-schema-fetched": true, 17 | "x-nvidia-gpu-attestation-report-parsed": true, 18 | "x-nvidia-gpu-nonce-match": true, 19 | "x-nvidia-gpu-driver-rim-signature-verified": true, 20 | "x-nvidia-gpu-arch-check": true, 21 | "x-nvidia-gpu-driver-rim-measurements-available": true, 22 | "x-nvidia-gpu-attestation-report-signature-verified": true, 23 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 24 | "x-nvidia-gpu-driver-rim-cert-validated": true, 25 | "x-nvidia-gpu-vbios-rim-measurements-available": true 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/remote/v2/NVSwitchRemotePolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"2.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "https://nras.attestation.nvidia.com", 7 | "x-nvidia-overall-att-result": true 8 | }, 9 | "detached-claims":{ 10 | "measres": "comparison-successful", 11 | "x-nvidia-switch-vbios-rim-measurements-available": true, 12 | "x-nvidia-switch-measurements-match": true, 13 | "x-nvidia-switch-attestation-report-signature-verified": true, 14 | "x-nvidia-switch-attestation-report-parsed": true, 15 | "x-nvidia-switch-nonce-match": true, 16 | "x-nvidia-switch-attestation-report-cert-chain-validated": true, 17 | "x-nvidia-switch-vbios-rim-schema-validated": true, 18 | "x-nvidia-switch-vbios-rim-signature-verified": true, 19 | "x-nvidia-switch-vbios-rim-cert-validated": true, 20 | "x-nvidia-switch-vbios-rim-schema-fetched": true 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/remote/v3/NVGPURemotePolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"3.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "x-nvidia-overall-att-result": true, 7 | "x-nvidia-ver": "2.0" 8 | }, 9 | "detached-claims":{ 10 | "measres": "success", 11 | "x-nvidia-gpu-arch-check": true, 12 | "x-nvidia-gpu-attestation-report-cert-chain-validated": true, 13 | "x-nvidia-gpu-attestation-report-parsed": true, 14 | "x-nvidia-gpu-attestation-report-nonce-match": true, 15 | "x-nvidia-gpu-attestation-report-signature-verified": true, 16 | "x-nvidia-gpu-driver-rim-fetched": true, 17 | "x-nvidia-gpu-driver-rim-schema-validated": true, 18 | "x-nvidia-gpu-driver-rim-cert-validated": true, 19 | "x-nvidia-gpu-driver-rim-signature-verified": true, 20 | "x-nvidia-gpu-driver-rim-measurements-available": true, 21 | "x-nvidia-gpu-vbios-rim-fetched": true, 22 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 23 | "x-nvidia-gpu-vbios-rim-cert-validated": true, 24 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 25 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 26 | "x-nvidia-gpu-vbios-index-no-conflict": true 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/remote/v3/NVSwitchRemotePolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"3.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "x-nvidia-overall-att-result": true, 7 | "x-nvidia-ver": "2.0" 8 | }, 9 | "detached-claims":{ 10 | "measres": "success", 11 | "x-nvidia-switch-arch-check": true, 12 | "x-nvidia-switch-bios-rim-measurements-available": true, 13 | "x-nvidia-switch-attestation-report-signature-verified": true, 14 | "x-nvidia-switch-attestation-report-parsed": true, 15 | "x-nvidia-switch-attestation-report-nonce-match": true, 16 | "x-nvidia-switch-attestation-report-cert-chain-validated": true, 17 | "x-nvidia-switch-bios-rim-schema-validated": true, 18 | "x-nvidia-switch-bios-rim-signature-verified": true, 19 | "x-nvidia-switch-bios-rim-cert-validated": true, 20 | "x-nvidia-switch-bios-rim-fetched": true 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/remote/v4/NVGPURemotePolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"4.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "x-nvidia-overall-att-result": true, 7 | "x-nvidia-ver": "3.0" 8 | }, 9 | "detached-claims":{ 10 | "measres": "success", 11 | "x-nvidia-gpu-arch-check": true, 12 | "x-nvidia-gpu-attestation-report-parsed": true, 13 | "x-nvidia-gpu-attestation-report-nonce-match": true, 14 | "x-nvidia-gpu-attestation-report-signature-verified": true, 15 | "x-nvidia-gpu-attestation-report-cert-chain": 16 | { 17 | "x-nvidia-cert-status": "valid", 18 | "x-nvidia-cert-ocsp-status": "good" 19 | }, 20 | "x-nvidia-gpu-attestation-report-cert-chain-fwid-match": true, 21 | "x-nvidia-gpu-driver-rim-fetched": true, 22 | "x-nvidia-gpu-driver-rim-schema-validated": true, 23 | "x-nvidia-gpu-driver-rim-signature-verified": true, 24 | "x-nvidia-gpu-driver-rim-version-match": true, 25 | "x-nvidia-gpu-driver-rim-cert-chain": 26 | { 27 | "x-nvidia-cert-status": "valid", 28 | "x-nvidia-cert-ocsp-status": "good" 29 | }, 30 | "x-nvidia-gpu-driver-rim-measurements-available": true, 31 | "x-nvidia-gpu-vbios-rim-fetched": true, 32 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 33 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 34 | "x-nvidia-gpu-vbios-rim-version-match": true, 35 | "x-nvidia-gpu-vbios-rim-cert-chain": 36 | { 37 | "x-nvidia-cert-status": "valid", 38 | "x-nvidia-cert-ocsp-status": "good" 39 | }, 40 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 41 | "x-nvidia-gpu-vbios-index-no-conflict": true 42 | } 43 | } 44 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/policies/remote/v4/NVSwitchRemotePolicyExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"4.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "x-nvidia-overall-att-result": true, 7 | "x-nvidia-ver": "3.0" 8 | }, 9 | "detached-claims":{ 10 | "measres": "success", 11 | "x-nvidia-switch-arch-check": true, 12 | "x-nvidia-switch-bios-rim-measurements-available": true, 13 | "x-nvidia-switch-attestation-report-signature-verified": true, 14 | "x-nvidia-switch-attestation-report-parsed": true, 15 | "x-nvidia-switch-attestation-report-nonce-match": true, 16 | "x-nvidia-switch-attestation-report-cert-chain": 17 | { 18 | "x-nvidia-cert-status": "valid", 19 | "x-nvidia-cert-ocsp-status": "good" 20 | }, 21 | "x-nvidia-switch-attestation-report-cert-chain-fwid-match": true, 22 | "x-nvidia-switch-bios-rim-schema-validated": true, 23 | "x-nvidia-switch-bios-rim-signature-verified": true, 24 | "x-nvidia-switch-bios-rim-cert-chain": 25 | { 26 | "x-nvidia-cert-status": "valid", 27 | "x-nvidia-cert-ocsp-status": "good" 28 | }, 29 | "x-nvidia-switch-bios-rim-version-match": true, 30 | "x-nvidia-switch-bios-rim-fetched": true 31 | } 32 | } 33 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/gpu/detached_claims_local.json: -------------------------------------------------------------------------------- 1 | { 2 | "measres": "success", 3 | "x-nvidia-gpu-arch-check": true, 4 | "x-nvidia-gpu-driver-version": "570.00", 5 | "x-nvidia-gpu-vbios-version": "96.00.9F.00.01", 6 | "x-nvidia-gpu-attestation-report-cert-chain-validated": true, 7 | "x-nvidia-gpu-attestation-report-parsed": true, 8 | "x-nvidia-gpu-attestation-report-nonce-match": true, 9 | "x-nvidia-gpu-attestation-report-signature-verified": true, 10 | "x-nvidia-gpu-driver-rim-fetched": true, 11 | "x-nvidia-gpu-driver-rim-schema-validated": true, 12 | "x-nvidia-gpu-driver-rim-cert-validated": true, 13 | "x-nvidia-gpu-driver-rim-signature-verified": true, 14 | "x-nvidia-gpu-driver-rim-measurements-available": true, 15 | "x-nvidia-gpu-vbios-rim-fetched": true, 16 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 17 | "x-nvidia-gpu-vbios-rim-cert-validated": true, 18 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 19 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 20 | "x-nvidia-gpu-vbios-index-no-conflict": true, 21 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 22 | "hwmodel": "GH100 A01 GSP BROM", 23 | "ueid": "481858311570236547493498289839486179865867984732", 24 | "oemid": "5703", 25 | "iss": "LOCAL_GPU_VERIFIER", 26 | "nbf": 1727394219, 27 | "iat": 1727394339, 28 | "exp": 4880995383, 29 | "jti": "3c6011db-f2ee-4752-8a89-338ed8418a87", 30 | "secboot":true, 31 | "dbgstat":"disabled" 32 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/gpu/detached_claims_remote.json: -------------------------------------------------------------------------------- 1 | { 2 | "x-nvidia-gpu-driver-rim-schema-validated": true, 3 | "iss": "https://nras.attestation-stg.nvidia.com", 4 | "x-nvidia-gpu-attestation-report-cert-chain-validated": true, 5 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 6 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 7 | "x-nvidia-gpu-vbios-rim-fetched": true, 8 | "iat": 1727387975, 9 | "ueid": "481858311570236547493498289839486179865867984732", 10 | "jti": "ac75dc4e-bb1f-4b44-8112-f6c04c3cb4a1", 11 | "x-nvidia-gpu-attestation-report-nonce-match": true, 12 | "x-nvidia-gpu-vbios-index-no-conflict": true, 13 | "x-nvidia-gpu-vbios-rim-cert-validated": true, 14 | "x-nvidia-gpu-attestation-report-parsed": true, 15 | "x-nvidia-gpu-driver-rim-signature-verified": true, 16 | "x-nvidia-gpu-arch-check": true, 17 | "nbf": 1727387975, 18 | "x-nvidia-gpu-driver-version": "570.00", 19 | "x-nvidia-gpu-driver-rim-measurements-available": true, 20 | "x-nvidia-gpu-attestation-report-signature-verified": true, 21 | "hwmodel": "GH100 A01 GSP BROM", 22 | "x-nvidia-gpu-driver-rim-fetched": true, 23 | "oemid": "5703", 24 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 25 | "measres": "success", 26 | "x-nvidia-gpu-driver-rim-cert-validated": true, 27 | "x-nvidia-gpu-vbios-version": "96.00.9F.00.01", 28 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 29 | "exp": 4880995383, 30 | "secboot":true, 31 | "dbgstat":"disabled" 32 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/gpu/detached_granular_claims_local.json: -------------------------------------------------------------------------------- 1 | { 2 | "measres": "success", 3 | "x-nvidia-gpu-arch-check": true, 4 | "x-nvidia-gpu-driver-version": "570.44", 5 | "x-nvidia-gpu-vbios-version": "96.00.9F.00.01", 6 | "x-nvidia-gpu-attestation-report-cert-chain": { 7 | "x-nvidia-cert-expiration-date": "9999-12-31T23:59:59", 8 | "x-nvidia-cert-status": "valid", 9 | "x-nvidia-cert-ocsp-status": "good", 10 | "x-nvidia-cert-revocation-reason": null 11 | }, 12 | "x-nvidia-gpu-attestation-report-cert-chain-fwid-match": true, 13 | "x-nvidia-gpu-attestation-report-parsed": true, 14 | "x-nvidia-gpu-attestation-report-nonce-match": true, 15 | "x-nvidia-gpu-attestation-report-signature-verified": true, 16 | "x-nvidia-gpu-driver-rim-fetched": true, 17 | "x-nvidia-gpu-driver-rim-schema-validated": true, 18 | "x-nvidia-gpu-driver-rim-cert-chain": { 19 | "x-nvidia-cert-expiration-date": "2026-11-20T03:10:39", 20 | "x-nvidia-cert-status": "valid", 21 | "x-nvidia-cert-ocsp-status": "good", 22 | "x-nvidia-cert-revocation-reason": null 23 | }, 24 | "x-nvidia-gpu-driver-rim-signature-verified": true, 25 | "x-nvidia-gpu-driver-rim-version-match": true, 26 | "x-nvidia-gpu-driver-rim-measurements-available": true, 27 | "x-nvidia-gpu-vbios-rim-fetched": true, 28 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 29 | "x-nvidia-gpu-vbios-rim-cert-chain": { 30 | "x-nvidia-cert-expiration-date": "2026-02-22T23:17:58", 31 | "x-nvidia-cert-status": "valid", 32 | "x-nvidia-cert-ocsp-status": "good", 33 | "x-nvidia-cert-revocation-reason": null 34 | }, 35 | "x-nvidia-gpu-vbios-rim-version-match": true, 36 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 37 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 38 | "x-nvidia-gpu-vbios-index-no-conflict": true, 39 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 40 | "hwmodel": "GH100 A01 GSP BROM", 41 | "ueid": "490457405999046854973671575630853621547794591064", 42 | "oemid": "5703", 43 | "iss": "LOCAL_GPU_VERIFIER", 44 | "x-nvidia-attestation-warning": "THE CERTIFICATE HCC RIM L4 Signer IS REVOKED WITH THE STATUS AS 'CERTIFICATE_HOLD'.", 45 | "nbf": 1736197199, 46 | "exp": 1736200919, 47 | "iat": 1736197319, 48 | "jti": "a03100f6-4a97-4ba9-84cf-f866eddaefd0", 49 | "secboot":true, 50 | "dbgstat":"disabled" 51 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/gpu/detached_granular_claims_remote.json: -------------------------------------------------------------------------------- 1 | { 2 | "measres": "success", 3 | "x-nvidia-gpu-arch-check": true, 4 | "x-nvidia-gpu-driver-version": "570.44", 5 | "x-nvidia-gpu-vbios-version": "96.00.9F.00.01", 6 | "x-nvidia-gpu-attestation-report-cert-chain": { 7 | "x-nvidia-cert-expiration-date": "9999-12-31T23:59:59", 8 | "x-nvidia-cert-status": "valid", 9 | "x-nvidia-cert-ocsp-status": "good", 10 | "x-nvidia-cert-revocation-reason": null 11 | }, 12 | "x-nvidia-gpu-attestation-report-cert-chain-fwid-match": true, 13 | "x-nvidia-gpu-attestation-report-parsed": true, 14 | "x-nvidia-gpu-attestation-report-nonce-match": true, 15 | "x-nvidia-gpu-attestation-report-signature-verified": true, 16 | "x-nvidia-gpu-driver-rim-fetched": true, 17 | "x-nvidia-gpu-driver-rim-schema-validated": true, 18 | "x-nvidia-gpu-driver-rim-cert-chain": { 19 | "x-nvidia-cert-expiration-date": "2026-11-20T03:10:39", 20 | "x-nvidia-cert-status": "valid", 21 | "x-nvidia-cert-ocsp-status": "good", 22 | "x-nvidia-cert-revocation-reason": null 23 | }, 24 | "x-nvidia-gpu-driver-rim-signature-verified": true, 25 | "x-nvidia-gpu-driver-rim-version-match": true, 26 | "x-nvidia-gpu-driver-rim-measurements-available": true, 27 | "x-nvidia-gpu-vbios-rim-fetched": true, 28 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 29 | "x-nvidia-gpu-vbios-rim-cert-chain": { 30 | "x-nvidia-cert-expiration-date": "2026-02-22T23:17:58", 31 | "x-nvidia-cert-status": "valid", 32 | "x-nvidia-cert-ocsp-status": "good", 33 | "x-nvidia-cert-revocation-reason": null 34 | }, 35 | "x-nvidia-gpu-vbios-rim-version-match": true, 36 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 37 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 38 | "x-nvidia-gpu-vbios-index-no-conflict": true, 39 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 40 | "hwmodel": "GH100 A01 GSP BROM", 41 | "ueid": "490457405999046854973671575630853621547794591064", 42 | "oemid": "5703", 43 | "iss": "https://nras.attestation-stg.nvidia.com", 44 | "x-nvidia-attestation-warning": "THE CERTIFICATE HCC RIM L4 Signer IS REVOKED WITH THE STATUS AS 'CERTIFICATE_HOLD'.", 45 | "nbf": 1736197199, 46 | "exp": 1736200919, 47 | "iat": 1736197319, 48 | "jti": "a03100f6-4a97-4ba9-84cf-f866eddaefd0", 49 | "secboot":true, 50 | "dbgstat":"disabled" 51 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/gpu/overall_claims_local.json: -------------------------------------------------------------------------------- 1 | { 2 | "sub": "NVIDIA-PLATFORM-ATTESTATION", 3 | "nbf": 1727394219, 4 | "exp": 4880995383, 5 | "iat": 1727394339, 6 | "jti": "5295b60a-6f0c-47c6-a40b-f4e5bcb43fb0", 7 | "x-nvidia-ver": "2.0", 8 | "iss": "LOCAL_GPU_VERIFIER", 9 | "exp": 4880995383, 10 | "x-nvidia-overall-att-result": true, 11 | "submods": { 12 | "GPU-0": [ 13 | "DIGEST", 14 | [ 15 | "SHA256", 16 | "0514275f0ea5765d33396729c2486215ab15ae4aeafeaeb16e207a1e3b420fcf" 17 | ] 18 | ] 19 | }, 20 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdc8c5b87671a748f32364dfcb" 21 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/gpu/overall_claims_remote.json: -------------------------------------------------------------------------------- 1 | { 2 | "sub": "NVIDIA-PLATFORM-ATTESTATION", 3 | "x-nvidia-ver": "2.0", 4 | "nbf": 1727387975, 5 | "iss": "https://nras.attestation.nvidia.com", 6 | "x-nvidia-overall-att-result": true, 7 | "submods": { 8 | "GPU-0": [ 9 | "DIGEST", 10 | [ 11 | "SHA-256", 12 | "e8fdc07449924e6613626e3498128a2c66ca822d52360d6471196ee693df7e1a" 13 | ] 14 | ] 15 | }, 16 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 17 | "iat": 1727387975, 18 | "jti": "dd6a874b-2f9d-4ad3-a913-dbaaaa48fc4b", 19 | "exp": 4880995383 20 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/gpu/overall_granular_claims_local.json: -------------------------------------------------------------------------------- 1 | { 2 | "sub": "NVIDIA-PLATFORM-ATTESTATION", 3 | "nbf": 1736197199, 4 | "exp": 1736200919, 5 | "iat": 1736197319, 6 | "jti": "5050a4f5-9771-4151-8e83-b7e494bfd47e", 7 | "x-nvidia-ver": "3.0", 8 | "iss": "LOCAL_GPU_VERIFIER", 9 | "x-nvidia-overall-att-result": true, 10 | "submods": { 11 | "GPU-0": [ 12 | "DIGEST", 13 | [ 14 | "SHA256", 15 | "a904188fa8a03c91446f93bd25eb04bec4ff821f33a57479aac90707aa26848d" 16 | ] 17 | ] 18 | }, 19 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdc8c5b87671a748f32364dfcb" 20 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/gpu/overall_granular_claims_remote.json: -------------------------------------------------------------------------------- 1 | { 2 | "sub": "NVIDIA-PLATFORM-ATTESTATION", 3 | "x-nvidia-ver": "3.0", 4 | "nbf": 1727387975, 5 | "iss": "https://nras.attestation.nvidia.com", 6 | "x-nvidia-overall-att-result": true, 7 | "submods": { 8 | "GPU-0": [ 9 | "DIGEST", 10 | [ 11 | "SHA-256", 12 | "e8fdc07449924e6613626e3498128a2c66ca822d52360d6471196ee693df7e1a" 13 | ] 14 | ] 15 | }, 16 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 17 | "iat": 1727387975, 18 | "jti": "dd6a874b-2f9d-4ad3-a913-dbaaaa48fc4b", 19 | "exp": 4880995383 20 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/switch/detached_claims_local.json: -------------------------------------------------------------------------------- 1 | { 2 | "measres": "success", 3 | "x-nvidia-switch-arch-check": true, 4 | "x-nvidia-switch-bios-version": "96.10.69.00.01", 5 | "x-nvidia-switch-attestation-report-cert-chain-validated": true, 6 | "x-nvidia-switch-attestation-report-parsed": true, 7 | "x-nvidia-switch-attestation-report-nonce-match": true, 8 | "x-nvidia-switch-attestation-report-signature-verified": true, 9 | "x-nvidia-switch-bios-rim-fetched": true, 10 | "x-nvidia-switch-bios-rim-schema-validated": true, 11 | "x-nvidia-switch-bios-rim-cert-validated": true, 12 | "x-nvidia-switch-bios-rim-signature-verified": true, 13 | "x-nvidia-switch-bios-rim-measurements-available": true, 14 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 15 | "hwmodel": "LS_10 A01 FSP BROM", 16 | "ueid": "668518100723265016197394327246186845398981110561", 17 | "iss": "LOCAL_SWITCH_VERIFIER", 18 | "nbf": 1726766276, 19 | "exp": 4880995383, 20 | "iat": 1726766396, 21 | "jti": "4927a1cf-ee1c-42b7-aa7b-9662a7c667a2", 22 | "secboot":true, 23 | "dbgstat":"disabled" 24 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/switch/detached_claims_remote.json: -------------------------------------------------------------------------------- 1 | { 2 | "measres": "success", 3 | "x-nvidia-switch-arch-check": true, 4 | "x-nvidia-switch-bios-version": "96.10.69.00.01", 5 | "x-nvidia-switch-attestation-report-cert-chain-validated": true, 6 | "x-nvidia-switch-attestation-report-parsed": true, 7 | "x-nvidia-switch-attestation-report-nonce-match": true, 8 | "x-nvidia-switch-attestation-report-signature-verified": true, 9 | "x-nvidia-switch-bios-rim-fetched": true, 10 | "x-nvidia-switch-bios-rim-schema-validated": true, 11 | "x-nvidia-switch-bios-rim-cert-validated": true, 12 | "x-nvidia-switch-bios-rim-signature-verified": true, 13 | "x-nvidia-switch-bios-rim-measurements-available": true, 14 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 15 | "hwmodel": "LS_10 A01 FSP BROM", 16 | "ueid": "668518100723265016197394327246186845398981110561", 17 | "iss": "LOCAL_SWITCH_VERIFIER", 18 | "nbf": 1726766276, 19 | "exp": 4880995383, 20 | "iat": 1726766396, 21 | "jti": "4927a1cf-ee1c-42b7-aa7b-9662a7c667a2", 22 | "secboot":true, 23 | "dbgstat":"disabled" 24 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/switch/detached_granular_claims_local.json: -------------------------------------------------------------------------------- 1 | { 2 | "measres": "success", 3 | "x-nvidia-switch-arch-check": true, 4 | "x-nvidia-switch-bios-version": "96.00.9F.00.01", 5 | "x-nvidia-switch-attestation-report-cert-chain": { 6 | "x-nvidia-cert-expiration-date": "9999-12-31T23:59:59", 7 | "x-nvidia-cert-status": "valid", 8 | "x-nvidia-cert-ocsp-status": "good", 9 | "x-nvidia-cert-revocation-reason": null 10 | }, 11 | "x-nvidia-switch-attestation-report-cert-chain-fwid-match": true, 12 | "x-nvidia-switch-attestation-report-parsed": true, 13 | "x-nvidia-switch-attestation-report-nonce-match": true, 14 | "x-nvidia-switch-attestation-report-signature-verified": true, 15 | "x-nvidia-switch-bios-rim-fetched": true, 16 | "x-nvidia-switch-bios-rim-schema-validated": true, 17 | "x-nvidia-switch-bios-rim-cert-chain": { 18 | "x-nvidia-cert-expiration-date": "2026-02-22T23:17:58", 19 | "x-nvidia-cert-status": "valid", 20 | "x-nvidia-cert-ocsp-status": "good", 21 | "x-nvidia-cert-revocation-reason": null 22 | }, 23 | "x-nvidia-switch-bios-rim-version-match": true, 24 | "x-nvidia-switch-bios-rim-signature-verified": true, 25 | "x-nvidia-switch-bios-rim-measurements-available": true, 26 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 27 | "hwmodel": "GH100 A01 GSP BROM", 28 | "ueid": "490457405999046854973671575630853621547794591064", 29 | "oemid": "5703", 30 | "iss": "LOCAL_SWITCH_VERIFIER", 31 | "x-nvidia-attestation-warning": "THE CERTIFICATE HCC RIM L4 Signer IS REVOKED WITH THE STATUS AS 'CERTIFICATE_HOLD'.", 32 | "nbf": 1736197199, 33 | "exp": 1736200919, 34 | "iat": 1736197319, 35 | "jti": "a03100f6-4a97-4ba9-84cf-f866eddaefd0", 36 | "secboot":true, 37 | "dbgstat":"disabled" 38 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/switch/detached_granular_claims_remote.json: -------------------------------------------------------------------------------- 1 | { 2 | "measres": "success", 3 | "x-nvidia-switch-arch-check": true, 4 | "x-nvidia-switch-bios-version": "96.00.9F.00.01", 5 | "x-nvidia-switch-attestation-report-cert-chain": { 6 | "x-nvidia-cert-expiration-date": "9999-12-31T23:59:59", 7 | "x-nvidia-cert-status": "valid", 8 | "x-nvidia-cert-ocsp-status": "good", 9 | "x-nvidia-cert-revocation-reason": null 10 | }, 11 | "x-nvidia-switch-attestation-report-cert-chain-fwid-match": true, 12 | "x-nvidia-switch-attestation-report-parsed": true, 13 | "x-nvidia-switch-attestation-report-nonce-match": true, 14 | "x-nvidia-switch-attestation-report-signature-verified": true, 15 | "x-nvidia-switch-bios-rim-fetched": true, 16 | "x-nvidia-switch-bios-rim-schema-validated": true, 17 | "x-nvidia-switch-bios-rim-cert-chain": { 18 | "x-nvidia-cert-expiration-date": "2026-02-22T23:17:58", 19 | "x-nvidia-cert-status": "valid", 20 | "x-nvidia-cert-ocsp-status": "good", 21 | "x-nvidia-cert-revocation-reason": null 22 | }, 23 | "x-nvidia-switch-bios-rim-version-match": true, 24 | "x-nvidia-switch-bios-rim-signature-verified": true, 25 | "x-nvidia-switch-bios-rim-measurements-available": true, 26 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 27 | "hwmodel": "GH100 A01 GSP BROM", 28 | "ueid": "490457405999046854973671575630853621547794591064", 29 | "oemid": "5703", 30 | "iss": "https://nras.attestation.nvidia.com", 31 | "x-nvidia-attestation-warning": "THE CERTIFICATE HCC RIM L4 Signer IS REVOKED WITH THE STATUS AS 'CERTIFICATE_HOLD'.", 32 | "nbf": 1736197199, 33 | "exp": 1736200919, 34 | "iat": 1736197319, 35 | "jti": "a03100f6-4a97-4ba9-84cf-f866eddaefd0", 36 | "secboot":true, 37 | "dbgstat":"disabled" 38 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/switch/overall_claims_local.json: -------------------------------------------------------------------------------- 1 | { 2 | "sub": "NVIDIA-PLATFORM-ATTESTATION", 3 | "nbf": 1726248250, 4 | "exp": 4880995383, 5 | "iat": 1726248370, 6 | "jti": "124eee71-3693-48e9-8a99-c5a743ae235b", 7 | "x-nvidia-ver": "2.0", 8 | "iss": "LOCAL_SWITCH_VERIFIER", 9 | "x-nvidia-overall-att-result": true, 10 | "submods": { 11 | "SWITCH-0": [ 12 | "DIGEST", 13 | [ 14 | "SHA256", 15 | "ef51b08b3ca4398ae73b7e0a773c5ec44642b0e3e0439036be6e2cc4e0189d61" 16 | ] 17 | ] 18 | }, 19 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb" 20 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/switch/overall_claims_remote.json: -------------------------------------------------------------------------------- 1 | { 2 | "sub": "NVIDIA-PLATFORM-ATTESTATION", 3 | "x-nvidia-ver": "2.0", 4 | "nbf": 1726503832, 5 | "iss": "https://nras.attestation.nvidia.com", 6 | "x-nvidia-overall-att-result": true, 7 | "submods": { 8 | "SWITCH-0": [ 9 | "DIGEST", 10 | [ 11 | "SHA-256", 12 | "000fbadc4a88fb75ad52a9275215b52ac983cf76aefce0c15fcd0b24bdaa0837" 13 | ] 14 | ] 15 | }, 16 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb", 17 | "exp": 4880995383, 18 | "iat": 1726503832, 19 | "jti": "ffd0912e-3076-4746-9dfe-a763481120a4" 20 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/switch/overall_granular_claims_local.json: -------------------------------------------------------------------------------- 1 | { 2 | "sub": "NVIDIA-PLATFORM-ATTESTATION", 3 | "nbf": 1726248250, 4 | "exp": 4880995383, 5 | "iat": 1726248370, 6 | "jti": "124eee71-3693-48e9-8a99-c5a743ae235b", 7 | "x-nvidia-ver": "3.0", 8 | "iss": "LOCAL_SWITCH_VERIFIER", 9 | "x-nvidia-overall-att-result": true, 10 | "submods": { 11 | "SWITCH-0": [ 12 | "DIGEST", 13 | [ 14 | "SHA256", 15 | "ef51b08b3ca4398ae73b7e0a773c5ec44642b0e3e0439036be6e2cc4e0189d61" 16 | ] 17 | ] 18 | }, 19 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb" 20 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/data/switch/overall_granular_claims_remote.json: -------------------------------------------------------------------------------- 1 | { 2 | "sub": "NVIDIA-PLATFORM-ATTESTATION", 3 | "nbf": 1726248250, 4 | "exp": 4880995383, 5 | "iat": 1726248370, 6 | "jti": "124eee71-3693-48e9-8a99-c5a743ae235b", 7 | "x-nvidia-ver": "3.0", 8 | "iss": "https://nras.attestation.nvidia.com", 9 | "x-nvidia-overall-att-result": true, 10 | "submods": { 11 | "SWITCH-0": [ 12 | "DIGEST", 13 | [ 14 | "SHA256", 15 | "ef51b08b3ca4398ae73b7e0a773c5ec44642b0e3e0439036be6e2cc4e0189d61" 16 | ] 17 | ] 18 | }, 19 | "eat_nonce": "931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb" 20 | } -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/utils/test_common_utils.