README.md

NVIDIA GPU Attestation Guide

This guide provides a comprehensive overview of NVIDIA GPU Attestation and outlines the steps to implement it in your environment.

Table of Contents

• NVIDIA GPU Attestation Guide
  • Table of Contents
  • Pre-requisites
  • Attestation Using SDK - A Primer
  • Quick Start
  • NVIDIA Attestation Service Integration Options
    • Option 1: NVIDIA-Managed Attestation (Most Secure)
    • Option 2: Hybrid Attestation
    • Option 3: Customer-Managed Attestation
  • Comparison of Options
  • License
• Support

Pre-requisites

1. Install Attestation SDK using this guide. This in turn installs Local GPU Verifier.
2. [Optional] Review the NVIDIA NGC Status Page to ensure NVIDIA Remote Attestation Service (NRAS), RIM Service, and OCSP Service are functional.

Attestation Using SDK - A Primer

Attestation using the SDK involves three main steps:

1. Add a verifier

   client = attestation.Attestation()
   client.add_verifier(attestation.Devices.GPU, attestation.Environment.REMOTE, NRAS_URL, "")

2. Get GPU Evidence

   evidence_list = client.get_evidence()

3. Perform Attestation and optionally validate results using a JSON-based Relying Party policy

   client.validate_token(JSON_POLICY)

Quick Start

1. Navigate to the nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware directory.

   cd nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware

2. Run RemoteGPUTest.py or LocalGPUTest.py

   python LocalGPUTest.py
   # or
   python RemoteGPUTest.py

NVIDIA Attestation Service Integration Options

Option 1: NVIDIA-Managed Attestation (Most Secure)

This model offers the highest level of security and operational simplicity, leveraging NVIDIA's cloud-based attestation services for comprehensive verification.

Key Components:

• Local GPU Verifier: Collects evidence from the GPU
• NVIDIA Cloud Services: Remote Attestation, RIM, and OCSP services

Example:

# Code snippet from nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest.py
#
client = attestation.Attestation()
client.add_verifier(attestation.Devices.GPU, attestation.Environment.REMOTE, NRAS_URL, "")
evidence_list = client.get_evidence()
client.attest(evidence_list)

Option 2: Hybrid Attestation

This model balances local control with cloud-based support, allowing for local comparison & verification of values while still utilizing NVIDIA cloud services.

Key Components:

• Local GPU Verifier: Handles both evidence collection and verification
• NVIDIA Cloud Services: NVIDIA RIM and OCSP services

Example:

# Code snippet from nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest.py
#
client = attestation.Attestation()
client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "", OCSP_URL, RIM_URL)
evidence_list = client.get_evidence()
client.attest(evidence_list)

Option 3: Customer-Managed Attestation

NVIDIA also offers Trust Outpost, a comprehensive GPU attestation solution for end-to-end GPU attestation designed for high-scale deployments and organizations needing enhanced local control. This on-premises implementation efficiently caches RIM and OCSP data, ideal for environments with strict data sovereignty or air-gapped systems. Access requires appropriate agreements with NVIDIA - please contact [email protected] to request participation in the program.

Comparison of Options

Feature	Cloud-Managed	Hybrid	Trust Outpost
Security Level	Highest	High	High
Operational Complexity	Lowest	Moderate	Highest
Local Control	Lowest	Moderate	Highest
Cloud Dependency	Highest	Moderate	Lowest
Best For	Maximum security and simplicity	Balanced approach	Strict control requirements

License

This project is licensed under the Apache License 2.0.

Support

For issues or questions, please file a bug. For additional support, contact us at [email protected]