Attestation Troubleshooting Guide - Common#
Note: This guide applies to both the Python and C++ SDKs.
Introduction#
The attestation verifier tool and SDK are used to verify the authenticity, integrity, validity, and correctness of attestation reports generated by GPU operating in Confidential Computing mode. This document describes the possible error scenarios that may occur when using the attestation verifier tool. The document also provides some suggestions on how to handle or avoid these errors.
Common Error Scenarios#
This section outlines the main classes of errors that might happen when verifying attestation for Confidential Computing workload. Please see the following sections for a complete list of all possible errors.
Invalid or corrupted attestation report: These errors occur when the attestation report is not well-formed, in unsupported format, has missed or incorrect fields, or has been tampered with. The verifier tool and SDK will reject such reports and return an error code indicating the reason for the failure. To avoid this error, the user should ensure that the attestation report is generated by a properly configured Nvidia GPU and/or transmitted securely to remote services.
Failed RIM Lookup: These errors happen when RIM lookup cannot find a match for a driver version or VBIOS version. This might be because Confidential Computing does not support the versions of driver and VBIOS being used. Users should check the NVIDIA H100 GPU Confidential Computing guide to see the supported versions. If the problem still occurs, user should not use the versions that fail and report the issue to NVIDIA and the machine owner.
Invalid or corrupted reference integrity measurements (RIM): These errors occur when driver RIM or VBIOS RIM is not available, not well-formed, in unsupported format, has missed or incorrect fields, or has been tampered with. To avoid this error, the user should ensure correct VBIOS, and driver versions are installed in the GPU and should ensure RIM is not corrupted/tampered during transit.
Expired or invalid certificate: These errors occur when either the certificates in the certificate chain of RIM or device are expired or not valid for attestation purposes. Attestation SDK and the local verifier tool use X.509 standards to validate the certificates and check their validity period and extensions. If a RIM for VBIOS or driver has an expired or invalid certificate, user should update to a newer version with valid certificates and if a device has an expired or invalid certificate, user should find a replacement.
Attestation verification error: This error happens when one or more measurements in an attestation report do not match with the reference values from driver and VBIOS RIMs. This could be because of incorrect settings of the device, altered device, altered software, or harmful activity in the device. On encountering this error, user must reset their device, reload the driver, and run the attestation verification again. If the problem still remains, user is advised to stop using the device/software and report to the machine owner.
Runtime API errors: These are errors that happen on the local machine when getting attestation reports, certificate chains, or basic GPU & Software information. This could be because of a software flaw or because of runtime disruptions. User should reboot the VM instance and try again. If the problem still remains, user should report the error to NVIDIA.
Network or communication error: This error occurs when the verifier tool and SDK encounter a network or communication problem when receiving or sending the attestation report or related data. The verifier tool and SDK will try to retry or recover from the network or communication error. However, if the error persists, the verifier tool and SDK will abort the verification process and return an error code indicating the reason for the failure. To avoid this error, the user should ensure that the network and communication channels are reliable and stable.
Support#
For support, contact us at attestation-support@nvidia.com