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | 3 | import time 4 | 5 | from verifier.utils import function_wrapper_with_timeout 6 | from verifier.exceptions import TimeoutError 7 | 8 | 9 | class CommonUtilsTest(unittest.TestCase): 10 | 11 | def test_timeout_returns(self): 12 | def incrementer(x): 13 | return x + 1 14 | 15 | self.assertEqual( 16 | function_wrapper_with_timeout([incrementer, 1, "incrementer"], 1), 17 | 2, 18 | "return value of task is returned" 19 | ) 20 | 21 | def test_timeout_is_raised(self): 22 | with self.assertRaises(TimeoutError): 23 | start = time.monotonic() 24 | function_wrapper_with_timeout([time.sleep, 2, "sleep"], 0.1) 25 | duration = time.monotonic() - start 26 | self.assertLess(duration, 1, "should time out before function would return") 27 | 28 | def test_inner_exception(self): 29 | class CustomException(BaseException): 30 | pass 31 | 32 | def raiser(): 33 | raise CustomException() 34 | 35 | with self.assertRaises(CustomException): 36 | start = time.monotonic() 37 | function_wrapper_with_timeout([raiser, "raiser"], 2) 38 | duration = time.monotonic() - start 39 | self.assertLess(duration, 1, "should return exception quickly and not wait") 40 | -------------------------------------------------------------------------------- /guest_tools/attestation_sdk/tests/pytests/utils/test_local_utils.py: -------------------------------------------------------------------------------- 1 | import base64 2 | import json 3 | import unittest 4 | import jwt 5 | import os 6 | from nv_attestation_sdk.utils.local_utils import validate_token 7 | local_gpu_policy_file = "../../policies/local/NVGPULocalPolicyExample.json" 8 | overall_claims_file_path = "tests/pytests/data/gpu/overall_claims_local.json" 9 | detached_claims_file_path = "tests/pytests/data/gpu/detached_claims_local.json" 10 | class LocalUtilsTest(unittest.TestCase): 11 | 12 | def test_validate_claims(self): 13 | with open(overall_claims_file_path, "r") as file: 14 | overall_claims = json.load(file) 15 | overall_jwt_token = jwt.encode(overall_claims, "secret", algorithm="HS256") 16 | with open(detached_claims_file_path, "r") as file: 17 | detached_claims = json.load(file) 18 | detached_jwt_token = jwt.encode( 19 | detached_claims, "secret", algorithm="HS256" 20 | ) 21 | token = [ 22 | ["JWT", overall_jwt_token], 23 | {"GPU-0": detached_jwt_token}, 24 | ] 25 | with open( 26 | os.path.join(os.path.dirname(__file__), local_gpu_policy_file) 27 | ) as json_file: 28 | json_data = json.load(json_file) 29 | remote_att_result_policy = json.dumps(json_data) 30 | self.assertTrue(validate_token("http//test", token, remote_att_result_policy)) 31 | 32 | def test_validate_claims_fails_with_incorrect_jwt_type(self): 33 | with open(overall_claims_file_path, "r") as file: 34 | overall_claims = json.load(file) 35 | overall_jwt_token = jwt.encode(overall_claims, "secret", algorithm="HS256") 36 | with open(detached_claims_file_path, "r") as file: 37 | detached_claims = json.load(file) 38 | detached_jwt_token = jwt.encode( 39 | detached_claims, "secret", algorithm="HS256" 40 | ) 41 | token = [ 42 | ["JWT1", overall_jwt_token], 43 | {"GPU-0": detached_jwt_token}, 44 | ] 45 | with open( 46 | os.path.join(os.path.dirname(__file__), local_gpu_policy_file) 47 | ) as json_file: 48 | json_data = json.load(json_file) 49 | remote_att_result_policy = json.dumps(json_data) 50 | self.assertFalse(validate_token("http//test", token, remote_att_result_policy)) 51 | 52 | def test_validate_claims_fails_with_unknown_claim_in_detached_policy(self): 53 | with open(overall_claims_file_path, "r") as file: 54 | overall_claims = json.load(file) 55 | overall_jwt_token = jwt.encode(overall_claims, "secret", algorithm="HS256") 56 | with open(detached_claims_file_path, "r") as file: 57 | detached_claims = json.load(file) 58 | detached_jwt_token = jwt.encode( 59 | detached_claims, "secret", algorithm="HS256" 60 | ) 61 | token = [ 62 | ["JWT1", overall_jwt_token], 63 | {"GPU-0": detached_jwt_token}, 64 | ] 65 | with open( 66 | os.path.join(os.path.dirname(__file__), local_gpu_policy_file) 67 | ) as json_file: 68 | json_data = json.load(json_file) 69 | json_data["authorization-rules"]["detached-claims"]["x-nv-test"] = True 70 | remote_att_result_policy = json.dumps(json_data) 71 | self.assertFalse(validate_token("http//test", token, remote_att_result_policy)) 72 | 73 | def test_validate_claims_fails_with_unknown_claim_in_overall_policy(self): 74 | with open(overall_claims_file_path, "r") as file: 75 | overall_claims = json.load(file) 76 | overall_jwt_token = jwt.encode(overall_claims, "secret", algorithm="HS256") 77 | with open(detached_claims_file_path, "r") as file: 78 | detached_claims = json.load(file) 79 | detached_jwt_token = jwt.encode( 80 | detached_claims, "secret", algorithm="HS256" 81 | ) 82 | token = [ 83 | ["JWT1", overall_jwt_token], 84 | {"GPU-0": detached_jwt_token}, 85 | ] 86 | with open( 87 | os.path.join(os.path.dirname(__file__), local_gpu_policy_file) 88 | ) as json_file: 89 | json_data = json.load(json_file) 90 | json_data["authorization-rules"]["overall-claims"]["x-nv-test"] = True 91 | remote_att_result_policy = json.dumps(json_data) 92 | self.assertFalse(validate_token("http//test", token, remote_att_result_policy)) -------------------------------------------------------------------------------- /guest_tools/docs/images/hybrid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/docs/images/hybrid.png -------------------------------------------------------------------------------- /guest_tools/docs/images/nras.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/docs/images/nras.png -------------------------------------------------------------------------------- /guest_tools/docs/images/outpost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/docs/images/outpost.png -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/pyproject.toml: -------------------------------------------------------------------------------- 1 | [project] 2 | name = "nv-local-gpu-verifier" 3 | version = "2.5.0" 4 | description = "A Python-based tool that validates GPU measurements by comparing GPU runtime measurements with authenticated golden measurements" 5 | authors = [ 6 | {name = "NVIDIA"} 7 | ] 8 | readme = "README.md" 9 | requires-python = ">=3.7" 10 | license = {text = "BSD-3-Clause"} 11 | classifiers = [ 12 | "Programming Language :: Python :: 3", 13 | "License :: OSI Approved :: BSD License", 14 | "Operating System :: OS Independent", 15 | ] 16 | keywords = [ 17 | "confidential-computing", 18 | "local-gpu-verifier", 19 | "attestation", 20 | "NVIDIA", 21 | "verifier" 22 | ] 23 | dependencies = [ 24 | 'cryptography == 43.0.1', 25 | 'ecdsa == 0.18.0', 26 | 'lxml >= 4.9.1', 27 | 'signxml == 3.2.0', 28 | 'xmlschema == 2.2.3', 29 | 'pyOpenSSL == 24.2.1', 30 | 'PyJWT == 2.7.0', 31 | 'nvidia-ml-py == 12.550.52', 32 | 'asn1 == 2.7.0' 33 | ] 34 | 35 | [tool.setuptools.package-data] 36 | verifier = ["samples/*.swidtag", "rim/*.xsd", "samples/*.txt","certs/*.pem", "Tests/*/*.txt"] 37 | 38 | -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/__about__.py: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this 9 | # list of conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, 12 | # this list of conditions and the following disclaimer in the documentation 13 | # and/or other materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its 16 | # contributors may be used to endorse or promote products derived from 17 | # this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | __all__ = [ 32 | "__version__", 33 | "__author__", 34 | "__copyright__", 35 | ] 36 | 37 | __version__ = "1.3.0" 38 | 39 | __author__ = "NVIDIA CORPORATION" 40 | __copyright__ = f"Copyright (c) 2021-2023 {__author__}" 41 | -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/certs/verifier_RIM_root.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICKTCCAbCgAwIBAgIQRdrjoA5QN73fh1N17LXicDAKBggqhkjOPQQDAzBFMQsw 3 | CQYDVQQGEwJVUzEPMA0GA1UECgwGTlZJRElBMSUwIwYDVQQDDBxOVklESUEgQ29S 4 | SU0gc2lnbmluZyBSb290IENBMCAXDTIzMDMxNjE1MzczNFoYDzIwNTMwMzA4MTUz 5 | NzM0WjBFMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGTlZJRElBMSUwIwYDVQQDDBxO 6 | VklESUEgQ29SSU0gc2lnbmluZyBSb290IENBMHYwEAYHKoZIzj0CAQYFK4EEACID 7 | YgAEuECyi9vNM+Iw2lfUzyBldHAwaC1HF7TCgp12QcEyUTm3Tagxwr48d55+K2VI 8 | lWYIDk7NlAIQdcV/Ff7euGLI+Qauj93HsSI4WX298PpW54RTgz9tC+Q684caR/BX 9 | WEeZo2MwYTAdBgNVHQ4EFgQUpaXrOPK4ZDAk08DBskn594zeZjAwHwYDVR0jBBgw 10 | FoAUpaXrOPK4ZDAk08DBskn594zeZjAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B 11 | Af8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwHGDyscDP6ihHqRvZlI3eqZ4YkvjE 12 | 1duaN84tAHRVgxVMvNrp5Tnom3idHYGW/dskAjATvjIx6VzHm/4e2GiZAyZEIUBD 13 | OKPzp5ei/A0iUZpdvngenDwV8Qa/wGdiTmJ7Bp4= 14 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/certs/verifier_device_root.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICCzCCAZCgAwIBAgIQLTZwscoQBBHB/sDoKgZbVDAKBggqhkjOPQQDAzA1MSIw 3 | IAYDVQQDDBlOVklESUEgRGV2aWNlIElkZW50aXR5IENBMQ8wDQYDVQQKDAZOVklE 4 | SUEwIBcNMjExMTA1MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMDUxIjAgBgNVBAMM 5 | GU5WSURJQSBEZXZpY2UgSWRlbnRpdHkgQ0ExDzANBgNVBAoMBk5WSURJQTB2MBAG 6 | ByqGSM49AgEGBSuBBAAiA2IABA5MFKM7+KViZljbQSlgfky/RRnEQScW9NDZF8SX 7 | gAW96r6u/Ve8ZggtcYpPi2BS4VFu6KfEIrhN6FcHG7WP05W+oM+hxj7nyA1r1jkB 8 | 2Ry70YfThX3Ba1zOryOP+MJ9vaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B 9 | Af8EBAMCAQYwHQYDVR0OBBYEFFeF/4PyY8xlfWi3Olv0jUrL+0lfMB8GA1UdIwQY 10 | MBaAFFeF/4PyY8xlfWi3Olv0jUrL+0lfMAoGCCqGSM49BAMDA2kAMGYCMQCPeFM3 11 | TASsKQVaT+8S0sO9u97PVGCpE9d/I42IT7k3UUOLSR/qvJynVOD1vQKVXf0CMQC+ 12 | EY55WYoDBvs2wPAH1Gw4LbcwUN8QCff8bFmV4ZxjCRr4WXTLFHBKjbfneGSBWwA= 13 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/exceptions/utils.py: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this 9 | # list of conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, 12 | # this list of conditions and the following disclaimer in the documentation 13 | # and/or other materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its 16 | # contributors may be used to endorse or promote products derived from 17 | # this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | from pynvml import ( 32 | NVML_ERROR_UNINITIALIZED, 33 | NVML_ERROR_TIMEOUT, 34 | NVML_ERROR_RESET_REQUIRED, 35 | NVML_ERROR_IN_USE, 36 | NVML_ERROR_MEMORY, 37 | NVML_ERROR_NO_DATA, 38 | NVML_ERROR_INSUFFICIENT_RESOURCES, 39 | NVMLError, 40 | ) 41 | 42 | from verifier.exceptions import ( 43 | NonceMismatchError, 44 | TimeoutError, 45 | ) 46 | 47 | def is_non_fatal_issue(error): 48 | """ The function to check if the given error is non fatal or not. 49 | 50 | Args: 51 | error (Exception): any exception that may be raised. 52 | 53 | Returns: 54 | [bool]: returns True if the error is non fatal. Otherwise returns 55 | False. 