Architecture

High-Level Architecture Diagram

The PPCIE verifier is a tool designed to verify the security of the multi-GPU system by attesting to the integrity of its GPUs and NVSwitches. The attestation SDK is used to gather evidence for each device, with further attestation performed either locally or remotely, as specified by the user when running the PPCIE Verifier tool.

After collecting attestation results for each device, the Attestation SDK validates these results against a Rego policy to confirm that all claims are legitimate. Following attestation and policy evaluation, the PPCIE verifier conducts a final topology check to verify that the devices are securely connected to the expected configuration. The final attestation results are then presented to the user, detailing the checks performed.

Detailed Architecture Flow

1. The PPCIE Verifier tool is initiated by the user, who specifies the verifier (“local” or “remote”) that applies to both GPUs and NVSwitches.

2. The system components are enumerated (number of GPUs and NvSwitches).

3. Pre-checks are performed on each GPU to ensure it is configured for confidential computing.

4. Pre-checks are performed on each NvSwitch to ensure it is configured for confidential computing.

5. The required GPU evidence is either collected from the device via the Attestation SDK or loaded from a user-provided evidence file.

6. Once the evidence is collected, the PPCIE Verifier tool initiates attestation based on the verifier specified by the user.

7. GPU attestation is initiated by the Attestation SDK: the Local GPU Verifier is used for local attestation, while NRAS (NVIDIA’s Remote Attestation Service) is used for remote attestation.

8. The Attestation SDK provides GPU attestation results to the PPCIE Verifier.

9. If the GPU attestation is successful, the PPCIE Verifier obtains NvSwitch evidence either by collecting from the devices via the Attestation SDK or by loading a user-provided evidence file.

10. Once all NvSwitch evidence is obtained, the PPCIE Verifier initiates attestation.

11. NvSwitch attestation is performed by the Attestation SDK: the Local Switch Verifier is used for local attestation, while NRAS is used for remote attestation.

12. The Attestation SDK provides NvSwitch attestation results to the PPCIE Verifier.

13. If the NvSwitch attestation is successful, the PPCIE Verifier performs a topology check to ensure the devices are securely connected in the expected configuration.

14. The PPCIE Verifier determines the overall results and updates the status for each check it performs.

15. The GPU ready state is set.

16. The final attestation results are presented to the user, detailing the checks performed and the status of each device in the system.