56 | """ 57 | 58 | if isinstance(error, type(NVMLError(NVML_ERROR_UNINITIALIZED))) or \ 59 | isinstance(error, type(NVMLError(NVML_ERROR_TIMEOUT))) or \ 60 | isinstance(error, type(NVMLError(NVML_ERROR_RESET_REQUIRED))) or \ 61 | isinstance(error, type(NVMLError(NVML_ERROR_IN_USE))) or \ 62 | isinstance(error, type(NVMLError(NVML_ERROR_MEMORY))) or \ 63 | isinstance(error, type(NVMLError(NVML_ERROR_NO_DATA))) or \ 64 | isinstance(error, type(NVMLError(NVML_ERROR_INSUFFICIENT_RESOURCES))) or \ 65 | isinstance(error, NonceMismatchError) or \ 66 | isinstance(error, TimeoutError): 67 | return True 68 | 69 | return False 70 | -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/nvml/gpu_cert_chains.py: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this 9 | # list of conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, 12 | # this list of conditions and the following disclaimer in the documentation 13 | # and/or other materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its 16 | # contributors may be used to endorse or promote products derived from 17 | # this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | from OpenSSL import crypto 32 | import re 33 | import base64 34 | from pynvml import nvmlDeviceGetConfComputeGpuCertificate 35 | from verifier.config import ( 36 | BaseSettings, 37 | info_log, 38 | event_log, 39 | ) 40 | from verifier.exceptions import ( 41 | CertExtractionError, 42 | CertChainFetchError, 43 | TimeoutError, 44 | ) 45 | from .test_handle import TestHandle 46 | from verifier.utils import function_wrapper_with_timeout 47 | from verifier.cc_admin_utils import CcAdminUtils 48 | 49 | class GpuCertificateChains: 50 | """ A class to handle the fetching and processing of the GPU attestation certificate chain. 51 | """ 52 | 53 | @classmethod 54 | def get_gpu_certificate_chains(cls, handle): 55 | """ A class method that fetches the GPU attestation certificate chain data in PEM format. 56 | 57 | Args: 58 | handle (pynvml.nvml.LP_struct_c_nvmlDevice_t): handle of the GPU. 59 | 60 | Raises: 61 | CertChainFetchError: raises exception if there is any problem while fetching the certificate chains. 62 | 63 | Returns: 64 | [bytes]: attestation certificate chain data. 65 | """ 66 | try: 67 | cert_struct = function_wrapper_with_timeout([nvmlDeviceGetConfComputeGpuCertificate, 68 | handle, 69 | "nvmlDeviceGetConfComputeGpuCertificate"], 70 | BaseSettings.MAX_NVML_TIME_DELAY) 71 | # fetching the attestation cert chain. 72 | length_of_attestation_cert_chain = cert_struct.attestationCertChainSize 73 | attestation_cert_chain = cert_struct.attestationCertChain 74 | attestation_cert_data = list() 75 | 76 | for i in range(length_of_attestation_cert_chain): 77 | attestation_cert_data.append(attestation_cert_chain[i]) 78 | 79 | bin_attestation_cert_data = bytes(attestation_cert_data) 80 | 81 | return bin_attestation_cert_data 82 | except TimeoutError as err: 83 | raise TimeoutError("\tThe call to fetch GPU Cert chain timed out.") 84 | except Exception as err: 85 | info_log.error(err) 86 | err_msg = "\tSomething went wrong while fetching the certificate chains from the gpu." 87 | event_log.error(err_msg) 88 | raise CertChainFetchError(err_msg) 89 | 90 | @classmethod 91 | def extract_cert_chain(cls, bin_cert_chain_data): 92 | """ A class method that takes in the raw data coming in from the nvml api as the gpu certificate chain in PEM format 93 | and then parse it to extract the individual certificates from the certificate chain. 94 | 95 | Args: 96 | bin_cert_chain_data (bytes): the certificate chain in PEM format. 97 | 98 | Returns: 99 | [list] : List of the certificates extracted from the given cert chain. 100 | """ 101 | try: 102 | assert type(bin_cert_chain_data) is bytes 103 | 104 | PEM_CERT_END_DELIMITER = '-----END CERTIFICATE-----' 105 | start_index = 0 106 | end_index = None 107 | 108 | str_data = bin_cert_chain_data.decode() 109 | cert_obj_list = list() 110 | 111 | for itr in re.finditer(PEM_CERT_END_DELIMITER, str_data): 112 | end_index = itr.start() 113 | cert_obj_list.append(crypto.load_certificate(crypto.FILETYPE_PEM, \ 114 | str_data[start_index : end_index + len(PEM_CERT_END_DELIMITER)])) 115 | 116 | start_index = end_index + len(PEM_CERT_END_DELIMITER) + len('\n') 117 | 118 | if len(str_data) < start_index: 119 | break 120 | return cert_obj_list 121 | 122 | except Exception as err: 123 | info_log.error(err) 124 | err_msg = "\tSomething went wrong while extracting the individual certificates from the certificate chain." 125 | event_log.error(err_msg) 126 | raise CertExtractionError(err_msg) 127 | 128 | @staticmethod 129 | def extract_gpu_cert_chain_base64(gpu_attestation_cert_chain): 130 | """ Method to extract GPU Certificate Chain and convert that to base64 encoded string 131 | 132 | Args: 133 | gpu_attestation_cert_chain: GPU Certificate Chain from the Attestation Report 134 | 135 | Returns: 136 | base64 encoded GPU Certificate Chain 137 | """ 138 | cert_chain_data = "" 139 | for certificate in gpu_attestation_cert_chain: 140 | cert = certificate.to_cryptography() 141 | pyopenSSLCert = CcAdminUtils.convert_cert_from_cryptography_to_pyopenssl(cert) 142 | cert_chain_data += crypto.dump_certificate(crypto.FILETYPE_PEM, pyopenSSLCert).decode() 143 | cert_chain_bytes = cert_chain_data.encode("ascii") 144 | encoded_cert_chain = base64.b64encode(cert_chain_bytes) 145 | encoded_cert_chain = encoded_cert_chain.decode('utf-8') 146 | return encoded_cert_chain 147 | 148 | def __init__(self, handle): 149 | """ Constructor method for the GpuCertificateChains class. 150 | 151 | Args: 152 | handle (pynvml.LP_struct_c_nvmlDevice_t): the GPU device handle. 153 | """ 154 | # Removing the last certificate from the certificate as it is the root certificate for the GPU device certificate chain. 155 | # The verifier_device_root.pem cert in certs directory is used as the root cert for the GPU device certificate chain. 156 | if isinstance(handle, TestHandle): 157 | self.GpuAttestationCertificateChain = self.extract_cert_chain(handle.get_test_gpu_certificate_chain())[:-1] 158 | else: 159 | self.GpuAttestationCertificateChain = self.extract_cert_chain(self.get_gpu_certificate_chains(handle))[:-1] 160 | 161 | with open(BaseSettings.DEVICE_ROOT_CERT, 'r') as f: 162 | data = f.read() 163 | self.GpuAttestationCertificateChain.append(crypto.load_certificate(type= crypto.FILETYPE_PEM, buffer= data)) 164 | -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/nvml/nvmlHandlerTest.py: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-FileCopyrightText: Copyright (c) 2021-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this 9 | # list of conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, 12 | # this list of conditions and the following disclaimer in the documentation 13 | # and/or other materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its 16 | # contributors may be used to endorse or promote products derived from 17 | # this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | from OpenSSL import crypto 32 | import re 33 | 34 | from pynvml import ( 35 | NVML_DEVICE_ARCH_HOPPER, 36 | ) 37 | 38 | from verifier.utils import convert_string_to_blob 39 | from verifier.config import ( 40 | BaseSettings, 41 | HopperSettings, 42 | __author__, 43 | __copyright__, 44 | __version__, 45 | ) 46 | from verifier.nvml import GpuCertificateChains 47 | from verifier.nvml.test_handle import TestHandle 48 | from verifier.exceptions import ( 49 | CertExtractionError, 50 | UnsupportedGpuArchitectureError, 51 | ) 52 | 53 | class NvmlHandlerTest: 54 | 55 | @classmethod 56 | def get_number_of_gpus(cls): 57 | return BaseSettings.TEST_NO_GPU_NUMBER_OF_GPUS 58 | 59 | def extract_cert_chain(self, bin_cert_chain_data): 60 | try: 61 | assert type(bin_cert_chain_data) is bytes 62 | 63 | PEM_CERT_END_DELIMITER = '-----END CERTIFICATE-----' 64 | start_index = 0 65 | end_index = None 66 | 67 | # length of \n is 1 68 | length_of_new_line = 1 69 | 70 | str_data = bin_cert_chain_data.decode() 71 | cert_obj_list = list() 72 | 73 | for itr in re.finditer(PEM_CERT_END_DELIMITER, str_data): 74 | end_index = itr.start() 75 | cert_obj_list.append(crypto.load_certificate(crypto.FILETYPE_PEM, \ 76 | str_data[start_index : end_index + len(PEM_CERT_END_DELIMITER)])) 77 | 78 | start_index = end_index + len(PEM_CERT_END_DELIMITER) + length_of_new_line 79 | 80 | if len(str_data) < start_index: 81 | break 82 | 83 | return cert_obj_list 84 | except Exception as err: 85 | raise CertExtractionError("\tSomething went wrong while extracting the individual certificates from the certificate chain.\n\tQuitting now.") 86 | 87 | def fetch_attestation_report(self): 88 | 89 | if self.GPUArchitecture == NVML_DEVICE_ARCH_HOPPER: 90 | path = HopperSettings.ATTESTATION_REPORT_PATH 91 | else: 92 | raise UnsupportedGpuArchitectureError("Only HOPPER architecture is supported.") 93 | 94 | with open(path, 'r') as f: 95 | data = convert_string_to_blob(f.read()) 96 | return data 97 | 98 | def get_driver_version(self): 99 | return self.DriverVersion 100 | 101 | def get_vbios_version(self): 102 | return self.VbiosVersion 103 | 104 | def get_test_attestation_cert_chain(self): 105 | 106 | if self.GPUArchitecture == NVML_DEVICE_ARCH_HOPPER: 107 | path = HopperSettings.GPU_ATTESTATION_CERTIFICATES_PATH 108 | else: 109 | raise UnsupportedGpuArchitectureError("Only HOPPER architecture is supported.") 110 | 111 | with open(path, 'rb') as f: 112 | data = f.read() 113 | 114 | return data 115 | 116 | def get_attestation_cert_chain(self): 117 | return self.CertificateChains.GpuAttestationCertificateChain 118 | 119 | def get_attestation_report(self): 120 | return self.AttestationReport 121 | 122 | def get_gpu_architecture(self): 123 | return self.GPUArchitecture 124 | 125 | def get_uuid(self): 126 | return self.UUID 127 | 128 | def __init__(self, settings): 129 | self.GPUArchitecture = NVML_DEVICE_ARCH_HOPPER 130 | self.BoardId = 11111 131 | self.Index = 0 132 | self.UUID = 'GPU-11111111-2222-3333-4444-555555555555' 133 | self.VbiosVersion = "96.00.9f.00.01" 134 | self.DriverVersion = "550.90.07" 135 | self.AttestationReport = self.fetch_attestation_report() 136 | settings.mark_attestation_report_as_available() 137 | settings.GPU_ARCH = 9 138 | settings.GPU_ARCH_NAME = "HOPPER" 139 | cert_data = self.get_test_attestation_cert_chain() 140 | handle = TestHandle(cert_data) 141 | self.CertificateChains = GpuCertificateChains(handle) 142 | 143 | -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/nvml/test_handle.py: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # SPDX-License-Identifier: BSD-3-Clause 4 | # 5 | # Redistribution and use in source and binary forms, with or without 6 | # modification, are permitted provided that the following conditions are met: 7 | # 8 | # 1. Redistributions of source code must retain the above copyright notice, this 9 | # list of conditions and the following disclaimer. 10 | # 11 | # 2. Redistributions in binary form must reproduce the above copyright notice, 12 | # this list of conditions and the following disclaimer in the documentation 13 | # and/or other materials provided with the distribution. 14 | # 15 | # 3. Neither the name of the copyright holder nor the names of its 16 | # contributors may be used to endorse or promote products derived from 17 | # this software without specific prior written permission. 18 | # 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | 31 | class TestHandle: 32 | """ A class to feed the hard coded GPU attestation certificate chains 33 | during testing. 34 | """ 35 | 36 | def get_test_gpu_certificate_chain(self): 37 | """ Fetches the hardcoded GPU attestation certificate chain data. 38 | 39 | Returns: 40 | [bytes]: the GPU attestation certificate chain data. 41 | """ 42 | return self.test_cert_chain 43 | 44 | def __init__(self, test_cert_chain_data): 45 | """ Constructor method for the TestHandle class. 46 | 47 | Args: 48 | test_cert_chain_data (bytes): the hardcoded GPU attestation 49 | certificate chain data. 50 | """ 51 | self.test_cert_chain = test_cert_chain_data 52 | -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/samples/hopperAttestationReport.txt: -------------------------------------------------------------------------------- 1 | 11e001ff931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb001160000040c00d0001013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020133000130008048dfd18fe229bf16eb9d30cca0f11a24dafe6eb731de1462984645a0b189b77c4e4e17de727a5e19e3d07de51da33803013300013000164f445c3e282ca8e4ab07c2179b8e02c8e3a2ceb83f9fae8dddaee70aa57207d87792d1481b46c02f9dba6e1fe1e77e0401330001300073bbf35822549e28ba8fb2671fb7b58f46424a0069205b3ecf1d0fa762adef90b538cc9d692eb5c050147f2f1e8214ab05013300013000568b89291a34cece03b12aaa352d9afe273610307525b8443e90faa78d82ecfa9c7827d8f7915c35b2fab972e108668606013300013000c9e4fe668e9dc269a4657146b5e28a22347cde18a4b0e79d8146532f27ebc386f304400ea5d4bf4159b5a6916dd4564e070133000130006850b0a82e7e77c0f51e0e6732163866003390c4eb286d8dfb26a72f711a9c8bcdf402a1fd4e5d70b97708107a785efc0801330001300080161aac5e7509f038a6457b111e048207d1dc0e78edbb8c172fca4139c1d5f29cda67ecdd261fdc9203b76387f7389f090133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a013300013000059b32e712a153f490dbfb7976a9e275d789e28bd4803c357def2b6123327c430526bfaecc200f496d4e149fc5eade030b0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c013300013000413d008cedd5526a79455a178154328ce960af252bdb06e7fe4080049add412488cac39ecf3d80efbdc6bdd3638617730d0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001330001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001301330001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000150133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001601330001300068454d4bb5545a74e478e288469a6548bb4d4aa8556a512f9ddd41b0337a602b3f050a469578139c6cea0e0f7c9861c817013300013000cf98e425ebfb0c20532162d772d5b355bbabc68b0876a3c91a676769a3d6e8460e01be987669f8196ec63b7b6a8d858118013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000190133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a013300013000b718948c035092ebd0c7d6f069141e6bd0cd40d8ddd436aa0d1a705afedfe67c12891d239e6ddf30ea09775d1056ac1a1b0133000130006dbc7f8e23ac6f69c4bf3cb4c61566d7957fce2f0f16a499ac1f724bacb0935eefa5be16f548ba5141449f43555f240c1c0133000130002191a06d9fad030cb8a707391f2e51838d8ca1e17109325b155f774ddcb2bf704ca023ba711a282c93a1afcd590ce20b1d0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e0133000130001d040fdc3c8de3d8afbcebb79bf3a9ec09a277651b7ace16627f6201c90414d9917b57a7bd67482b1929c9ec0bd1a15d1f0133000130001bd45c8a34c33ac6a316050cb0752aa648ac4c6cd26af165cec416557468d21f7a61b6c5c7c4ea6d131be9270659393920013300013000a0d52c35704f13bf52745f27f16285292a7d8e9b8011320c18a58effd1a7934abb414ef99809ec9852568552904d361e210133000130009f976e82fa30fcc6f82bce2c942ad4707c3df6b76e6295ce4c95cf9bb62a08392571e9fb787f19b31bf0f3f04ba887a622013300013000198b81d9c0cefe0b33ad65de3fad238a5461d8ee32487bf70fc1926041408cb114624b8ca6b0d5fc97028b58d9cdb78d2301330001300007bbc504d3327cb76d4c4f3b3f1daf8779e40cc31d60826cb11dcc5d09dc59a83bf693f0fb9b1f0b5e58ed4cdc3a580f24013300013000c0962ed90316ecea959dd0b6632d0c4f4d3bfbf72c4cd9031efe48154ed9ca59b41cd20ce06a7f9ca5cd8b0687cf12582501330001300010570f642e274cfc2b9f1c955fab0aa56b6193d5c5ea271a74eb9764334865695921456dc1ca383d7edf9e67760937ca26013300013000fccd6efa76267f5b43fc4a7647ce843a3912f0944a9bcc907456408c368ad5e85bec4512d9d9aedebab31c3b8095062727013300013000c7ea135dca389918789454861bb593095dc44f8ad39035665daa81fa02cf6fbd3a18227b6224dced70288b9fd3161cc0280133000130005d7a8a08deeeeef3df07828dafeb112bd2372504d324eff2f4eb43893315fe331428c9afbc52fcc06159d406f0ca90af290133000130009d2c6389c070dde430ffd510cad0c546fb9a73b9ee7a478fa804d2ab14c674487abdc7aa12d90215ced4f3678f2765fa2a0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002b0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002c0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003101330001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000330133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003401330001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000360133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003701330001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000038013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000390133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003a0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003d0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003e0133000130000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f01330001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040013300013000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b4b8a06aaaa35542839388e159d447a5d6f6194998fd86513e2d591ccf640985a60106000800009f0096010000000e000400b10300000f00090038383200000000000010000500300000000011000500313031300012000500303230300013000200000003000a003535302e39302e3037000400080080010000000000000c000001000000000100000004000000010000000100000001000000010000000100000000000000010000000000000082000000000000000000000000000000000000000000000000000000000000000000000000000000020000000200000000000000000000000100000001000000010000000000000001000000010000000100000001000000010000000200000001000000010000000100000001000000010000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00040000c001000b0001005514003000f5c384aebb579217a2c66b17ed0f28e6a9b8d639041acd7b4721cec004f7275494ba94bb5cdfdb3055ee051762b1f75d150001005590d679ad2c04147eb31f4a99ff8f4f8ad1bce8f750e1bb75f266506c88a84150e8671ed5513b7718f5808e5b222661b21aa90dae6c655e652959c8046b5f81feb7b00db3fe1ae97e81d50b02ec9cc64c96f8d0dd5f3be286f82eb98fe07e67d0 -------------------------------------------------------------------------------- /guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/samples/hopperCertChain.txt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDfTCCAwKgAwIBAgIUU8IroV5daAiCgtoHTtn7N6pYV3EwCgYIKoZIzj0EAwMw 3 | ZDEbMBkGA1UEBRMSNDE0MzFENDgwRkU1RTg3Mjc0MQswCQYDVQQGEwJVUzEbMBkG 4 | A1UECgwSTlZJRElBIENvcnBvcmF0aW9uMRswGQYDVQQDDBJHSDEwMCBBMDEgR1NQ 5 | IEJST00wIBcNMjAxMDE3MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMHwxMTAvBgNV 6 | BAUTKDUzQzIyQkExNUU1RDY4MDg4MjgyREEwNzRFRDlGQjM3QUE1ODU3NzExCzAJ 7 | BgNVBAYTAlVTMRswGQYDVQQKDBJOVklESUEgQ29ycG9yYXRpb24xHTAbBgNVBAMM 8 | FEdIMTAwIEEwMSBHU1AgRk1DIExGMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEgDPx 9 | q23XZIuWevUXqLFHMD7bTiPOocq/1+RPjdVkBDxIlQpP2AjxfBSIYYcCN55G0vjO 10 | UFeFv8cx4NJSoCYyPWK/EvFNdyy3RNv00pdWU3ZAQmGOcorOJ+eUnWR/6Wjto4IB 11 | WTCCAVUwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTTwiuhXl1oCIKC2gdO2fs3 12 | qlhXcTAfBgNVHSMEGDAWgBTPzHFrUzj0etDtUvSant7I+soqTzA4BgNVHREEMTAv 13 | oC0GCisGAQQBgxyCEgGgHwwdTlZJRElBOkdIMTAwOjQ4QjAyRDkyNDk0QkFERjQw 14 | gcgGBmeBBQUEAQSBvTCBugIBATB2MBAGByqGSM49AgEGBSuBBAAiA2IABE9Q2m4E 15 | enmB6sPZ4qh+gs85UTtdyS+/GuP5v+8IW5KaDhKJSMFQAumGGCpY1gS16l5C/p5H 16 | 7i21IYxsxrUedEtgfcdse7hYDNoE2yexPpSbzTB6WSeKiTjnrbexkGdvlzA9Bglg 17 | hkgBZQMEAgIEMPXDhK67V5IXosZrF+0PKOapuNY5BBrNe0chzsAE9ydUlLqUu1zf 18 | 2zBV7gUXYrH3XTAKBggqhkjOPQQDAwNpADBmAjEA7ooRPcqt9nC1Yo+zRV2NG2cP 19 | kG2mt2xVrp7KvoF7xs1mpXbGSo4Ye4bgcYOWJ/CEAjEArMWN40TlJ1DuDKV1jw10 20 | xoRzSZuvnn41eav2pKu0Pkoa2Cdy5Sk9lv0fIB1vsKAf 21 | -----END CERTIFICATE----- 22 | -----BEGIN CERTIFICATE----- 23 | MIICUDCCAdagAwIBAgIJQUMdSA/l6HJ0MAoGCCqGSM49BAMDMFMxJzAlBgNVBAMM 24 | Hk5WSURJQSBHSDEwMCBQcm92aXNpb25lciBJQ0EgMTEbMBkGA1UECgwSTlZJRElB 25 | IENvcnBvcmF0aW9uMQswCQYDVQQGEwJVUzAgFw0yMDEwMTcwMDAwMDBaGA85OTk5 26 | MTIzMTIzNTk1OVowZDEbMBkGA1UEBRMSNDE0MzFENDgwRkU1RTg3Mjc0MQswCQYD 27 | VQQGEwJVUzEbMBkGA1UECgwSTlZJRElBIENvcnBvcmF0aW9uMRswGQYDVQQDDBJH 28 | SDEwMCBBMDEgR1NQIEJST00wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARPUNpuBHp5 29 | gerD2eKofoLPOVE7Xckvvxrj+b/vCFuSmg4SiUjBUALphhgqWNYEtepeQv6eR+4t 30 | tSGMbMa1HnRLYH3HbHu4WAzaBNsnsT6Um80welkniok45623sZBnb5ejYzBhMA8G 31 | A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTPzHFrUzj0 32 | etDtUvSant7I+soqTzAfBgNVHSMEGDAWgBQpaMsWLNB3lXKieRAD5p66DMwKlDAK 33 | BggqhkjOPQQDAwNoADBlAjEArfqR6WTTScWTej2Ib/Ow0WZDty+pLP8kYmmf8H7a 34 | txQabkBkYrd6sqJfw+YSM9RKAjAbl2SG6I0fQ+mbpFMX4bFf7JF0V2ln5phOBGLi 35 | 0qmpbZ5H3cZkuK1g3xxda6ru4PE= 36 | -----END CERTIFICATE----- 37 | -----BEGIN CERTIFICATE----- 38 | MIICqjCCAi+gAwIBAgIQav5xhPkiMsjfeyQiYXduVjAKBggqhkjOPQQDAzA9MR4w 39 | HAYDVQQDDBVOVklESUEgR0gxMDAgSWRlbnRpdHkxGzAZBgNVBAoMEk5WSURJQSBD 40 | b3Jwb3JhdGlvbjAgFw0yMjAzMDEwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowUzEn 41 | MCUGA1UEAwweTlZJRElBIEdIMTAwIFByb3Zpc2lvbmVyIElDQSAxMRswGQYDVQQK 42 | DBJOVklESUEgQ29ycG9yYXRpb24xCzAJBgNVBAYTAlVTMHYwEAYHKoZIzj0CAQYF 43 | K4EEACIDYgAEzUdWqjn1OlXhLfFOKAFTghqG+Q3zF4xgSBbZsUEyWYCC3rKjE9Nn 44 | o88ZpBQx85Oo0PkqP2dwoMVNTQMv5cvy9jLaTvSTXZwN2HQHE9u7x7BIYrWi0sG3 45 | 5q1IJNSOGO5Lo4HbMIHYMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG 46 | MDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwubmRpcy5udmlkaWEuY29tL2Ny 47 | bC9sMi1naDEwMC5jcmwwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRw 48 | Oi8vb2NzcC5uZGlzLm52aWRpYS5jb20wHQYDVR0OBBYEFCloyxYs0HeVcqJ5EAPm 49 | nroMzAqUMB8GA1UdIwQYMBaAFAdCoOsDnIBge6FBYZlNriX3wpseMAoGCCqGSM49 50 | BAMDA2kAMGYCMQDK0BCr49DNJ48Yh5wu388bZifDFxAsiUS4U1fGmpJZFhCbODH6 51 | mRwcMxp6EOayZuYCMQDYKTyNc2FxWFuhHtdCE3ls4S7SInehdErTZNuhFymc4YOM 52 | 6VlLWTY/CM+resjjqxQ= 53 | -----END CERTIFICATE----- 54 | -----BEGIN CERTIFICATE----- 55 | MIICijCCAhCgAwIBAgIQTCVe3jvQAb8/SjtgX8qJijAKBggqhkjOPQQDAzA1MSIw 56 | IAYDVQQDDBlOVklESUEgRGV2aWNlIElkZW50aXR5IENBMQ8wDQYDVQQKDAZOVklE 57 | SUEwIBcNMjIwMTEyMDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMD0xHjAcBgNVBAMM 58 | FU5WSURJQSBHSDEwMCBJZGVudGl0eTEbMBkGA1UECgwSTlZJRElBIENvcnBvcmF0 59 | aW9uMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+pg+tDUuILlZILk5wg22YEJ9Oh6c 60 | yPcsv3IvgRWcV4LeZK1pTCoQDIplZ0E4qsLG3G04pxsbMhxbqkiz9pqlTV2rtuVg 61 | SmIqnSYkU1jWXsPS9oVLCGE8VRLl1JvqyOxUo4HaMIHXMA8GA1UdEwEB/wQFMAMB 62 | Af8wDgYDVR0PAQH/BAQDAgEGMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwu 63 | bmRpcy5udmlkaWEuY29tL2NybC9sMS1yb290LmNybDA3BggrBgEFBQcBAQQrMCkw 64 | JwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLm5kaXMubnZpZGlhLmNvbTAdBgNVHQ4E 65 | FgQUB0Kg6wOcgGB7oUFhmU2uJffCmx4wHwYDVR0jBBgwFoAUV4X/g/JjzGV9aLc6 66 | W/SNSsv7SV8wCgYIKoZIzj0EAwMDaAAwZQIxAPIQhnveFxYIrPzBqViT2I34SfS4 67 | JGWFnk/1UcdmgJmp+7l6rH/C4qxwntYSgeYrlQIwdjQuofHnhd1RL09OBO34566J 68 | C9bYAosT/86cCojiGjhLnal9hJOH0nS/lrbaoc5a 69 | -----END CERTIFICATE----- 70 | -----BEGIN CERTIFICATE----- 71 | MIICCzCCAZCgAwIBAgIQLTZwscoQBBHB/sDoKgZbVDAKBggqhkjOPQQDAzA1MSIw 72 | IAYDVQQDDBlOVklESUEgRGV2aWNlIElkZW50aXR5IENBMQ8wDQYDVQQKDAZOVklE 73 | SUEwIBcNMjExMTA1MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMDUxIjAgBgNVBAMM 74 | GU5WSURJQSBEZXZpY2UgSWRlbnRpdHkgQ0ExDzANBgNVBAoMBk5WSURJQTB2MBAG 75 | ByqGSM49AgEGBSuBBAAiA2IABA5MFKM7+KViZljbQSlgfky/RRnEQScW9NDZF8SX 76 | gAW96r6u/Ve8ZggtcYpPi2BS4VFu6KfEIrhN6FcHG7WP05W+oM+hxj7nyA1r1jkB 77 | 2Ry70YfThX3Ba1zOryOP+MJ9vaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B 78 | Af8EBAMCAQYwHQYDVR0OBBYEFFeF/4PyY8xlfWi3Olv0jUrL+0lfMB8GA1UdIwQY 79 | MBaAFFeF/4PyY8xlfWi3Olv0jUrL+0lfMAoGCCqGSM49BAMDA2kAMGYCMQCPeFM3 80 | TASsKQVaT+8S0sO9u97PVGCpE9d/I42IT7k3UUOLSR/qvJynVOD1vQKVXf0CMQC+ 81 | EY55WYoDBvs2wPAH1Gw4LbcwUN8QCff8bFmV4ZxjCRr4WXTLFHBKjbfneGSBWwA= 82 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/.coveragerc: -------------------------------------------------------------------------------- 1 | [run] 2 | omit = tests/* 3 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/.gitignore: -------------------------------------------------------------------------------- 1 | dist -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/install/ppcie-installer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Check if Python is installed 4 | if not type -P python3 >/dev/null 2>&1 && echo Python 3 is installed; then 5 | echo "Python 3 is not installed. Please install Python 3 and try again." 6 | exit 1 7 | fi 8 | 9 | # Function to remove existing virtual environment 10 | if [ -d venv ]; then 11 | rm -r venv 12 | fi 13 | 14 | # Cd into the root of repository 15 | cd ../../ppcie-verifier || exit 16 | 17 | # Creating a virtual enviornment 18 | python3 -m venv venv 19 | source venv/bin/activate 20 | 21 | # Install dependencies 22 | echo "Installing dependencies..." 23 | cd ../gpu_verifiers/local_gpu_verifier 24 | pip3 install . 25 | cd ../../attestation_sdk 26 | pip3 install . 27 | cd ../ppcie-verifier 28 | pip3 install . -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/data/NVGPULocalPolicy_claims_2.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"3.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "LOCAL_GPU_VERIFIER", 7 | "x-nvidia-overall-att-result": true, 8 | "x-nvidia-ver": "2.0" 9 | }, 10 | "detached-claims":{ 11 | "measres": "success", 12 | "x-nvidia-gpu-arch-check": true, 13 | "x-nvidia-gpu-attestation-report-cert-chain-validated": true, 14 | "x-nvidia-gpu-attestation-report-parsed": true, 15 | "x-nvidia-gpu-attestation-report-nonce-match": true, 16 | "x-nvidia-gpu-attestation-report-signature-verified": true, 17 | "x-nvidia-gpu-driver-rim-fetched": true, 18 | "x-nvidia-gpu-driver-rim-schema-validated": true, 19 | "x-nvidia-gpu-driver-rim-cert-validated": true, 20 | "x-nvidia-gpu-driver-rim-signature-verified": true, 21 | "x-nvidia-gpu-driver-rim-measurements-available": true, 22 | "x-nvidia-gpu-vbios-rim-fetched": true, 23 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 24 | "x-nvidia-gpu-vbios-rim-cert-validated": true, 25 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 26 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 27 | "x-nvidia-gpu-vbios-index-no-conflict": true 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/data/NVGPULocalPolicy_claims_3.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"4.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "LOCAL_GPU_VERIFIER", 7 | "x-nvidia-overall-att-result": true, 8 | "x-nvidia-ver": "3.0" 9 | }, 10 | "detached-claims":{ 11 | "measres": "success", 12 | "x-nvidia-gpu-arch-check": true, 13 | "x-nvidia-gpu-attestation-report-parsed": true, 14 | "x-nvidia-gpu-attestation-report-nonce-match": true, 15 | "x-nvidia-gpu-attestation-report-signature-verified": true, 16 | "x-nvidia-gpu-attestation-report-cert-chain": 17 | { 18 | "x-nvidia-cert-status": "valid", 19 | "x-nvidia-cert-ocsp-status": "good" 20 | }, 21 | "x-nvidia-gpu-attestation-report-cert-chain-fwid-match": true, 22 | "x-nvidia-gpu-driver-rim-fetched": true, 23 | "x-nvidia-gpu-driver-rim-schema-validated": true, 24 | "x-nvidia-gpu-driver-rim-signature-verified": true, 25 | "x-nvidia-gpu-driver-rim-measurements-available": true, 26 | "x-nvidia-gpu-driver-rim-version-match": true, 27 | "x-nvidia-gpu-driver-rim-cert-chain": 28 | { 29 | "x-nvidia-cert-status": "valid", 30 | "x-nvidia-cert-ocsp-status": "good" 31 | }, 32 | "x-nvidia-gpu-vbios-rim-fetched": true, 33 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 34 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 35 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 36 | "x-nvidia-gpu-vbios-rim-version-match": true, 37 | "x-nvidia-gpu-vbios-index-no-conflict": true, 38 | "x-nvidia-gpu-vbios-rim-cert-chain": 39 | { 40 | "x-nvidia-cert-status": "valid", 41 | "x-nvidia-cert-ocsp-status": "good" 42 | } 43 | } 44 | } 45 | } -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/data/NVGPURemotePolicy_claims_2.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"3.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "x-nvidia-overall-att-result": true, 7 | "x-nvidia-ver": "2.0" 8 | }, 9 | "detached-claims":{ 10 | "measres": "success", 11 | "x-nvidia-gpu-arch-check": true, 12 | "x-nvidia-gpu-attestation-report-cert-chain-validated": true, 13 | "x-nvidia-gpu-attestation-report-parsed": true, 14 | "x-nvidia-gpu-attestation-report-nonce-match": true, 15 | "x-nvidia-gpu-attestation-report-signature-verified": true, 16 | "x-nvidia-gpu-driver-rim-fetched": true, 17 | "x-nvidia-gpu-driver-rim-schema-validated": true, 18 | "x-nvidia-gpu-driver-rim-cert-validated": true, 19 | "x-nvidia-gpu-driver-rim-signature-verified": true, 20 | "x-nvidia-gpu-driver-rim-measurements-available": true, 21 | "x-nvidia-gpu-vbios-rim-fetched": true, 22 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 23 | "x-nvidia-gpu-vbios-rim-cert-validated": true, 24 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 25 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 26 | "x-nvidia-gpu-vbios-index-no-conflict": true 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/data/NVGPURemotePolicy_claims_3.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"4.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "x-nvidia-overall-att-result": true, 7 | "x-nvidia-ver": "3.0" 8 | }, 9 | "detached-claims":{ 10 | "measres": "success", 11 | "x-nvidia-gpu-arch-check": true, 12 | "x-nvidia-gpu-attestation-report-parsed": true, 13 | "x-nvidia-gpu-attestation-report-nonce-match": true, 14 | "x-nvidia-gpu-attestation-report-signature-verified": true, 15 | "x-nvidia-gpu-attestation-report-cert-chain": 16 | { 17 | "x-nvidia-cert-status": "valid", 18 | "x-nvidia-cert-ocsp-status": "good" 19 | }, 20 | "x-nvidia-gpu-attestation-report-cert-chain-fwid-match": true, 21 | "x-nvidia-gpu-driver-rim-fetched": true, 22 | "x-nvidia-gpu-driver-rim-schema-validated": true, 23 | "x-nvidia-gpu-driver-rim-signature-verified": true, 24 | "x-nvidia-gpu-driver-rim-version-match": true, 25 | "x-nvidia-gpu-driver-rim-cert-chain": 26 | { 27 | "x-nvidia-cert-status": "valid", 28 | "x-nvidia-cert-ocsp-status": "good" 29 | }, 30 | "x-nvidia-gpu-driver-rim-measurements-available": true, 31 | "x-nvidia-gpu-vbios-rim-fetched": true, 32 | "x-nvidia-gpu-vbios-rim-schema-validated": true, 33 | "x-nvidia-gpu-vbios-rim-signature-verified": true, 34 | "x-nvidia-gpu-vbios-rim-version-match": true, 35 | "x-nvidia-gpu-vbios-rim-cert-chain": 36 | { 37 | "x-nvidia-cert-status": "valid", 38 | "x-nvidia-cert-ocsp-status": "good" 39 | }, 40 | "x-nvidia-gpu-vbios-rim-measurements-available": true, 41 | "x-nvidia-gpu-vbios-index-no-conflict": true 42 | } 43 | } 44 | } -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/data/NVSwitchLocalPolicy_claims_2.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"3.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "LOCAL_SWITCH_VERIFIER", 7 | "x-nvidia-overall-att-result": true, 8 | "x-nvidia-ver": "2.0" 9 | }, 10 | "detached-claims":{ 11 | "measres": "success", 12 | "x-nvidia-switch-arch-check": true, 13 | "x-nvidia-switch-bios-rim-measurements-available": true, 14 | "x-nvidia-switch-attestation-report-signature-verified": true, 15 | "x-nvidia-switch-attestation-report-parsed": true, 16 | "x-nvidia-switch-attestation-report-nonce-match": true, 17 | "x-nvidia-switch-attestation-report-cert-chain-validated": true, 18 | "x-nvidia-switch-bios-rim-schema-validated": true, 19 | "x-nvidia-switch-bios-rim-signature-verified": true, 20 | "x-nvidia-switch-bios-rim-cert-validated": true, 21 | "x-nvidia-switch-bios-rim-fetched": true 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/data/NVSwitchLocalPolicy_claims_3.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"4.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "iss": "LOCAL_SWITCH_VERIFIER", 7 | "x-nvidia-overall-att-result": true, 8 | "x-nvidia-ver": "3.0" 9 | }, 10 | "detached-claims":{ 11 | "measres": "success", 12 | "x-nvidia-switch-arch-check": true, 13 | "x-nvidia-switch-attestation-report-parsed": true, 14 | "x-nvidia-switch-attestation-report-nonce-match": true, 15 | "x-nvidia-switch-attestation-report-signature-verified": true, 16 | "x-nvidia-switch-attestation-report-cert-chain": 17 | { 18 | "x-nvidia-cert-status": "valid", 19 | "x-nvidia-cert-ocsp-status": "good" 20 | }, 21 | "x-nvidia-switch-attestation-report-cert-chain-fwid-match": true, 22 | "x-nvidia-switch-bios-rim-fetched": true, 23 | "x-nvidia-switch-bios-rim-schema-validated": true, 24 | "x-nvidia-switch-bios-rim-signature-verified": true, 25 | "x-nvidia-switch-bios-rim-cert-chain": 26 | { 27 | "x-nvidia-cert-status": "valid", 28 | "x-nvidia-cert-ocsp-status": "good" 29 | }, 30 | "x-nvidia-switch-bios-rim-version-match": true, 31 | "x-nvidia-switch-bios-rim-measurements-available": true 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/data/NVSwitchRemotePolicy_claims_2.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"3.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "x-nvidia-overall-att-result": true, 7 | "x-nvidia-ver": "2.0" 8 | }, 9 | "detached-claims":{ 10 | "measres": "success", 11 | "x-nvidia-switch-arch-check": true, 12 | "x-nvidia-switch-bios-rim-measurements-available": true, 13 | "x-nvidia-switch-attestation-report-signature-verified": true, 14 | "x-nvidia-switch-attestation-report-parsed": true, 15 | "x-nvidia-switch-attestation-report-nonce-match": true, 16 | "x-nvidia-switch-attestation-report-cert-chain-validated": true, 17 | "x-nvidia-switch-bios-rim-schema-validated": true, 18 | "x-nvidia-switch-bios-rim-signature-verified": true, 19 | "x-nvidia-switch-bios-rim-cert-validated": true, 20 | "x-nvidia-switch-bios-rim-fetched": true 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/data/NVSwitchRemotePolicy_claims_3.0.json: -------------------------------------------------------------------------------- 1 | { 2 | "version":"4.0", 3 | "authorization-rules":{ 4 | "type": "JWT", 5 | "overall-claims": { 6 | "x-nvidia-overall-att-result": true, 7 | "x-nvidia-ver": "3.0" 8 | }, 9 | "detached-claims":{ 10 | "measres": "success", 11 | "x-nvidia-switch-arch-check": true, 12 | "x-nvidia-switch-bios-rim-measurements-available": true, 13 | "x-nvidia-switch-attestation-report-signature-verified": true, 14 | "x-nvidia-switch-attestation-report-parsed": true, 15 | "x-nvidia-switch-attestation-report-nonce-match": true, 16 | "x-nvidia-switch-attestation-report-cert-chain": 17 | { 18 | "x-nvidia-cert-status": "valid", 19 | "x-nvidia-cert-ocsp-status": "good" 20 | }, 21 | "x-nvidia-switch-attestation-report-cert-chain-fwid-match": true, 22 | "x-nvidia-switch-bios-rim-schema-validated": true, 23 | "x-nvidia-switch-bios-rim-signature-verified": true, 24 | "x-nvidia-switch-bios-rim-cert-chain": 25 | { 26 | "x-nvidia-cert-status": "valid", 27 | "x-nvidia-cert-ocsp-status": "good" 28 | }, 29 | "x-nvidia-switch-bios-rim-version-match": true, 30 | "x-nvidia-switch-bios-rim-fetched": true 31 | } 32 | } 33 | } -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/exceptions/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/exceptions/exception.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | 3 | 4 | """This module declares the generic base exceptions and inherited 5 | exceptions for PPCIE interactions""" 6 | 7 | from ..utils.logging import get_logger 8 | 9 | logger = get_logger() 10 | 11 | 12 | class PpcieVerifierException(Exception): 13 | """PpcieVerifierException is thrown when the user faces issues 14 | while using the ppcie-verifier to verify the GPUs/Nvswitches""" 15 | 16 | 17 | class GpuPreChecksException(PpcieVerifierException): 18 | """GpuPreChecksException is thrown when the user faces issues 19 | while using the ppcie-verifier to verify the TNVL mode of the GPUs""" 20 | 21 | 22 | class SwitchPreChecksException(PpcieVerifierException): 23 | """SwitchPreChecksException is thrown when the user faces issues 24 | while using the ppcie-verifier to verify the TNVL/LOCK mode of the Switches""" 25 | 26 | 27 | class GpuAttestationException(PpcieVerifierException): 28 | """GpuAttestationException is thrown when the user faces issues 29 | while using the ppcie-verifier to attest the GPUs""" 30 | 31 | 32 | class SwitchAttestationException(PpcieVerifierException): 33 | """SwitchAttestationException is thrown when the user faces issues 34 | while using the ppcie-verifier to attest the Switches""" 35 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/nvml/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/nvml/exceptions.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | 3 | 4 | """This module declares the base exceptions and inherited 5 | exceptions for NVML client interactions""" 6 | 7 | import pynvml 8 | 9 | from ..utils.logging import get_logger 10 | 11 | logger = get_logger() 12 | 13 | 14 | class NvmlException(Exception): 15 | """Base exceptions.""" 16 | 17 | 18 | class NvmlInitializationError(NvmlException): 19 | """NvmlInitializationError is thrown when the user faces issues 20 | while using the nvml client for initialization""" 21 | 22 | 23 | class NvmlGetGpuCountException(NvmlException): 24 | """NvmlGetGpuCountException is thrown when the user faces issues 25 | while using the nvml client for getting number of GPUs""" 26 | 27 | 28 | class GpuReadyStateSetterException(NvmlException): 29 | """GpuReadyStateSetterExcpetion is thrown when the user faces issues 30 | while using the nvml client for setting the ready state of the GPU""" 31 | 32 | 33 | class GpuReadyStateGetterException(NvmlException): 34 | """GpuReadyStateGetterExcpetion is thrown when the user faces issues 35 | while using the nvml client for getting the ready state of the GPU""" 36 | 37 | 38 | class NvmlGetSystemConfComputeSettingsException(NvmlException): 39 | """NvmlGetSystemConfComputeSettingsException is thrown when the user faces issues 40 | while using the nvml client for getting the confidential compute system settings info 41 | """ 42 | 43 | def __init__(self, message, result): 44 | if result == pynvml.NVML_ERROR_UNINITIALIZED: 45 | logger.error( 46 | "%s as the library is not initialized correctly: %s", message, result 47 | ) 48 | elif result == pynvml.NVML_ERROR_INVALID_ARGUMENT: 49 | logger.error( 50 | "%s as device is invalid or counter is null %s", 51 | message, 52 | result, 53 | ) 54 | elif result == pynvml.NVML_ERROR_NOT_SUPPORTED: 55 | logger.error( 56 | "%s as the device does not support this feature: %s", 57 | message, 58 | result, 59 | ) 60 | elif result == pynvml.NVML_ERROR_GPU_IS_LOST: 61 | logger.error( 62 | "%s the target GPU has fallen off the bus or is otherwise inaccessible: %s", 63 | message, 64 | result, 65 | ) 66 | elif result == pynvml.NVML_ERROR_ARGUMENT_VERSION_MISMATCH: 67 | logger.error( 68 | "%s if the provided version is invalid/unsupported: %s", 69 | message, 70 | result, 71 | ) 72 | elif result == pynvml.NVML_ERROR_UNKNOWN: 73 | logger.error( 74 | "%s as there is an unknown/unexpected error: %s", 75 | message, 76 | result, 77 | ) 78 | else: 79 | logger.error( 80 | "This is an unknown error occured while getting confidential " 81 | "compute settings information from NVML library" 82 | ) 83 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/topology/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/topology/exceptions.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | 3 | """ Exceptions for Topology module """ 4 | 5 | from ..utils.logging import get_logger 6 | 7 | logger = get_logger() 8 | 9 | 10 | class TopologyValidationError(Exception): 11 | """Base exceptions.""" 12 | 13 | 14 | class ParsingError(TopologyValidationError): 15 | """ParsingError is thrown when invalid arguments are provided in the attestation report constructor""" 16 | 17 | 18 | class MeasurementSpecificationError(TopologyValidationError): 19 | """ParsingError is thrown when invalid arguments are provided in the attestation report constructor""" 20 | 21 | 22 | class GpuTopologyValidationError(TopologyValidationError): 23 | """GpuTopologyValidationError is thrown when invalid arguments are provided in the attestation report constructor 24 | to get switches connected to each GPU""" 25 | 26 | 27 | class SwitchTopologyValidationError(TopologyValidationError): 28 | """SwitchTopologyValidationError is thrown when invalid arguments are provided in the attestation report constructor 29 | to get GPU connected to each Switch""" 30 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/utils/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | import logging 3 | 4 | 5 | class SimpleMessageHandler(logging.StreamHandler): 6 | def emit(self, record): 7 | try: 8 | msg = self.format(record) 9 | stream = self.stream 10 | formatted_msg = self.center_message(msg, width=50) # Adjust width as needed 11 | stream.write(f"{formatted_msg}\n") 12 | self.flush() 13 | except Exception: 14 | self.handleError(record) 15 | 16 | def center_message(self, msg, width): 17 | """ 18 | This method constructs a box around a centered message. 19 | 20 | Parameters: 21 | msg (str): The message to be centered. 22 | width (int): The total width of the box. 23 | 24 | Returns: 25 | str: The box with the centered message. 26 | 27 | The box is constructed using asterisks (*) and has a width equal to the input width. 28 | The message is centered within the box, and the box is padded with spaces around the message. 29 | If the message is longer than the specified width, it is truncated to fit within the box. 30 | """ 31 | # Define the total width of the box 32 | total_width = width 33 | # Calculate padding 34 | padding = ( 35 | total_width - len(msg) - 2 36 | ) // 2 # Subtract 2 for the spaces around the message 37 | if padding < 0: 38 | padding = 0 39 | # Construct the centered message 40 | centered_msg = f"*{' ' * padding}{msg}{' ' * padding}*" 41 | if len(centered_msg) < total_width: 42 | centered_msg = centered_msg[:-1] + "*" 43 | # Construct the full box with @ symbols 44 | box_top_bottom = "*" * total_width 45 | return f"{box_top_bottom}\n{centered_msg}\n{box_top_bottom}" 46 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/utils/config.py: -------------------------------------------------------------------------------- 1 | import os 2 | REMOTE_GPU_VERIFIER_SERVICE_URL = os.getenv("NV_NRAS_GPU_URL", "https://nras.attestation.nvidia.com/v3/attest/gpu") 3 | REMOTE_NVSWITCH_VERIFIER_SERVICE_URL = os.getenv("NV_NRAS_NVSWITCH_URL", "https://nras.attestation.nvidia.com/v3/attest/switch") 4 | RIM_SERVICE_URL = os.getenv("NV_RIM_URL", "https://rim.attestation.nvidia.com/v1/rim/") 5 | OCSP_SERVICE_URL = os.getenv("NV_OCSP_URL", "https://ocsp.ndis.nvidia.com/") 6 | ATTESTATION_SERVICE_KEY = os.getenv("NVIDIA_ATTESTATION_SERVICE_KEY") -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/utils/logging.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | 3 | """Configurable logging per module to ensure granular level control of displaying information""" 4 | 5 | import logging 6 | import sys 7 | 8 | from ppcie.verifier.src.utils import SimpleMessageHandler 9 | 10 | 11 | def get_logger(level=None): 12 | """Configure logging for root project""" 13 | ppcie_logger = logging.getLogger("ppcie-console") 14 | if level is not None: 15 | ppcie_logger.setLevel(level) 16 | return ppcie_logger 17 | 18 | 19 | def setup_logging(): 20 | logger = logging.getLogger("ppcie-console") 21 | logger.setLevel(logging.INFO) 22 | 23 | handler = SimpleMessageHandler(sys.stdout) 24 | formatter = logging.Formatter("%(message)s") 25 | handler.setFormatter(formatter) 26 | 27 | if not logger.handlers: 28 | logger.addHandler(handler) 29 | 30 | return logger 31 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/ppcie/verifier/src/utils/status.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 2 | 3 | """Status for each stage in PPCIE Verifier tool""" 4 | 5 | from prettytable import PrettyTable 6 | 7 | 8 | class Status: 9 | """ 10 | Status class tracks the completion/failure of each stage in PPCIE Verifier tool 11 | """ 12 | 13 | def __init__(self): 14 | """ 15 | Initializing all the stages to False initially 16 | """ 17 | self.table = PrettyTable() 18 | self.gpu_pre_checks = "Skipped" 19 | self.switch_pre_checks = "Skipped" 20 | self.gpu_attestation = "Skipped" 21 | self.switch_attestation = "Skipped" 22 | self.topology_checks = "Skipped" 23 | self.ppcie_successful = False 24 | 25 | def status(self, logger): 26 | """ 27 | Prints a detailed status for each stage in a tabular format 28 | """ 29 | self.table.field_names = ["STAGE", "STATUS"] 30 | self.table.add_row( 31 | ["GPU Pre-checks", str(self.convert_message(self.gpu_pre_checks)).upper()] 32 | ) 33 | self.table.add_row( 34 | [ 35 | "Switch Pre-checks", 36 | str(self.convert_message(self.switch_pre_checks)).upper(), 37 | ] 38 | ) 39 | self.table.add_row( 40 | ["GPU Attestation", str(self.convert_message(self.gpu_attestation)).upper()] 41 | ) 42 | self.table.add_row( 43 | [ 44 | "Switch Attestation", 45 | str(self.convert_message(self.switch_attestation)).upper(), 46 | ] 47 | ) 48 | self.table.add_row( 49 | ["Topology checks", str(self.convert_message(self.topology_checks)).upper()] 50 | ) 51 | print(self.table) 52 | 53 | def convert_message(self, stage): 54 | if stage is True: 55 | return "Success" 56 | elif not stage: 57 | return "Failed" 58 | return "Skipped" 59 | 60 | def update_stage_status(self, stage, status): 61 | """ 62 | Updates the status of a specific stage 63 | """ 64 | setattr(self, stage, status) 65 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/pyproject.toml: -------------------------------------------------------------------------------- 1 | [tool.poetry] 2 | name = "nv-ppcie-verifier" 3 | version = "1.5.0" 4 | description = "Protected PCIE Verifier" 5 | authors = ["Shwetha Kalyanaraman "] 6 | license = "OSI Approved :: Apache Software License" 7 | readme = "README.md" 8 | packages = [{include = "ppcie"}] 9 | 10 | [tool.poetry.dependencies] 11 | python = "^3.8" 12 | pylint = "3.1.0" 13 | black = "24.3.0" 14 | wheel = "0.43.0" 15 | cryptography = "43.0.1" 16 | dill = "0.3.8" 17 | typing_extensions = "4.10.0" 18 | pathspec = "0.12.1" 19 | click = "8.1.7" 20 | setuptools = "69.5.1" 21 | astroid = "3.1.0" 22 | tomlkit = "0.12.4" 23 | timeout-decorator = "0.5.0" 24 | pytest = "8.1.1" 25 | build = "1.2.1" 26 | nvidia-ml-py = "^12.550.52" 27 | prettytable = "^3.10.0" 28 | pytest-cov = "^5.0.0" 29 | nv-local-gpu-verifier = "2.5.0" 30 | nv-attestation-sdk = "2.5.0" 31 | 32 | [build-system] 33 | requires = ["poetry-core"] 34 | build-backend = "poetry.core.masonry.api" 35 | 36 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/static/dependencies.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/ppcie-verifier/static/dependencies.png -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/static/ppcie-verifier-detailed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/ppcie-verifier/static/ppcie-verifier-detailed.png -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/static/ppcie-verifier.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/ppcie-verifier/static/ppcie-verifier.png -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/static/python.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/ppcie-verifier/static/python.png -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/guest_tools/ppcie-verifier/tests/__init__.py -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/tests/test_nvml_client.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | from unittest import TestCase 3 | from unittest.mock import patch 4 | 5 | import pynvml 6 | 7 | from ppcie.verifier.src.nvml.nvml_client import NvmlClient, NvmlSystemConfComputeSettings, \ 8 | NVML_SYSTEM_CONF_COMPUTE_VERSION 9 | from ppcie.verifier.src.utils.status import Status 10 | 11 | 12 | class NvmlClientTest(TestCase): 13 | # 14 | @patch("ppcie.verifier.src.nvml.nvml_client.nvmlInit") 15 | def test_init(self, mock_nvmlInit): 16 | nvml_client = NvmlClient() 17 | # Assert that the nvmlInit method was called 18 | mock_nvmlInit.assert_called_once() 19 | 20 | @patch("ppcie.verifier.src.nvml.nvml_client.nvmlInit") 21 | @patch("ppcie.verifier.src.nvml.nvml_client.nvmlDeviceGetCount") 22 | def test_get_number_of_gpus(self, nvml_device_get_count, nvml_init): 23 | # Set the return value of the mock function 24 | nvml_init.return_value = None 25 | nvml_device_get_count.return_value = 8 26 | 27 | # Create an instance of NvmlClient 28 | nvml_client = NvmlClient() 29 | 30 | # Call the method to be tested 31 | number_of_gpus = nvml_client.get_number_of_gpus() 32 | 33 | # Assert that the method returns the expected value 34 | self.assertEqual(number_of_gpus, 8) 35 | 36 | @patch("ppcie.verifier.src.nvml.nvml_client.nvmlInit") 37 | @patch("pynvml.nvmlSystemGetConfComputeGpusReadyState") 38 | def test_gpu_get_ready_state(self, mock_nvmlSystemGetConfComputeGpusReadyState, mock_init): 39 | mock_nvmlSystemGetConfComputeGpusReadyState.return_value = 1 40 | mock_init.return_value = None 41 | nvml_client = NvmlClient() 42 | ready_state = nvml_client.get_gpu_ready_state() 43 | self.assertEqual(ready_state, 1) 44 | 45 | @patch("ppcie.verifier.src.nvml.nvml_client.nvmlInit") 46 | @patch("ppcie.verifier.src.nvml.nvml_client.NvmlSystemConfComputeSettings") 47 | @patch("ppcie.verifier.src.nvml.nvml_client.nvmlSystemGetConfComputeSettings") 48 | def test_system_configuration_compute_settings(self, mock_system_configuration_compute_settings, mock_settings, mock_init): 49 | mock_init.return_value = None 50 | status = Status() 51 | result = pynvml.NVML_SUCCESS 52 | settings = NvmlSystemConfComputeSettings() 53 | settings.version = NVML_SYSTEM_CONF_COMPUTE_VERSION 54 | settings.environment = 1 55 | settings.ccFeature = 2 56 | settings.devToolsMode = 3 57 | settings.multiGpuMode = 4 58 | mock_settings.return_value = settings 59 | mock_system_configuration_compute_settings.return_value = result 60 | nvml_client = NvmlClient() 61 | system_configuration_compute_settings, status = nvml_client.get_system_conf_compute_settings(status) 62 | self.assertEqual(system_configuration_compute_settings.version, NVML_SYSTEM_CONF_COMPUTE_VERSION) 63 | self.assertEqual(system_configuration_compute_settings.get_cc_feature, 2) 64 | self.assertEqual(system_configuration_compute_settings.get_multi_gpu_mode, 4) 65 | self.assertEqual(system_configuration_compute_settings.devToolsMode, 3) 66 | self.assertEqual(system_configuration_compute_settings.environment, 1) 67 | 68 | @patch("ppcie.verifier.src.nvml.nvml_client.nvmlSystemSetConfComputeGpusReadyState") 69 | @patch("ppcie.verifier.src.nvml.nvml_client.nvmlInit") 70 | def test_set_gpu_ready_state(self, mock_init, mock_set_gpu_ready_state): 71 | mock_init.return_value = None 72 | mock_set_gpu_ready_state.return_value = pynvml.NVML_SUCCESS 73 | nvml_client = NvmlClient() 74 | status = nvml_client.set_gpu_ready_state(True) 75 | self.assertEqual(status, pynvml.NVML_SUCCESS) 76 | -------------------------------------------------------------------------------- /guest_tools/ppcie-verifier/tests/test_validate_topology.py: -------------------------------------------------------------------------------- 1 | from unittest import TestCase 2 | from unittest.mock import Mock, patch 3 | 4 | from ppcie.verifier.src.topology.validate_topology import TopologyValidation, GpuAttestationReport 5 | from ppcie.verifier.src.utils.status import Status 6 | 7 | 8 | class TopologyValidationTest(TestCase): 9 | 10 | def test_topology_init(self): 11 | topology = TopologyValidation() 12 | self.assertEqual(topology.opaque_data_field, {}) 13 | self.assertEqual(topology.unique_switches, set()) 14 | self.assertEqual(topology.unique_gpus, set()) 15 | 16 | # @patch("ppcie.verifier.src.topology.validate_topology.read_field_as_little_endian") 17 | @patch("ppcie.verifier.src.topology.validate_topology.GpuAttestationReport") 18 | def test_gpu_topology_check(self, mock_gpu_attestation_report): 19 | topology = TopologyValidation() 20 | mock_gpu_attestation_report.return_value.get_response_message.return_value.get_opaque_data.return_value.get_data.return_value = [b'@\xb9\xc6\xb3\xd7H\xfd\x90', b'\xfd\xb5)\xf1G<\xb2%', b'\x10C\xc1N\x83Y\x96c', b'\xd0\xf6\x9d\x02\x8e\x15\n\xaa'] 21 | 22 | gpu_attestation_report_list = [mock_gpu_attestation_report] * 8 23 | status = Status() 24 | result_status = topology.gpu_topology_check( 25 | gpu_attestation_report_list, 4, status 26 | ) 27 | # Verify the result 28 | self.assertTrue(result_status.topology_checks) 29 | self.assertEqual(topology.unique_switches, {'639659834ec14310', '90fd48d7b3c6b940', 'aa0a158e029df6d0', '25b23c47f129b5fd'}) 30 | 31 | def get_data_side_effect(arg, twas): 32 | if twas == "OPAQUE_FIELD_ID_DEVICE_PDI": 33 | return b'\x90\xfdH\xd7\xb3\xc6\xb9@' 34 | elif twas == "OPAQUE_FIELD_ID_SWITCH_GPU_PDIS": 35 | return b'@\xb9\xc6\xb3\xd7H\xfd\x90', b'\xfd\xb5)\xf1G<\xb2%', b"\xbf\\\xc6'\xc8\x13\xae\xd8", b'\xe2\xd8[Y\x0eq2\x98', b'\x10C\xc1N\x83Y\x96c', b'1d\x9c\xf1\x1c\x82\x08X', b'\xd0\xf6\x9d\x02\x8e\x15\n\xaa', b'\xd0\xf6\x9d\x02\x8e\x15\n\xab' 36 | return None 37 | 38 | @patch("ppcie.verifier.src.topology.validate_topology.GpuAttestationReport") 39 | @patch("ppcie.verifier.src.topology.validate_topology.SwitchAttestationReport") 40 | def test_switch_topology_check(self, mock_switch_attestation_report, mock_gpu_attestation_report): 41 | topology = TopologyValidation() 42 | mock_gpu_attestation_report.return_value.get_response_message.return_value.get_opaque_data.return_value.get_data.return_value = [b'@\xb9\xc6\xb3\xd7H\xfd\x90', b'\xfd\xb5)\xf1G<\xb2%', b'\x10C\xc1N\x83Y\x96c', b'\xd0\xf6\x9d\x02\x8e\x15\n\xaa'] 43 | 44 | mock_switch_attestation_report.return_value.get_response_message.return_value.get_opaque_data.return_value.get_data.side_effect = self.get_data_side_effect 45 | mock_switch_attestation_report.return_value.get_response_message.return_value.get_opaque_data.return_value.get_data.side_effect = self.get_data_side_effect 46 | 47 | gpu_attestation_report_list = [mock_gpu_attestation_report] * 8 48 | switch_attestation_report_list = [mock_switch_attestation_report, mock_switch_attestation_report, 49 | mock_switch_attestation_report, mock_switch_attestation_report] 50 | status = Status() 51 | topology.gpu_topology_check(gpu_attestation_report_list, 4, status) 52 | result_status = topology.switch_topology_check(switch_attestation_report_list, 8, status) 53 | 54 | self.assertTrue(result_status.topology_checks) 55 | 56 | @patch("ppcie.verifier.src.topology.validate_topology.GpuAttestationReport") 57 | def test_gpu_topology_check_with_disabled_links(self, mock_gpu_attestation_report): 58 | topology = TopologyValidation() 59 | mock_gpu_attestation_report.return_value.get_response_message.return_value.get_opaque_data.return_value.get_data.return_value = [ 60 | b'@\xb9\xc6\xb3\xd7H\xfd\x90', b'\xfd\xb5)\xf1G<\xb2%', b'\x10C\xc1N\x83Y\x96c', 61 | b'\xd0\xf6\x9d\x02\x8e\x15\n\xaa', b'\x00\x00\x00\x00\x00\x00\x00\x00'] 62 | 63 | gpu_attestation_report_list = [mock_gpu_attestation_report] * 8 64 | status = Status() 65 | result_status = topology.gpu_topology_check( 66 | gpu_attestation_report_list, 4, status 67 | ) 68 | # Verify the result 69 | self.assertTrue(result_status.topology_checks) 70 | self.assertEqual(topology.unique_switches, 71 | {'639659834ec14310', '90fd48d7b3c6b940', 'aa0a158e029df6d0', '25b23c47f129b5fd'}) 72 | 73 | 74 | -------------------------------------------------------------------------------- /guest_tools/rims/rim_service/README.md: -------------------------------------------------------------------------------- 1 | # NVIDIA RIM (Reference Integrity Measurements) Service 2 | 3 | ## Introduction 4 | 5 | The NVIDIA Reference Integrity Manifest (RIM) Service is a file-hosting service that provides a mechanism for secure transfers of requested RIM bundles by Attestation platforms for GPU Attestation. 6 | 7 | Please visit for full documentation: [NVIDIA RIM Service Documentation](https://docs.attestation.nvidia.com/RIM/rim_introduction.html) 8 | 9 | 10 | ## API Documentation 11 | 12 | Please see for API details: [NVIDIA RIM Service API Documentation](https://docs.attestation.nvidia.com/api-docs/rim.html#get-/v1/rim/-id-) -------------------------------------------------------------------------------- /host_tools/README.md: -------------------------------------------------------------------------------- 1 | # Host Tools Directory 2 | Contains utilities specific to configuring the GPU's Confidential Computing Modes, as well as sample scripts to create and run a Confidential VM from within the _host_ 3 | - GPU CC Mode Setting scripts 4 | - KVM Sample Scripts for launching a CVM 5 | - Staging folders for Deployment Guide found under docs/ -------------------------------------------------------------------------------- /host_tools/sample_kvm_scripts/images/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/host_tools/sample_kvm_scripts/images/.gitkeep -------------------------------------------------------------------------------- /host_tools/sample_kvm_scripts/isos/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NVIDIA/nvtrust/dee1afee782c6cf7fd437fcd475fadc3bf52a170/host_tools/sample_kvm_scripts/isos/.gitkeep -------------------------------------------------------------------------------- /host_tools/sample_kvm_scripts/launch_vm.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | AMD_SEV_DIR=/shared/AMDSEV/snp-release-2023-07-18 5 | VDD_IMAGE=/shared/nvtrust/host_tools/sample_kvm_scripts/images/ubuntu22.04.qcow2 6 | 7 | #Hardware Settings 8 | NVIDIA_GPU=45:00.0 9 | MEM=64 #in GBs 10 | FWDPORT=9899 11 | 12 | doecho=false 13 | docc=true 14 | 15 | while getopts "exp:" flag 16 | do 17 | case ${flag} in 18 | e) doecho=true;; 19 | x) docc=false;; 20 | p) FWDPORT=${OPTARG};; 21 | esac 22 | done 23 | 24 | NVIDIA_GPU=$(lspci -d 10de: | awk '/NVIDIA/{print $1}') 25 | NVIDIA_PASSTHROUGH=$(lspci -n -s $NVIDIA_GPU | awk -F: '{print $4}' | awk '{print $1}') 26 | 27 | if [ "$doecho" = true ]; then 28 | echo 10de $NVIDIA_PASSTHROUGH > /sys/bus/pci/drivers/vfio-pci/new_id 29 | fi 30 | 31 | if [ "$docc" = true ]; then 32 | USE_HCC=true 33 | fi 34 | 35 | $AMD_SEV_DIR/usr/local/bin/qemu-system-x86_64 \ 36 | ${USE_HCC:+ -machine confidential-guest-support=sev0,vmport=off} \ 37 | ${USE_HCC:+ -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1} \ 38 | -enable-kvm -nographic -no-reboot \ 39 | -cpu EPYC-v4 -machine q35 -smp 12,maxcpus=31 -m ${MEM}G,slots=2,maxmem=512G \ 40 | -drive if=pflash,format=raw,unit=0,file=$AMD_SEV_DIR/usr/local/share/qemu/OVMF_CODE.fd,readonly=on \ 41 | -drive file=$VDD_IMAGE,if=none,id=disk0,format=qcow2 \ 42 | -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=true \ 43 | -device scsi-hd,drive=disk0 \ 44 | -device virtio-net-pci,disable-legacy=on,iommu_platform=true,netdev=vmnic,romfile= \ 45 | -netdev user,id=vmnic,hostfwd=tcp::$FWDPORT-:22 \ 46 | -device pcie-root-port,id=pci.1,bus=pcie.0 \ 47 | -device vfio-pci,host=$NVIDIA_GPU,bus=pci.1 \ 48 | -fw_cfg name=opt/ovmf/X-PciMmio64Mb,string=262144 49 | 50 | -------------------------------------------------------------------------------- /host_tools/sample_kvm_scripts/prepare_vm.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 | # 4 | AMD_SEV_DIR=/shared/AMDSEV/snp-release-2023-07-19 5 | VDD_IMAGE=/shared/nvtrust/host_tools/sample_kvm_scripts/images/ubuntu22.04.qcow2 6 | ISO=/shared/nvtrust/host_tools/sample_kvm_scripts/isos/ubuntu-22.04.2-live-server-amd64.iso 7 | FWDPORT=9899 8 | 9 | $AMD_SEV_DIR/usr/local/bin/qemu-system-x86_64 \ 10 | -enable-kvm -nographic -no-reboot -cpu EPYC-v4 -machine q35 \ 11 | -smp 12,maxcpus=31 -m 64G,slots=5,maxmem=120G \ 12 | -drive if=pflash,format=raw,unit=0,file=$AMD_SEV_DIR/usr/local/share/qemu/OVMF_CODE.fd,readonly=on \ 13 | -drive file=$VDD_IMAGE,if=none,id=disk0,format=qcow2 \ 14 | -device virtio-scsi-pci,id=scsi0,disable-legacy=on,iommu_platform=true \ 15 | -device scsi-hd,drive=disk0 \ 16 | -device virtio-net-pci,disable-legacy=on,iommu_platform=true,netdev=vmnic,romfile= \ 17 | -netdev user,id=vmnic,hostfwd=tcp::$FWDPORT-:22 \ 18 | -cdrom $ISO 19 | -------------------------------------------------------------------------------- /infrastructure/README.md: -------------------------------------------------------------------------------- 1 | # Infrastructure Source Code 2 | This folder contains a patch subfolder for code which is considered "infrastructure" in Confidential Computing uses. These may include: 3 | * The Linux Kernel 4 | * Hypervisors such as KVM 5 | * Bootloaders such as OVMF 6 | -------------------------------------------------------------------------------- /infrastructure/patches/linux/README.md: -------------------------------------------------------------------------------- 1 | ## Linux Source for NVIDIA Confidential Compute 2 | Code forked from [https://github.com/AMDESE/linux/tree/sev-snp-iommu-avic_5.19-rc6_v4](https://github.https://github.com/AMDESE/linux/tree/sev-snp-iommu-avic_5.19-rc6_v4) 3 | 4 | ## Patches: 5 | ### Used to fix [https://github.com/AMDESE/AMDSEV/issues/109](https://github.com/AMDESE/AMDSEV/issues/109) 6 | - iommu_pagefault.patch 7 | - iommu_pagesize.patch 8 | -------------------------------------------------------------------------------- /infrastructure/patches/linux/iommu_pagefault.patch: -------------------------------------------------------------------------------- 1 | diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c 2 | index 59f9607b34bc..171cb4bc48a0 100644 3 | --- a/drivers/iommu/amd/iommu.c 4 | +++ b/drivers/iommu/amd/iommu.c 5 | @@ -672,7 +672,8 @@ static void iommu_print_event(struct amd_iommu *iommu, void *__evt) 6 | event[0], event[1], event[2], event[3]); 7 | } 8 | 9 | - memset(__evt, 0, 4 * sizeof(u32)); 10 | + if (!amd_iommu_snp_en) 11 | + memset(__evt, 0, 4 * sizeof(u32)); 12 | } 13 | 14 | static void iommu_poll_events(struct amd_iommu *iommu) 15 | @@ -744,7 +745,8 @@ static void iommu_poll_ppr_log(struct amd_iommu *iommu) 16 | * To detect the hardware bug we need to clear the entry 17 | * back to zero. 18 | */ 19 | - raw[0] = raw[1] = 0UL; 20 | + if (!amd_iommu_snp_en) 21 | + raw[0] = raw[1] = 0UL; 22 | 23 | /* Update head pointer of hardware ring-buffer */ 24 | head = (head + PPR_ENTRY_SIZE) % PPR_LOG_SIZE; 25 | -------------------------------------------------------------------------------- /infrastructure/patches/linux/iommu_pagesize.patch: -------------------------------------------------------------------------------- 1 | diff --git a/drivers/iommu/amd/amd_iommu_types.h b/drivers/iommu/amd/amd_iommu_types.h 2 | index 5b1019dab328..2fb9a259d549 100644 3 | --- a/drivers/iommu/amd/amd_iommu_types.h 4 | +++ b/drivers/iommu/amd/amd_iommu_types.h 5 | @@ -275,7 +275,8 @@ 6 | * 7 | * 512GB Pages are not supported due to a hardware bug 8 | */ 9 | -#define AMD_IOMMU_PGSIZES ((~0xFFFUL) & ~(2ULL << 38)) 10 | +//#define AMD_IOMMU_PGSIZES ((~0xFFFUL) & ~(2ULL << 38)) 11 | +#define AMD_IOMMU_PGSIZES (PAGE_SIZE) 12 | 13 | /* Bit value definition for dte irq remapping fields*/ 14 | #define DTE_IRQ_PHYS_ADDR_MASK (((1ULL << 45)-1) << 6) 15 | --------------------------------------------------------------------------------